Executive Director, Privacy Officer
Arvinas is a clinical-stage biotechnology company leading the way in targeted protein degradation therapeutics. Arvinas is the first company to focus solely on protein degradation and its platform technology is the most advanced in the field. Since its founding in 2013, Arvinas’ PROTAC® Discovery Engine has been driving the most significant breakthroughs in the industry. Arvinas’ pipeline encompasses a range of validated and undruggable targets in oncology, immuno-oncology, and neuroscience. This includes three clinical-stage programs: bavdegalutamide (ARV-110) and ARV-766, which are being developed as potential treatments for men with late-line metastatic castrate-resistant prostate cancer, and ARV-471, which is being co-developed and commercialized by Arvinas and Pfizer as a potential treatment for patients with breast cancer.
#TeamArvinas is made up of more than 400 passionate and curious employees, whose diverse thoughts and perspectives are highly valued. Arvinas employees embrace the freedom to pursue innovation, think creatively, and give back. They are driven by the company’s values and mission – to improve the lives of patients with serious diseases by pioneering therapies created with our revolutionary PROTAC® protein degradation platform. We’re really excited about the work we’re doing inside and outside of Arvinas, and think you will be, too. But don’t just take our word for it – learn more about life at Arvinas and what employees have to say. For more information, please visit www.arvinas.com.
Arvinas has an outstanding opportunity for a Senior Director Privacy Officer who will oversee and manage its privacy compliance programs. The ideal candidate will have excellent interpersonal and presentation skills, with demonstrated ability to work well and communicate effectively with peers, all levels of management, and external resources in a virtual team environment. The Privacy Officer role is business focused and solution-oriented and requires the ability to understand and differentiate approaches to complex compliance and legal matters.
Reporting to the General Counsel, the Privacy Officer will be responsible for the development, implementation, oversight, and continuous improvement of Arvinas' privacy and data protection programs including, but not limited to creating policies and procedures, risk assessments, internal compliance auditing, program training, and metrics.
This position can be located at our headquarters in New Haven, CT or work remotely from a location within the U.S.
- Utilize Privacy by Design principles to grow and manage a global privacy compliance program at Arvinas to address privacy risks and create guidance that ensures Arvinas’ privacy programs meet all applicable legal obligations.
- Develop, promote, oversee, and maintain Arvinas' privacy related policies, procedures and related documentation, including those needed to effectively respond to privacy incidents and privacy breaches (such as investigation of, and response to, those events and appropriate notification of clients, affected individuals and government agencies).
- Perform periodic risk assessments and conduct related ongoing compliance monitoring activities to evaluate the potential risks associated with privacy-related policies, procedures, and practices.
- Assist with negotiation of wide array of vendor and clinical trial agreements and Informed Consent documents related to data privacy and advise on the regulatory implications of Arvinas’ services.
- Participate in the development, implementation, and ongoing compliance monitoring framework for vendors, including for vendor compliance with privacy and data security- related policies and legal requirements.
- Address potential privacy concerns and communicate the strategic priorities for personal data protection while working closely with the leadership and project teams to design and implement new solutions.
- Initiate, facilitate, and promote activities to foster a company-wide culture of information privacy awareness and compliance.
- Develop and deliver, or ensure delivery of, privacy and related trainings to all employees, contractors, and other appropriate third parties.
- Keep abreast of the evolving global privacy landscape and create awareness of new legislation and provide practical advice, including to senior management and board members, of its implications and impact on ongoing or planned business activities related to the pharmaceutical / biotechnology industry.
- Review, evaluate, investigate, and resolve privacy or data security compliance issues.
- Assist in responding to government or other third-party audit or investigative requests.
· 12+ years’ experience working and advising within the pharma or biotech industry; 8 years of progressively advancing experience in compliance, privacy and data protection.
· Knowledge of the U.S. federal and state data protection and privacy laws, including HIPAA; knowledge of compliance management; knowledge of business practices that involve the collection, use and processing of Personally Identifiable Information (PII) or Protected Health Information (PHI).
· Foundational legal training at a law firm and in-house experience with a pharmaceutical/biotechnology company preferred.
· Demonstrated knowledge and experience in the following:
o U.S. and international/global privacy laws (e.g., CCPA, GDPR, and HIPAA).
o Monitoring developments in laws, communicating changes, and applying them to the business.
o Advising executives on a variety of legal matters, including in coordination with external counsel.
o Drafting and implementing policies and procedures including creating and administering rules and policies related to PII.
o Quantifying risk and weighing risk against desirable business outcomes and proposing risk-based approaches to compliance.
o Operationalizing compliance within companies, including implementing within Information Technology, Clinical Operations, Commercial Operations, and other functional teams.
o Supporting a global business, including advising technical/R&D, product, sales and marketing teams on diverse matters across geographies.
o Recruiting and building effective data privacy teams.
· Solution-orientated; strong intellectual and problem-solving capabilities.
· Adept at navigating conflicts and competing objectives.
· The ability to think strategically while facilitating discussions related to security, privacy, and related business risk, prioritize tasks with highest risk and produce deliverables.
· The ability to both frame questions and facilitate discussions, as well as to participate in them. As a facilitator of discussions, the ideal candidate can support productive discussions, allowing all factors to be weighed. As a participant, the individual communicates security, privacy, and related business risk. The individual can clearly specify when acting as a facilitator or when advocating for a specific outcome.
· The ability to explain privacy, security, and related business concepts to all audiences.
· The ability to prioritize tasks, focusing on those with the highest risk.
· U.S. or foreign legal credentials (J.D., LL.M., LL.B., European or other legal degree).
· IAPP privacy certification (CIPP/US, CIPM, etc.) is strongly preferred.
Arvinas is proud to offer a competitive package of base and incentive compensation as well as a comprehensive benefits program designed to support the health, wellness and financial security of our employees and their families. Benefits include group medical, vision and dental coverage, group and supplemental life insurance, and much more. To learn more about Arvinas, please visit www.arvinas.com
Arvinas is an Equal Opportunity Employer