Director, Privacy - Global

GROW WITH US:

Tandem Diabetes Care creates new possibilities for people living with diabetes, their loved ones, and their healthcare providers through a positively different experience. We’d love for you to team up with us to “innovate every day,” put “people first,” and take a “no-shortcuts” approach that has propelled us to become a leader in the diabetes technology industry. Tandem is always looking to add talent that can help us manage our interests globally.

STAY AWESOME:

Tandem Diabetes Care is proud to manufacture and sell the Tandem Mobi system and t:slim X2 insulin pump with -IQ technology — an advanced predictive algorithm that automates insulin delivery.

But we’re so much more than that. Our company’s human-centered approach to design, development, and support delivers innovative products and services for people who use insulin. Because many of our own team members live with type 1 diabetes, or have a loved one impacted by diabetes, the work is personal, and we are committed to the cause. Learn more attandemdiabetes.com

A DAY IN THE LIFE:

The Director, Privacy – Global partners with a cross-functional team to ensure Tandem’s compliance with applicable data privacy laws and regulations outside of North America. The position provides legal and operational advice and guidance regarding Global privacy and security matters. The Director, Privacy – Global delivers pragmatic solutions for privacy compliance in day-to-day operations, as well as product development and design, and is responsible for continuously advancing Tandem’s overall privacy and data protection program. This role works closely with other departments within the company to advise on a wide range of privacy and security issues implicated in the development, commercialization, and ongoing support of diverse customer types using Tandem products that range from hardware with embedded software, to a suite of connected digital health products.

Working as The Director, Privacy - Global, you'll...

Privacy Program Development & Maintenance

• Direct, develop, guide, and continuously improve the effectiveness of Tandem’s global privacy compliance program to meet regulatory, legal and company privacy obligations.
• Develop and maintain internal and external privacy notices, policies, procedures, and guidance documentation.
• Conduct privacy and data protection impact assessments of programs, systems, products, and services.
• Maintain data inventories and records to track Tandem’s processing (e.g., collection, use and disclosure) of personal information.
• Oversee processes for reviewing and responding to individuals’ data-related requests.
• Partner with Cyber Security and Information Technology to establish metrics measuring effectiveness of privacy and cybersecurity compliance initiatives and controls, tracks and reports on compliance to Vice President, Privacy and senior leadership.
• Develop and maintain practical incident response policies and procedures and investigates and directs the company’s response to any privacy/security incidents in partnership with the Cyber Security team.
• Investigate and direct the company’s response to any inquiries and complaints received about privacy/security in partnership with the Cyber Security Team.
• Support internal and external risk assessment and audit processes; consult with external resources to assess, measure, and manage risk as needed.
• Assist in evaluating available cyber insurance products.
• Establish strong working relationships with key business leaders and play a key role in raising awareness of privacy issues and communicating the strategic priorities for personal data protection.
• Represent the Privacy function on project teams related to privacy compliance.
• Advise the Vice President, Privacy and senior leadership on external industry developments, recommend potential responses, policy changes, and solutions.

Privacy by Design

• Proactively support new and evolving business models, initiatives, technologies, and growth strategies, including development of new products, and partnership and collaboration efforts.
• Identify and assess global privacy and security requirements of commercial product offerings, including medical devices and all related software, cloud services, mobile apps, web applications, and portals accessible by end users, healthcare providers, and distribution partners.
• Develop standards, guidance, and procedures to ensure data privacy compliance requirements and recommendations are addressed throughout product and information lifecycles.
• Assist with reviewing, drafting and/or negotiating privacy-related agreements, including Data Processing Agreements, Standard Contractual Clauses, and various consents.
• Assist with reviewing, drafting and/or negotiating data protection, privacy and cyber security terms within general company agreements.

Laws and Regulations

• Maintain awareness of emerging laws, regulations, enforcement activity, and trends and developments in industry best practices related to global data privacy.
• Communicate legal and regulatory privacy requirements to business partners.
• Create and deliver regular communications and trainings to key functional areas in order to ensure awareness of global data protection and privacy requirements, as well as internal processes and practices.
• Develop deep understanding of company processes and partner with members of Legal, Information Technology, Cyber Security, and other business stakeholders to identify and mitigate privacy compliance risks.

