Head of Data Privacy / Regional Director Data Privacy

Head of Data Privacy / Regional Director Data Privacy

Requirements

• 10+ years of relevant work experience, including hands-on management and proven contribution at both strategic and operational levels.
• Deep understanding of complex data privacy laws and principles, including HIPAA, GDPR, and CCPA.
• Expertise in triaging privacy-related questions and issue spotting.
• IAPP certification required.
• Excellent written, verbal, and social communication skills.
• Strong work ethic and sense of accountability and integrity.
• Solid team success orientation and ability to work both independently and collaboratively with diverse teams across the organization.
• Self-starter, with a demonstrated ability to identify issues, resolve problems and drive projects to completion.
• Demonstrated capacity to work independently.
• Trustworthy, positive, energetic, optimistic attitude with a willingness to work directly to achieve goals.
• A creative problem solver who is eager to learn about new ideas and concepts.

Responsibilities

• Act as primary subject matter expert and resource on issues related to data privacy.
• Provide guidance and training to internal teams on privacy matters that affect the company’s products, customers, and our customers’ patients.
• Lead the North America Privacy Program as part of the ZEISS Data Privacy Framework and work in conjunction with local Data Privacy Coordinators, legal and other relevant colleagues to review products, vendors, agreements, and initiatives, to advise on privacy/data security, consumer protection, patient privacy, and other related matters in accordance with HIPAA, CCPA, FTC principles, and other applicable international, federal, and state requirements.
• Support internal counsel in key privacy risk management activities including but not limited to: policy drafting and review, risk and control definition, coordination of recurring audit activities, and providing day-to-day ‘on-call’ support for high-priority privacy-related matters.
• Communicates detailed regulatory requirements to the businesses, the Information Security Office, Internal Audit, as well as other members of the Corporate Data Privacy Office.
• Primary point of contact and coordinator for internal and external data privacy inquiries concerning North America, e.g., ZEISS internal inquiries, customer-related inquiries, audit responses, or possible privacy-related disputes.
• Governance of incident response, issue management, and training content development and coordination with key stakeholders as necessary to effect forensic investigations, crisis management activities, notifications to affected individuals, interaction with customers or vendors, responding to federal and state regulatory inquiries and litigation-related inquiries.
• Serve as Data Privacy Coordinator for Carl Zeiss, Inc.

Preferred Qualifications

• JD from an accredited law school or similar degree preferred.