• Report to the Vice President of Privacy and assist with the implementation and maintenance of the Privacy program
• Serve as a functional expert working closely with & advising business leaders, commercial counsel, and other colleagues on all legal aspects of privacy, including data protection, data retention, data usage, data security and data breaches
• Provide guidance, direction, and practical translation of legal privacy requirements to cross-functional teams on complex projects
• Assist with the management of regulatory inquiries, investigations or administrative actions related to privacy and data security
• Assist colleagues with the review and negotiation of data privacy agreements, data processing agreements, business associate agreements and other similar agreements
• Support acquisitions, divestitures, and joint ventures as they relate to privacy matters
• Review policies and procedures drafted by Cardinal Health Compliance personnel to ensure compliance with applicable data privacy laws and regulations
• Advise on the design and provision of Cardinal Health’s privacy training program
• Assist with the training of relevant legal aspects of privacy matters
• Remain up to date on legislative developments in the field of privacy at the state, federal and international level that may affect Cardinal Health and its global subsidiaries, and work with commercial counsel and government relations to identify potential strategic changes that might be adopted
• A minimum of four (4) years of legal experience, working primarily on a wide variety of privacy and data security matters
• Training within privacy team at a large law firm strongly preferred
• Extensive knowledge of U.S. privacy and data security laws, regulations, and standards, including HIPAA, CCPA, U.S. state and federal privacy, data security, breach notification, consumer protection and employment-related privacy laws and regulations
• Knowledge of EU privacy and data security laws, including GDPR preferred
• Experience handling privacy matters in the health care industry is strongly preferred
• Demonstrated transactional experience, including reviewing, drafting, and negotiating privacy and data protection contract terms and agreements, such as Business Associate Agreements and data processing, usage, and/or transfer agreements
• Experience with implementing incident response plans, responding to data security incidents and advising on applicable legal requirements
• Experience handling information technology matters, including drafting technology contracts, is a plus
• Ability to juggle multiple tasks and prioritize under tight time constraints
• Self-motivated and independent, but able to discern when matters should be escalated and when further guidance is needed
• Excellent communication skills, both written and oral, including ability to translate legal requirements into practical guidance for non-lawyers
• Juris Doctorate degree
• License to practice law in Ohio or active bar license in another state
What is expected of you and others at this level
• Applies comprehensive knowledge and a thorough understanding of legal and compliance concepts, principles, and technical capabilities to perform varied tasks and projects.
• Contributes to the development of department strategy
• Works on or may lead highly complex projects of large scope
• Projects are typically cross-functional and have significant and long-term impact
• Negotiates complex or risky technical business issues on behalf of the company
• Proven leadership ability with strong analytical and problem-solving skills.
• Function as role model regarding compliance standards, professionalism, interpersonal communication skills and attitude.
• Must possess strong oral and written communication skills capable of dealing with wide range of stakeholders, including senior management.
• Proven ability to develop and implement strategies and plans to achieve goals, including the ability to multi-task and set priorities appropriately.
• Customer oriented attitude and ability to prioritize and manage multiple time-sensitive projects with a sense of urgency.
• Ability to assess risk in an objective manner and comprehensively communicate the risk to the Compliance team.
• Ability to work efficiently and with speed to ensure continuity of business operations while still driving privacy compliance.
The Colorado Department of Labor requires all employers to provide the following information for all positions that could be performed in the state of Colorado
Anticipated salary range: $110,800 - $158,300
Bonus eligible: Yes/No
Benefits: Health insurance, 401k Contributions, Paid Time Off, Vacation, STD/LTD
Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law