Senior Privacy Counsel (Hybrid) (Finance)

Company Overview

Insulet started in 2000 driven to achieve our mission of enabling our customers to enjoy simplicity, freedom and healthier lives through the use of our Omnipod® product platform. In the last two decades we have improved the lives of hundreds of thousands of patients who have insulin-requiring diabetes, by using innovative technology that is wearable, waterproof, and lifestyle accommodating. We are on an exciting trajectory of significant growth and global expansion enabling us to reach more patients around the globe.

We are looking for highly motivated, performance driven individuals who want to be part of building our Center of Excellence and be at the forefront of our rapidly growing global footprint. We are looking to hire amazing people who are guided by shared values and desire to exceed customer expectations. Our continued success depends on it.

Position Overview

• Insulet is committed to balancing innovation while protecting individual privacy and has embraced privacy and data protection as core to the successful execution of our business strategy. As part of that commitment, Insulet has established a robust privacy program and is adding talent to our US Data Compliance and Privacy team - Legal Department.

• The Sr Manager - Privacy Counsel role will ensure compliance with privacy and data protection laws (e.g. HIPAA, CCPA, GDPR) while enabling data-driven innovation, with particular focus on supporting Insulet's projects in North America.

• The position will report to the Director, Data Compliance and Privacy who provides global privacy and AI compliance support.

• The ideal candidate will have the ability to think and act both strategically and tactically with respect to the needs of business clients and their objectives while ensuring that Insulet remains compliant with privacy and data protection laws and other laws relating to data as well as industry best practices in medical devices/ digital health industry.

Responsibilities

1. Legal Advisory

Strategic Guidance: Provide solution-oriented legal advice and strategic counsel to senior leadership and functional areas, including Security and Privacy Operations, Sourcing/Procurement, Marketing, HR, and Data Science.

Business Support: Offer high-level legal services that support the company's strategic goals and operational needs, ensuring alignment with privacy, AI and data protection laws.

2. Contract Management

Expert Negotiation: Draft, review, negotiate, and provide expert guidance on Data Processing Agreements (DPAs), Business Associate Agreements (BAAs), and privacy aspects of commercial agreements.

Compliance Assurance: Ensure all internal and external privacy notices, customer communications, and contractual documents meet legal standards and business objectives.

AI and Data Protection: Update DPAs, BAAs, and other commercial contracts in collaboration with commercial legal teams, incorporating necessary changes related to data protection laws and advancements in AI.

3. Risk Management

Strategic Risk Assessment: Collaborate with business teams to understand strategic objectives and provide high-quality, pragmatic legal advice to support global business growth.

Legal Risk Mitigation: Work closely with IT Security, Cybersecurity, Privacy Operations, Data Science & Algorithms and HR Compliance teams to identify and mitigate legal risks stemming from privacy, AI and data protection requirements.

4. Reporting to Authorities

Incident Management: Lead the assessment of security incidents, develop mitigation strategies, and report to authorities as required.

Regulatory Communication: Serve as the primary point of contact for regulators, managing communication strategies and coordinating investigations following submissions to authorities.

5. Multi-Line Reviews

Quality Control: Review and assess customer-facing documents to ensure compliance with internal controls and data protection laws.

Legal Oversight: Detect and correct errors, provide legal guidance to the marketing team, and approve or reject communications based on legal conformity.

6. Process Improvement

Program Enhancement: Continuously improve Insulet's privacy and AI compliance program, implementing linear and pragmatic solutions to risk management.

7. Monitoring Changes

Regulatory Updates: Identify business requirements resulting from new and evolving privacy and data protection laws, providing guidance on their impact on Insulet products and services.

8. Collaboration

Stakeholder Engagement: Connect with internal stakeholders to provide regional privacy analysis and advice on med-tech products and services.

Data Governance: Advise Data Science & Algorithms on data governance controls and best practices to ensure compliance with applicable laws.

