Data Privacy Manager
GRAIL is a healthcare company whose mission is to detect cancer early, when it can be cured. GRAIL is focused on alleviating the global burden of cancer by developing pioneering technology to detect and identify multiple deadly cancer types early. The company is using the power of next-generation sequencing, population-scale clinical studies, and state-of-the-art computer science and data science to enhance the scientific understanding of cancer biology, and to develop its multi-cancer early detection blood test. GRAIL is headquartered in Menlo Park, CA with locations in Washington, D.C., North Carolina, and the United Kingdom. It is supported by leading global investors and pharmaceutical, technology, and healthcare companies. For more information, please visit www.grail.com.
GRAIL is seeking a data privacy manager to support GRAIL’s data and information program. You would be responsible for managing GRAIL’s privacy activities, helping establish strategy and policy, monitoring, performing audits, and executing key data privacy initiatives. You would support GRAIL’s commitment to being a responsible steward of personal information. You would advise GRAIL on state, federal, and international privacy laws, regulations, guidance, initiatives, and policies that impact our products and business operations (e.g., CCPA, HIPAA, GDPR). As a member of GRAIL’s Privacy and Security Team, you would work on a variety of privacy and data security issues while partnering with multi-disciplinary groups across GRAIL.
You will be responsible for:
- Managing GRAIL’s global data privacy and data protection program
- Project manage and execute on the implementation of key privacy controls and business processes that are foundational to the company’s privacy strategy
- Help define, update, maintain, and strengthen privacy compliance program requirements within the global organization
- Develop program requirements, scope project initiatives, and estimate resource requirements to facilitate compliance with international privacy frameworks
- Consult and work with business teams to incorporate privacy into the design of new products and business verticals
- Develop and build strategic relationships with partners and business teams to collaborate on integrating privacy into product software development and business processes
- Support periodic review of applicable data protection policies in light of changes in laws, regulatory or organizational policy
- Identify corporate and product privacy risks and develop mitigation strategies
- Establish and administer a process for receiving, documenting, tracking, investigating, and remediating potential incidents, breaches, unauthorized disclosures, or exposures of health information
- Support process for vetting and reviewing vendors for compliance with data privacy and security policies and legal requirements
- Create privacy success metrics/criteria and monitor performance
- Navigate complex privacy matters, identify potential solutions and approaches, analyze costs and benefits, provide recommendations to senior leadership, implement recommendations, maintain effectiveness checks, and propose modifications as needed
Your qualifications and skills will include:
- 7+ years working in data privacy management
- JD or Master's Degree in Information Management or related field preferred
- Experience working in healthcare and/or life sciences companies
- Experience with state, federal, and international privacy laws (e.g., CCPA, HIPAA, GDPR)
- Experience partnering with a wide array of cross-functional stakeholders
- CIPP, CIPT, CIPM, CISSP, or similar certification
- Extensive analytical reasoning with the ability to navigate complex problems and provide resolution to senior leadership
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.