Compliance Manager (Privacy)

REPORTS TO:  Director, Ethics and Compliance

# DIRECT REPORTS: None

ABOUT THE FUNCTION

The Legal, Ethics & Compliance Department works to safeguard Novo Nordisk’s license to operate and to foster sustainable business conduct as Novo Nordisk Canada delivers life-changing therapies for the benefit of Canadian patients. The Department provides proactive, solutions-oriented guidance and support to help Novo Nordisk Canada achieve its strategic priorities in a sustainable manner. At Novo Nordisk, you will be part of a company respected equally for its financial results and its commitment to ethics and compliance. Are you ready to make a difference?

THE ROLE

The purpose of the job is to develop, operationalize and manage Novo Nordisk Canada’s Privacy Compliance Program to help ensure adherence to all applicable data privacy requirements (i.e., Canadian legislation and Novo Nordisk corporate requirements).

KEY AREAS OF RESPONSIBILITY

Program Management and Operationalization:

• Develop, implement, and manage the Privacy Compliance Program
• Manage the operational components of the Privacy Compliance Program, including the development and implementation of policies/guidance, training, communication, monitoring, investigations, privacy impact assessments, consent management, business process assessments, data transfer assessments and third-party assessments, etc.
• Ensure privacy risks are effectively identified, mitigated, or escalated, as necessary; collaborate with colleagues across relevant departments to share trends, insights and lessons learned to support risk management efforts, including, e.g., targeted monitoring and training opportunities
• Supporting line of business in applying “privacy by design” principles (including ensuring completion of data protection impact assessments, where appropriate) addressing training needs and providing guidance
• Champion a proactive and collaborative approach to privacy that is focused on partnership, prevention, and risk management with internal and external stakeholders
• Conduct monitoring, prepare for audits and facilitate implementation of corrective actions, solutions, and process enhancements
• Oversee incident response management and breach reporting; coordinate data subject access request responses across cross-functional teams
• Navigate and leverage relevant systems and technology to support the Privacy Compliance Program
• Collaborate with relevant Legal, Ethics & Compliance colleagues on privacy matters
• Maintain a functional knowledge of common IT security, vulnerability assessment and penetration tools
• Maintain familiarity with data classification schemes, document level security, metadata analysis and redaction, media sanitization and data loss prevention techniques and technologies
• Proactively collaborates with Global and Local IT Security Team to assist in the integration of privacy principles and requirements in the organization’s information security policies, procedures, and technical systems

Communication & Training:

• Create and develop clear and understandable content for all presentation and communication campaigns to drive organizational awareness and consistent messaging with employees, third parties, and customers, where appropriate
• Proactively communicate with various stakeholders regarding privacy risks, assumptions, issues, and dependencies, to ensure that that these are identified, mitigated, or escalated, as necessary
• Develop and deliver privacy training and raises awareness of the Privacy Compliance Program while fostering accountability for privacy compliance throughout the organization
• Work with the business teams and with Legal to ensure awareness of “best practices” on data protection issues and consult regularly with key stakeholders in the business

Oversight:

• Foster a continuous improvement mindset and propose enhancements to the Privacy Compliance Program informed by industry trends and best practices
• Maintain privacy subject matter expertise with knowledge related to compliance with industry standards and best practices, applicable provincial or territorial, federal, and international laws, and regulations
• Monitor changes in privacy laws and regulatory environment to ensure organizational awareness, adaptation, and compliance, as needed
• Participate in Compliance Committee and consult with Global and regional privacy offices to share best practices and ensure align on Program management approaches
• Proactively partner with line of business in the design and evaluation of new initiatives to ensure that business activities are developed with “privacy by design” principles

Other

• Assist with the implementation of ethics and compliance initiatives
• Collaborate with regional and global Ethics and Compliance units, as required
• Additional responsibilities as assigned

Key Compliance Accountabilities

• Maintain a sound understanding of relevant laws and regulations, industry code requirements, Novo Nordisk corporate and local requirements and evolving practices and risks
• Function as an enabler for the effective adoption, implementation, and integration of the Program throughout the organization
• Applicable provincial/territorial and federal privacy laws and regulations including PIPEDA and Quebec’s Law 25

Qualifications (Essential skills and abilities)

• General knowledge of, and familiarity with, Canadian privacy landscape, privacy frameworks (including privacy by design principles), and relevant global laws and regulations (e.g., GDPR)
• Operational experience in privacy, privacy risk management
• Ability to translate privacy compliance principles into actionable solutions for line of business
• Excellent written and verbal communication, interpersonal and organizational skills
• Exceptional knowledge and understanding of the pharmaceutical industry and relevant industry standards and requirements
• Demonstrated ability to build and maintain strong relationships and communicate effectively with multiple internal and external stakeholders
• Sound analytical and decision-making skills
• Excellent project management skills to oversee and drive execution of multiple projects
• Proficiency in French (preferred)

EDUCATION

Minimum

• A Bachelor 's degree in business, law, marketing, or related field

Preferred

• French language proficiency
• Master’s Degree
• Privacy certification (e.g., CIPP/C) (may be obtained within 6 months of hire)
• Ethics/Compliance certification
• Project management certification

EXPERIENCE

Minimum Requirements

• A minimum of 7 years combined compliance, legal, regulatory, and privacy experience in a pharmaceutical company, OR a minimum of 5 years of pharmaceutical experience accompanied by an advanced degree or certificate (MBA, LLB, PMP, etc.)

Preferred

• 3-5 years progressive privacy experience in in life sciences/ healthcare
• 2-4 years compliance experience
• Extensive knowledge of Canadian privacy landscape
• Project management

WORKING CONDITIONS:

• Head office based
• 10-20% overnight travel (nationally and internationally) as required

APPLICATION DEADLINE: 24 February 2024

If you are interested in applying to Novo Nordisk and need special assistance or an accommodation to apply, please email us at cami-hr@novonordisk.com

We commit to an inclusive recruitment process and equality of opportunity for all our job applicants. 

At Novo Nordisk we recognize that it is no longer good enough to aspire to be the best company in the world. We need to aspire to be the best company for the world and we know that this is only possible with talented employees with diverse perspectives, backgrounds and cultures. We are therefore committed to creating an inclusive culture that celebrates the diversity of our employees, the patients we serve and communities we operate in. Together, we’re life changing.