9. Miscellaneous

Additional Duties: Perform other duties as assigned, contributing to the overall success of Insulet's privacy and legal initiatives.

Key Decision Rights

• Contractual Agreements. Decision-making authority on the review, negotiation, and finalization for a wide variety of contracts.
• Risk Assessment. Ability to issue spot, evaluate potential legal risks and implement appropriate risk mitigation strategies.
• Policy Implementation. Authority to develop, implement, and enforce company-wide privacy policies and procedures.
• Data Privacy Incidents: Authority to decide on reporting to the authorities, risk classification of the incident.
• Power to liaise directly with internal and external parties as necessary and appropriate.

Required Leadership/Interpersonal Skills & Behaviors

• Exceptional interpersonal and communication skills.
• Highest standards of integrity and good judgment.
• Proven capacity to influence, build trust, work independently and collaboratively, and engage and collaborate effectively at all levels of the company.
• Proven strong problem resolution skills and ability to multitask, prioritize and respond to emerging issues effectively in a challenging, fast-paced environment.
• Leadership: Ability to lead communication strategies and serve as the primary point of contact for regulatory bodies.

Required Skills and Competencies

• Ability to juggle competing priorities in a corporate environment while remaining a valued and respected member of business teams.
• Ability to quickly identify potential issues/problems and to escalate to applicable stakeholders when needed.
• Proven experience solving both practical and multi-variable problems and challenges, with excellent risk-based judgment.
• Proven experience in negotiating and drafting data protection agreements and negotiating to resolution difficult or unique issues.
• Familiarity with Privacy by Design methodologies.
• Project management skills; ability to lead complex projects, co-ordinate with various teams and execute in a timely manner.

Education and Experience

• Juris Doctor from an accredited law school, currently in good standing with a state bar association.
• minimum 8 years of broad-based privacy compliance experience in relevant areas including data subject rights handling and security data incidents notification work.
• Experience with a medical device or life sciences company is preferred.
• Experience in either a major law firm or in-house in a corporate legal department.
• IAPP certificates related to privacy laws and privacy management is preferred.
• AI certificates by a recognized body (e.g. IAPP) is preferred.
• Experience with OneTrust privacy management system.

Additional Information

• The position is hybrid at our Acton, MA office or San Diego, CA office.
• Travel is estimated up to 10%, but will flex depending on business needs.

NOTE: This position is eligible for hybrid working arrangements and requires on-site work from an Insulet office at least three (3) days per week. #LI-Hybrid

Additional Information:
The US base salary range for this full-time position is $148,275.00 - $222,412.50. Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position in the primary work location in the US. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your Talent Acquisition Specialist can share more about the specific salary range for your preferred location during the hiring process. Please note that the compensation details listed in US role postings reflect the base salary only, and do not include bonus, equity, or benefits.

Insulet Corporation (NASDAQ: PODD), headquartered in Massachusetts, is an innovative medical device company dedicated to simplifying life for people with diabetes and other conditions through its Omnipod product platform. The Omnipod Insulin Management System provides a unique alternative to traditional insulin delivery methods. With its simple, wearable design, the tubeless disposable Pod provides up to three days of non-stop insulin delivery, without the need to see or handle a needle. Insulet's flagship innovation, the Omnipod 5 Automated Insulin Delivery System, integrates with a continuous glucose monitor to manage blood sugar with no multiple daily injections, zero fingersticks, and can be controlled by a compatible personal smartphone in the U.S. or by the Omnipod 5 Controller. Insulet also leverages the unique design of its Pod by tailoring its Omnipod technology platform for the delivery of non-insulin subcutaneous drugs across other therapeutic areas. For more information, please visit insulet.com and omnipod.com.

We are looking for highly motivated, performance-driven individuals to be a part of our expanding team. We do this by hiring amazing people guided by shared values who exceed customer expectations. Our continued success depends on it!

At Insulet Corporation all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

( Know Your Rights )