General Department Administration

• Work closely with Privacy and Legal team members and internal business stakeholders to develop and improve internal processes that will support the overall growth and scaling of the Privacy department.
• Supervise, guide, and/or work closely with Privacy and Legal team members.
• Interact with business partners, healthcare organizations, health insurers, distributors and service providers regarding data privacy and data protection related matters.
• Function independently and deliver results with minimum supervision.
• Maintain the confidentiality of Privacy and Legal Department communications and documentation.
• Ensure work is performed in compliance with company policies and applicable laws including the GDPR and other regulatory, legal, and safety requirements.

WHAT YOU’LL NEED:

• In-depth knowledge of privacy and data protection laws, including the GDPR and other global data protection and security regulations, , and additional regionally applicable laws and regulations. Knowledge of PIPEDA and HIPAA is preferred.
• Demonstrated operational experience translating legal and regulatory requirements into a comprehensive privacy program that utilizes practical processes and practices for global systems, services, and operations.
• Understanding of business and privacy sensitivities of healthcare organizations.
• Technical and clinical understanding of medical device data management, including restrictions on processing, deidentification, and the use of artificial intelligence to analyze raw data.
• Knowledge of, and working experience with, appropriate responses to privacy and security incidents and breach events, including interactions with relevant supervisory authorities and regulators.
• Experience reviewing, drafting, and negotiating privacy and data processing and transfer agreements, business associate agreements and, information security and privacy provisions in general agreements, including technology services agreements.
• Experience advising clients with heavy direct-to-consumer contact through multiple channels of communication (phone, email, text, web).
• Experience advising clients with website, mobile app and digital advertising compliance.
• Ability to identify privacy compliance issues and resolve them through both internal and external research.
• Ability to operate independently and develop and implement strategies to maximize the efficiency and effectiveness of the global legal function.
• High level of integrity supported by sound judgment and ethics.
• Effective verbal and written communication and presentation styles to interact with diverse audiences, including outside attorneys, senior management and business associates.
• Technical understanding of IT infrastructure, web-based software and mobile Apps and ability to work with IT, cyber security, and engineering teams in applying privacy-by-design principles.
• Ability to handle complex matters, across multiple simultaneous initiatives that require discretion, confidentiality, and prioritization.
• Demonstrated experience in a leadership-level (Director or above) privacy position, at a large health care company.
• Strong, direct people management experience.
• Strong focus on business partnering and solutioning and ability to operate effectively in a matrixed structure.
• Experience managing outside counsel and consultants.

EXTRA AWESOME:

• Law degree and qualification as a solicitor or barrister in England or Wales or equivalent in a major European jurisdiction required.
• Privacy Certification such as CIPP/US/E preferred.
• 10 years of privacy legal and compliance experience, with minimum 5 of those years involving the practical privacy compliance aspects related to personal health information in Europe, the United Kingdom or Switzerland (e.g., conducting privacy assessments, drafting privacy notices and/or external privacy collateral, advising on privacy-by-design, developing internal policies and procedures, etc.).
• Business level ability (CEFR B2 and above) in a major European language desirable in addition to English (French or Spanish).

WHY YOU’LL LOVE WORKING HERE:

At Tandem, we believe joy fuels excellence. That's why we've built a workplace that celebrates your achievements and supports your well-being. Our team thrives on pushing boundaries and fostering growth, all while maintaining a spirit of fun and camaraderie. This is just one of the ways we stay awesome!

BE YOU, WITH US!

We embrace the value that every single one of us brings to the table. But sometimes we forget that when we don’t meet 100% of a job description’s criteria – maybe you’re feeling that way right now? We encourage you to apply anyway. Because we want you to be you, with us.

Tandem is firmly committed to being an equal opportunity employer and does not discriminate on the basis of age, disability, sex, race, religion or belief, gender identity or expression, marriage/civil partnership, pregnancy/maternity, or sexual orientation. We are an inclusive organization, and we welcome applications from a wide range of candidates. Selection for roles will be based on individual merit alone.

REFERRALS:

We love a good referral! If you know someone who would be a great fit for this position, please share!

SPONSORSHIP:

Applicants must be authorized to work for any employer in the United Kingdom. We are unable to sponsor or take over sponsorship of an employment Visa at this time.

Make a move that matters. Join Tandem Diabetes Care, where we're turning challenges into triumphs every day and where your talents will help shape a healthier, happier tomorrow.

#LI-Hybrid #LI-DL1