Overall Job Scope;
The Privacy Manager of the Johnson & Johnson Family of Companies in Thailand is responsible, at cross-sector level and for all Operating Companies of Johnson & Johnson in the country, for [i] developing and implementing the privacy program for all country local
J&J companies; [ii] identifying privacy risks; [iii] developing, maintaining and implementing privacy policies and procedures; [iv] providing orientation and regular specific trainings to J&J employees; [v] reviewing and advising the Business stakeholders
on projects involving collection of personal information; and [vi] establishing monitoring and controls to ensure that the conduct of Johnson & Johnson’s businesses and operations are compliant with applicable privacy laws and regulations and J&J privacy framework.
The role includes coordination of all activities related to implementation of and adherence to Johnson & Johnson privacy policies and applicable data protection laws and support the J&J Thailand business in Laos, Cambodia, and Myanmar (LCM) and, in accordance
with the Johnson & Johnson Privacy Framework.
The Privacy Manager may time to time to work on transverse projects involving South East Asia (SEA) markets. Also includes the responsibilities of the Data Protection Officer function and liaising with the local relevant government authorities for each of the
country J&J operating companies, as may be required and defined under applicable data privacy laws. Reports directly to the South East Asia (SEA) Lead of Global Privacy.
- Aligns with the management, key stakeholders and business owners and ensures compliance of the local Operating Companies to country applicable privacy laws and other applicable related laws and regulations as well as all applicable Johnson and Johnson privacy
and data protection policies and procedures.
- Identifies privacy risks and informs business owners and management of data privacy and protection related risks which may arise. Participates in the company’s Compliance Committee or similar or equivalent governance structure, to highlight privacy risks
and provide status updates on the Privacy Compliance Program. Advises all staff whose activities possibly put the company at risk and provides actionable solutions to remediate risks and issues.
- Ensures local oversight of Privacy Compliance Programs as implemented by the local operating companies. Helps the companies develop a culture and discipline of data privacy compliance. Advises and updates executive and senior management teams of significant
data privacy concerns.
- Reviews and handles privacy-related complaints and incidents and implements remediation in accordance with J&J’s procedures.
- Partners with the Information Security Officer to establish internal control systems that [i] prevent leakage, abuse, misuse or unauthorized use or processing of personal information and [ii] protect the confidentiality of personal information files.
- Collaborates with IT and ISRM on compliance assessments and internet compliance review process.
- Conducts training and orientation on personal information protection, including the company’s privacy framework, relevant sections of data privacy laws, notice and consent, data incident and breach, and data breach reporting.
- Increases awareness of the stakeholders (such as employees, business partners, third party vendors and service providers) of the company’s data protection policies and guidelines.
- Reviews and advises, when necessary, the Law Dept, Procurement team and other stakeholders about adequate privacy language in contracts with third party service providers amongst others.
- Liaises with and report to local Data Protection Authorities, where necessary.
- Serves as first point of contact for internal and external audits and inspections in respect of data privacy and protection or data privacy related complaints against the company.
- Builds and maintains knowledge about applicable laws and regulations and assesses impact of changes in laws to the Privacy Program.
- Actively engages with the Global Privacy Team and participates in transverse projects, ensure maximal alignment with global standards and practices.
- Master/Bachelor's degree in Laws or related fields
- Familiarity with the healthcare or pharmaceutical / medical device industry and its business processes
- 5 years to 8 years of experience as Lawyer, in house legal counsel or compliance officer preferred, privacy certification is a plus
- Functional understanding of applicable data privacy laws and regulations
- Significant experience with the roll out of (privacy) compliance programs and their management
- Ability to maintain the highest standards of quality, compliance and accountability when advising the business
- Demonstrable ability to engage with a range of business units and functions and uncover their objectives and needs
- Ability to translate a wide variety of principles and, sometimes complex, legal requirements into actionable solutions for the business
- Excellent communication, and presentation skills (management, employees, business partners, government agencies)
- Ability to work autonomously and in a remote team, with various stakeholders in a matrix environment
- Attention to details and strategic thinking, ability to prioritize tasks
- Proficient in Thai and English language (both oral and written),
- Ability to work in both Ladkrabang and Rama 9 areas