Description
At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at jnj.com.
As guided by Our Credo, Johnson & Johnson is responsible to our employees who work with us throughout the world. We provide an inclusive work environment where each person is considered as an individual. At Johnson & Johnson, we respect the diversity and dignity of our employees and recognize their merit.
Job Function:
Legal & ComplianceJob Sub Function:
Enterprise ComplianceJob Category:
People LeaderAll Job Posting Locations:
Little Island, Cork, IrelandJob Description:
DePuy Synthes is recruiting for a VP, Chief Privacy Officer, located in Raynham, MA, Raritan, NJ, Westchester, PA; Ireland or Switzerland.
Johnson & Johnson announced plans to separate our Orthopaedics business to establish a standalone orthopaedics company, operating as DePuy Synthes. The process of the planned separation is anticipated to be completed within 18 to 24 months, subject to legal requirements, including consultation with works councils and other employee representative bodies, as may be required, regulatory approvals and other customary conditions and approvals. Should you accept this position, it is anticipated that, following conclusion of the transaction, you would be an employee of DePuy Synthes, and your employment would be governed by DePuy Synthes employment processes, programs, policies, and benefit plans. In that case, details of any planned changes would be provided to you by DePuy Synthes at an appropriate time and subject to any necessary consultation processes.
Please note that this role is available across multiple countries and may be posted under different requisition numbers to comply with local requirements. While you are welcome to apply to any or all of the postings, we recommend focusing on the specific country(s) that align with your preferred location(s):
US- Requisition Number: R-074975
Switzerland - Requisition Number: R-077678
Remember, whether you apply to one or all of these requisition numbers, your applications will be considered as a single submission.
About DePuy Synthes
DePuy Synthes is a global leader in Orthopaedics, advancing patient care through innovative solutions across joint reconstruction, trauma, spine, sports medicine, and related surgical technologies. As DePuy Synthes separates from Johnson & Johnson to become the world’s largest, most comprehensive Orthopaedics-focused company, the organization is entering a defining chapter—establishing its own corporate identity, voice, culture, and reputation while continuing to serve patients, customers, and healthcare systems around the world.
The VP, Chief Privacy Officer (CPO) provides enterprise‑wide leadership for privacy strategy, governance, and compliance across DePuy Synthes. This role plays a critical part in protecting patient, customer, employee, and business data while enabling innovation and growth in a highly regulated global healthcare environment. The CPO partners closely with Legal, IT, Cybersecurity, R&D, Commercial, and Operations leaders to embed privacy‑by‑design principles into products, systems, marketing and other business processes. This is a high‑impact leadership role with direct influence on trust, reputation, and regulatory readiness as DePuy Synthes operates as a standalone company.
Key Responsibilities
• Set and execute the global privacy strategy, policies, and governance framework for DePuy Synthes.
• Ensure compliance with global privacy, data protection and cybersecurity laws and regulations (including, e.g., GDPR, U.S. state privacy laws, digital product standards and laws and other applicable international requirements).
• Serve as the primary executive leader for privacy risk management, including oversight of privacy impact assessments and mitigation plans.
• Partner with Legal, R&D, Cybersecurity, and Technology teams to integrate privacy‑by‑design and privacy‑by‑default into systems, products, and digital initiatives.
• Monitor new and proposed privacy laws and regulations and provide strategic guidance to senior leaders and the Board on privacy risks, trends, and regulatory developments.
• Lead and develop a global privacy organization, including talent development and succession planning, to operationalize privacy requirements and to promote a strong culture of privacy and data protection.
• Oversee privacy contracting practices to ensure compliance with applicable laws, guidelines and best practices.
• Direct the development and implementation of a company-wide privacy training program, including the institution and instruction of named privacy stewards in the relevant functions.
• Together with Cybersecurity, oversee privacy incident response, investigations, and support regulatory interactions as needed.
• Working together with Government Affairs, develop and maintain trusted relationships with data protection commissioners and government enforcement agencies and execute a strategy for impacting the evolving privacy laws affecting the company.
Qualifications:
Required:
• JD in the United States or in a European jurisdiction.
• 14+ years of progressive experience in privacy, data protection, cybersecurity, or related risk functions including in private practice or within a complex, global organization in a healthcare field (e.g., hospital system, medical device or medtech company, pharmaceutical industry).
• Demonstrated expertise interpreting and applying global privacy regulations in a regulated industry, including GDPR and the U.S. federal and state privacy laws, including HIPAA, and relevant FDCA regulations.
• Experience advising senior executives on privacy strategy and enterprise risk.
• Demonstrated ability to build, operationalize, and improve processes and high-performing teams.
• Proven ability to lead global, cross‑functional teams and influence without direct authority.
• Strong strategic thinking, judgment, and decision‑making capabilities.
Preferred:
• Prior experience supporting or managing a data incident management and response process, including data subject and regulatory enforcement agency notifications.
• Background partnering with information systems, cybersecurity, and digital technology teams.
• Experience supporting business transformation or operating‑model changes.
• Degree in Information Systems, Master of Business Administration or Master of Public Policy a plus.
Other:
• Travel: Up to 20%, domestic and international.
• Language: Fluency in English required; additional languages a plus.
• Certifications such as CIPP, CIPM, or equivalent preferred.
Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.
Johnson and Johnson is committed to providing an interview process that is inclusive of our applicants’ needs. If you are an individual with a disability and would like to request an accommodation, please email the Employee Health Support Center (ra-employeehealthsup@its.jnj.com) or contact AskGS to be directed to your accommodation resource.
For more information on how we support the whole health of our employees throughout their wellness, career and life journey, please visit www.careers.jnj.com.
#DePuySynthesCareers
The anticipated salary range is 145,000-266,570 EUR
In addition to base pay, we offer the following benefits*: an annual bonus with set target (% of pay) depending on pay grade / location, where the actual amount is based on the employees’ and companies’ performance of the previous calendar year, or sales commissions. Moreover, we offer vacation days, parental leave for a minimum of 12 weeks, bereavement leave, caregiver leave, volunteer leave, well-being reimbursement, programs for financial, physical and mental health. We also offer service anniversary and recognition awards, and subject to the terms of their respective plans, employees - and in some location’s eligible dependents - can participate in several insurance plans. For more information, visit Employee benefits | Supporting well-being & career growth | Johnson & Johnson Careers.
*This is for informative purposes only. Amounts and actual benefits may vary by location and are subject to change.
Required Skills:
Preferred Skills:
Audit and Compliance Trends, Compliance Frameworks, Compliance Management, Compliance Policies, Compliance Risk, Consulting, Controls Compliance, Corporate Compliance Helpline Administration, Developing Others, Fact-Based Decision Making, Inclusive Leadership, Leadership, Legal Function, Legal Services, Risk Management, Standard Operating Procedure (SOP), Tactical Planning