Your responsibilities will include:
Advising business teams on the applicability and impact of various regional, federal, and state privacy frameworks, laws, and regulations that may have differential impact based on whether they operate as a medical device provider, healthcare provider, controller, processor, covered entity, business associate, or hybrid entity
Managing outside counsel to support global business goals and ensure compliance with applicable privacy and security laws and regulations
Fostering company compliance with global privacy and data protection laws and regulations as well as privacy and information security best practices and standards
Providing legal counsel and support in business development activities, including conducting due diligence, advising on privacy and data protection issues, facilitating transfer of legal responsibilities, assisting and advising on product development related issues as they arise, and directing outside counsel in assisting the company with issues as needed
Identifying, implementing, maintaining, and updating privacy policies, procedures, training, and educational materials in coordination with colleagues and cross-functional departments and business units, particularly Global IT and Cybersecurity, Legal and Compliance, Global Security, Global Quality, business units, and Human Resources
Interacting with program and product management across Boston Scientific to provide direction and guidance on company-wide privacy and information security projects
Assisting with the processes for receiving, managing, and appropriately responding to potential and actual security/privacy breach incidents, complaints related to privacy and security issues, and government authorities’ inquiries into the company’s privacy policies and procedures
Coordinating privacy impact assessments, audits, and implementation of recommendations resulting from same
Reviewing privacy and information security implications of proposed business changes, including mergers and acquisitions, marketing, and outsourcing activities
Reviewing and advising business on data protection requirements in contracts in a variety of areas, including IT cloud service, application development, distributor data handling, consulting, non-disclosure, research, data use, clinical, business acquisitions and mergers, and other areas as needed to ensure business interests are protected
Structuring, negotiating, and drafting privacy, data protection, and business associate agreements and assisting business and commercial counsel in reviewing data protection sections of software license agreements, master services agreements, professional services agreements, SOWs, and other types of commercial agreements
Assisting in implementing and maintaining data mapping and third-party/vendor data management and compliance
Remaining current on privacy and data protection developments, new legislation/regulations, and competitive benchmarking applicable to global medical device and healthcare organizations
Required qualifications:
J.D. from an accredited university with admission to practice law in at least one state
Understanding of HIPAA, state consumer privacy laws, My Health My Data laws, and other applicable U.S. privacy and data protection laws and regulations, and of GDPR
Advanced proficiency in the independent review of complex privacy agreements and strong contract drafting and negotiation skills
Minimum of 5 years of related legal work experience advising on global privacy and data protection frameworks applicable to medical device and healthcare clients, ideally as in-house counsel
Preferred qualifications:
Certification in one or more of the following:
International Association of Privacy Professionals certification
Certified in Healthcare Privacy Compliance (CHPC) by the Health Care Compliance Association
Knowledge of industry standards affecting privacy and information security, such as NIST and ISO 27001/27002; privacy and/or security professional certifications (e.g., CIPP)
Experience advising medical device, pharmaceutical industry, and/or health care provider clients
Previous experience providing strategic guidance on global privacy and data protection laws and supporting global projects by advising on privacy requirements, risk mitigation strategies, and data governance best practices
Understanding of LGPD, PIPEDA, PIPL, PIPA, and similar global statutory frameworks
Familiarity with the legal and compliance implications of IT service management, customer relationship management, and cloud-based systems, including experience with negotiation of related data protection agreements
Understanding of responsible AI and data governance principles, with the ability to provide legal guidance on fairness, accountability, transparency, and ethical deployment of AI technologies within healthcare and medical device contexts
Strong communication, presentation, interpersonal, and project management skills
Ability to work independently and drive results
Proactive attitude and approach towards continuous improvement
Dedicated commitment to the highest standards of quality, integrity, ethics, and profession
Compensation fornon-exempt (hourly), non-sales rolesmay also include variable compensation from time to time (e.g., any overtime and shift differential) and annual bonus target (subject to plan eligibility and other requirements).
Compensation forexempt, non-sales rolesmay also include variable compensation, i.e., annual bonus target and long-term incentives (subject to plan eligibility and other requirements).
For MA positions:It is unlawful to require or administer a lie detector test for employment. Violators are subject to criminal penalties and civil liability.
Please be advised that certain US based positions, including without limitation field sales and service positions that call on hospitals and/or health care centers, require acceptable proof of COVID-19 vaccination status. Candidates will be notified during the interview and selection process if the role(s) for which they have applied require proof of vaccination as a condition of employment. Boston Scientific continues to evaluate its policies and protocols regarding the COVID-19 vaccine and will comply with all applicable state and federal law and healthcare credentialing requirements. As employees of the Company, you will be expected to meet the ongoing requirements for your roles, including any new requirements, should the Company’s policies or protocols change with regard to COVID-19 vaccination.
משרות נוספות שיכולות לעניין אותך