Company DescriptionAt Intuitive, we are united behind our mission: we believe that minimally invasive care is life-enhancing care. Through ingenuity and intelligent technology, we expand the potential of physicians to heal without constraints.
As a pioneer and market leader in robotic-assisted surgery, we strive to foster an inclusive and diverse team, committed to making a difference. For more than 25 years, we have worked with hospitals and care teams around the world to help solve some of healthcare's hardest challenges and advance what is possible.
Intuitive has been built by the efforts of great people from diverse backgrounds. We believe great ideas can come from anywhere. We strive to foster an inclusive culture built around diversity of thought and mutual respect. We lead with inclusion and empower our team members to do their best work as their most authentic selves.
Passionate people who want to make a difference drive our culture. Our team members are grounded in integrity, have a strong capacity to learn, the energy to get things done, and bring diverse, real world experiences to help us think in new ways. We actively invest in our team members to support their long-term growth so they can continue to advance our mission and achieve their highest potential.
Join a team committed to taking big leaps forward for a global community of healthcare professionals and their patients. Together, let's advance the world of minimally invasive care.
Primary Function of Position:
Joining Intuitive Surgical means joining a team dedicated to using technology to benefit patients by improving surgical efficacy and decreasing surgical invasiveness, with patient safety as our highest priority.
The Data Privacy Operations team is responsible for Global Data Privacy Operations and privacy-by-design. This team is the primary driver for the advancement of global privacy operations at Intuitive. The Sr. Director, Global Privacy Operations will be directly responsible for managing a team of privacy professionals; to execute against existing operations protocol, maintain Governance & Risk Compliance (GRC) tracking software, evolve and expand Privacy Operations coverage, and develop roadmaps for the evolution of the Privacy Operations program.
The ideal candidate for the position of Sr. Director, Global Privacy Operations will have proven experience working in data privacy & compliance, data mapping, privacy operations, mapping compliance requirements to actionable controls and tracking / assuring execution against the program requirements.
Role and Responsibilities:
- Responsible for global privacy operations compliance
- Participate as the co-owner of the joint privacy program with Privacy Legal, delivering upon key metrics development, reporting and analysis, compliance, incident management, and other duties as required
- Lead the company’s global privacy operations team, providing strategic and tactical privacy operations guidance to key internal business partners (e.g., Human Resources, Sales Operations and Marketing, Product Engineering, Cybersecurity, and others), stay informed of partner business processes, applications, projects, and technologies to ensure compliance with privacy regulations / embed privacy requirements and controls into projects, products, and services.
- Work as part of a broader privacy and cyber security team overseeing, reviewing, and guiding drafting/release of privacy and data security policies, notices, standards, controls, and other practices cross functionally as part of matrixed global business operations.
- Support commercial activities regarding upholding data privacy and data security contractual provisions to ensure the company complies with cross-border data transfer restrictions and data localization requirements with respect to both intra-company transfers and transfers to third parties.
- Play a key role to support the Incident Response Team in the review, coordination and management of potential privacy or data security incidents, including investigations, , and other resolution efforts.
- Responsible for internal and third-party audits for certification and compliance of the privacy and security programs
- Lead global projects and manage day-to-day project management functions and workflow, including budgeting, trainings and communications
- Develop presentation materials for communicating program progress and risk with senior executive leadership and the Board of Directors during both regular and ad hoc governance meetings; including preparing executive summaries, briefing decks, and written and oral updates
- Monitor the evolving privacy landscape and best practices in the area of functional privacy to help identify critical issues and practical compliance solutions
- Manages key relationships with business colleagues and management at various levels from the franchises, affiliates and global partners
- Drive privacy initiatives for the enterprise, as well as monitor adoption, impact and perception of the Privacy program’s efforts within each of the Business Units
- Work with various stakeholders to proactively identify and prioritize privacy strategy, governance and compliance needs
- Establishes strategic plan and priority for Privacy Operations in partnership with Privacy Legal
- Leads the successful, timely, and efficient execution of Data Privacy Operations actions including; Data Privacy Impact Analysis (DPIA), Data Subject Access Request (DSAR), Collaborative fulfillment of data requests from regulatory bodies as well as from internal personnel, Data privacy and HIPAA controls assessments, and other privacy specific requests
- Leads Privacy Engineering functions focused on supporting development of requirements for product design to support Privacy-by-design in the global context
- Ensures creation, management, and maintenance of Data Privacy policies and procedures (SOP, DOP, and WI)
- Ensures proper operation of the Privacy GRC platform, platform growth/extensibility, platform data integrity, and currency of procedural documentation
- Identifies and executes upon opportunities to improve our ability to measure and report upon privacy risk management
- Oversees Procedure validation and verification to ensure that procedures function as intended and are properly operationalized and trained
Skills, Experience, Education, & Training:
- Subject Matter Expert in Operations and Privacy Program Management
- Experience and understanding of data cataloging, data lineage and mapping, and privacy framework(s)/requirements
- Experience implementing, improving, and operating a GRC platform(s), OneTrust preferred
- Hands on experience and proven success in implementing controls and processes to address HIPAA, GDPR, and other requirements driven by privacy frameworks
- Ability to provide leadership and razor-sharp focus in a fast paced environment and within stressful situations
- Be concise and clear in communication
- A minimum 15+ years’ experience in a regulated industry with direct application of law, regulation, and compliance to operational activities
- A minimum 10+ years in IT / Information Security or Privacy roles, with 7+ years managing cross-functional teams
- Minimum Bachelors of Science degree in Information Technology, Business, or other relevant field
- Strong analytic skills
- Excellent judgment; proven ability to make difficult decisions with sound judgment and rationale
- Five or more years’ experience, within the medical device industry
- MS highly desirable along with demonstration of sophisticated and logical thought process
- Privacy and Security certifications(e.g. CIPP, CIPM, (H)CISSP, CISM)
- Travel: <10%
- Job location: Sunnyvale, CA,
Due to the nature of our business and the role, please note that Intuitive and/or your customer(s) may require that you show current proof of vaccination against certain diseases including COVID-19. Details can vary by role.
Intuitive is an Equal Employment Opportunity Employer. We provide equal employment opportunities to all qualified applicants and employees, and prohibit discrimination and harassment of any type, without regard to race, sex, pregnancy, sexual orientation, gender identity, national origin, color, age, religion, protected veteran or disability status, genetic information or any other status protected under federal, state, or local applicable laws.
We will consider for employment qualified applicants with arrest and conviction records in accordance with fair chance laws.
Preference will be given to qualified candidates who do not reside, or plan to reside, in Alabama, Arkansas, Delaware, Florida, Indiana, Iowa, Louisiana, Maryland, Mississippi, Missouri, Oklahoma, Pennsylvania, South Carolina, or Tennessee.
We provide market-competitive compensation packages, inclusive of base pay, incentives, benefits, and equity. It would not be typical for someone to be hired at the top end of range for the role, as actual pay will be determined based on several factors, including experience, skills, and qualifications. The target salary ranges are listed.
Base Salary Range Region 1: $224,000 - $336,000
Base Salary Range Region 2: $190,400 - $285,600
Travel: 10% of the time
Workplace Type: Purposeful Onsite - This job requires being onsite for leader-defined events and activities which could be monthly/annually. Onsite frequency may increase based on business need.