Manager, Privacy

Job Description

This reports directly to the OCA Privacy Officer. This position is responsible for executing operational privacy tasks as defined and allocated through the OCA Privacy Team, including create and maintain policies, train applicable stakeholders, and develop and manage practices to analyze, prioritize, and report on privacy risks and mitigation activities.

Job Duties

• Serve as a privacy compliance subject matter expert, advising stakeholders across functions and jurisdictions on applicable U.S. and Canadian privacy, US HIPAA and potential AI-related compliance related matters and executing operational privacy tasks as defined and allocated through OCA Privacy. 
• Proactively monitor and analyze evolving privacy, HIPAA and AI laws, rules, regulations and guidance to help Olympus maintain compliance and strategic alignment. 
• Support privacy metrics development (KPIs and KRIs), privacy audit readiness, and privacy maturity benchmarking. 
• Work with internal stakeholders, within applicable jurisdiction(s) or across regions, to develop and maintain data mapping and Records of Processing Activities (ROPAs’) to ensure continuous process optimization and implementation of privacy compliance requirements based on documented data processing activities from the business. 
• Support with the assessment, evaluation and documentation of potential privacy and AI NIST Risk Assessment framework, compliance risk, and applicable mitigations as agreed by the business. 
• Monitor and manage any shared mailboxes owned by OCA Privacy or the Global Privacy Compliance organization, including responses to routine enquiries and escalating issues to the correct team leads or contacts.
• Support OCA Privacy and/or the wider Global Privacy Compliance organization in privacy incident management, breach notification requirements and response in coordination with information security, legal, and business continuity teams. 
• Conduct training and privacy awareness campaigns and initiatives that are tailored to regional requirements and emerging risks in the OCA region. 

Job Qualifications

Required:

• Bachelor’s degree required (Law, Business, Information Systems, Robotics, Biomedical, Mechanical or Electrical Engineering or related field).
• Minimum of 7 years of hands-on experience in privacy program operations, ideally within Med Tech, medical devices, healthcare or life sciences.
• Minimum of 5 years of experience or functional knowledge with privacy, HIPAA, and AI regulations, NIST AI Risk Assessment and governance frameworks in the US, Canada, Mexico, Brazil jurisdictions.
• Demonstrated ability to interpret legal/regulatory requirements and translate them into operational and technical controls.
• Familiarity with data governance tools and enterprise GRC systems (e.g., OneTrust).
• Experience in developing presentations and communicating privacy analysis to cross functional business leaders.
• Experience in planning and project management and in maintaining composure under pressure while meeting project deadlines.
• Experience with enterprise Governance, Risk, & Compliance tools.
• Demonstrates proficient analytical, organizational, interpersonal, and verbal and written communication skills.
• Strong leadership communication and presentation skills are required.
• Ability to multitask and balance priorities with minimal direction.
• Exhibits excellent critical thinking and problem-solving skills with strong attention to detail and ability to analyze documents and processes.
• Regular participation in global team meetings, primarily virtual formats, and occasional physical presence.
• Stay current on industry best-practices for Privacy and Security.
• Manage complex projects with competing business initiatives and demanding timelines.
• Track Privacy KPIs and KRIs to better understand drivers and implications of performance and risk indicators 
• Must be available to travel occasionally as needed.

Preferred:

• Advanced degree preferred (JD, LLM, MBA, or graduate studies (MS) in Privacy, Cybersecurity, or Health Informatics).
• Industry certification is strongly preferred: CIPP/US, CIPM, CIPT, or AIGP (Artificial Intelligence Governance Professional). 
• Additional desired experience with robotics frameworks such as ROS and involvement in R & D projects focused on robotics applications in healthcare.