Responsibilities

• Policy Development: develop and oversee implementation of policies with respect to US and global healthcare corporate compliance, anti-bribery, anti-corruption, privacy compliance, privacy management, and data governance. 
• Commercial and Marketing: help set marketing US and global market strategies, manage contracting arrangements with HCPs and HCOs, evaluate promotional and non-promotional practices, and oversee internal training.
• Monitor environment: monitor regulatory, legislative and enforcement landscape to guide internal practices and policies.
• Interactions with HCPs & HCOs: provide strategic counseling guidance across Commercial and Medical on interactions with HCPs & HCOs, including procedures, training, and monitoring.
• Internal Investigations and Audits: oversee GRAIL’s internal investigations and monitor compliance with applicable policies. 
• Enterprise Risk Management: oversee enterprise risk management to identify areas of potential compliance vulnerability and risk, develop and implement corrective action plans.
• Independence: provide independent compliance counseling to the CEO and Audit Committee of GRAIL’s Board of Directors. 
• Compliance Communication Program: institute and maintain an effective compliance communication program, including promoting: (a) use of a compliance hotline; (b) heightened awareness of Code of Conduct, and (c) understanding of new and existing compliance issues and related policies and procedures.
• Global Healthcare Compliance: update GRAIL policies to address global healthcare compliance across relevant jurisdictions.
• Global Data Privacy and Data Protection Program: lead program that defines, updates, maintains, and strengthens privacy compliance program requirements.
• Data Strategy: execute on the implementation of key privacy controls and business processes that are foundational to the Company’s data strategy, including de-identification, real world data, and artificial intelligence.
• Privacy Operations: facilitate compliance with international privacy frameworks, such as NIST, GDPR, and HIPAA, and incorporation of privacy by design into new products, business operations, and business verticals.
• Product Development: drive cross-functional strategic relationships with stakeholders and business teams to collaborate on integrating privacy into product development and business processes.  
• Stakeholder Engagement: counsel internal clients on a wide range of privacy matters, including permissible data uses for strategic initiatives and the application of global privacy laws and regulatory guidance to current business processes, new product development, research collaborations and commercial partnerships.
• Commercial Collaborations: counsel corporate transactions team in negotiating data use and data protection terms in complex commercial agreements, vendor agreements, business associate agreements, and data sharing agreements.
• Investigations and Training: investigate, analyze, track, manage, and remediate privacy incidents; and develop policies and procedures, privacy training, and awareness activities to continuously advance the privacy program.
• Audit Committee: report compliance and privacy dashboards and program reviews to the Audit Committee.
• Incident Management: help oversee tabletop and simulation exercises to prepare the Company for potential cybersecurity or privacy incidents.
• Cybersecurity Law: work closely with the Chief Information Security Officer, lead collaboration with Information Security on various data security initiatives, risk management, third party audits/certifications, and vendor assessments.

Preferred Qualifications

• A US based law degree from accredited law school and active member of a state bar or registration as in-house counsel.
• Minimum of 20 years of Compliance and Privacy experience in in-house medical device, biotech, clinical laboratory, pharmaceutical, or other life sciences or healthcare companies, relevant law firm experience, and/or government experience.
• Knowledge of global compliance and data privacy laws and standards, including but not limited to AKS, EKRA, Sunshine Act, OIG HHS Compliance Program Guidance, HIPAA, GDPR, NIST,  UK Cyber Essentials, and state privacy laws. 
• Excellent communication skills and the ability to convey complex legal issues clearly.
• A desire to be part of a high-growth, transformational company. 
• Proven track record of success in building and leading high-performing teams and solid managerial experience at the executive level.