Global Privacy & Data Protection Leader – Med Tech (MT) Sector

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at jnj.com

As guided by Our Credo, Johnson & Johnson is responsible to our employees who work with us throughout the world.  We provide an inclusive work environment where each person is considered as an individual.  At Johnson & Johnson, we respect the diversity and dignity of our employees and recognize their merit.

Job Function:

Legal & Compliance

Job Sub Function:

Enterprise Compliance

Job Category:

People Leader

All Job Posting Locations:

New Brunswick, New Jersey, United States of America, Washington, District of Columbia, United States of America

Job Description:

The Johnson and Johnson Global Privacy Organization is recruiting for a Global Privacy & Data Protection Leader, Med Tech Sector based in New Brunswick, NJ; Washington, DC or Brussels, BE.

The Global Privacy & Data Protection Leader for Johnson & Johnson’s MedTech (MT) Sector serves as the senior-most privacy executive for the sector. This role provides global strategic leadership, governance, and oversight of all privacy and data protection activities across MT, partnering closely with executive leadership, regional teams, and country teams. The leader will shape long term strategy, ensure compliance with evolving global privacy regulations, and mature the organization’s privacy operating model while driving scalable, business aligned privacy practices aligned to our modernization mandate.

Crucially, this role will also champion innovative and ethical uses of data across the sector, ensuring privacy leaders not only protect the company, but actively enable new models of patient engagement, innovation, and product development that strengthen health outcomes and accelerate scientific progress.

This role reports directly to the Chief Privacy Officer and maintains a strong, influential partnership with MT Leadership, representing the privacy function across global, regional, and market level BU leadership forums.

Key Responsibilities

Global Leadership & Strategic Accountability

• Provide end to end global oversight of Privacy & Data Protection for MedTech (MT) Sector, ensuring robust governance, compliance, and risk management across all business units and geographies.
• Serve as the senior-most privacy leader for the MT Sector, representing the function to sector executives and leadership teams globally, regionally, and within markets.
• Define and drive the long-term privacy strategy for MedTech, balancing regulatory compliance, patient safety obligations, and business innovation involving connected devices, digital surgery platforms, and AI-enabled solutions.
• Promote innovative and ethical uses of data to drive better health outcomes – ensuring privacy leadership actively enables new forms of patient engagement, innovation, and data driven product development, not merely compliance protection.

Team Leadership & Operating Model Oversight

• Lead and develop a global team of senior Privacy leaders organized by major regions and global support services, ensuring they have the drive for excellence, capabilities, structure, and support required to manage regional privacy obligations.
• Oversee and optimize a leveraged network of Privacy Stewards embedded in business units across markets, ensuring consistent execution of privacy responsibilities and adherence to global standards and processes.
• Build a high performance culture emphasizing accountability, collaboration, subject matter excellence, and continuous improvement.

Executive Engagement & Strategic Guidance

• Partner with senior leaders at all levels to provide expert strategic guidance regarding the implications of global privacy laws, regulatory changes, and evolving risk landscapes.
• Offer practical, business-oriented recommendations and privacy-by-design guidance for complex MedTech innovation including data flow architectures, digital platform, device connectivity, and customer engagement models.
• Serve as a catalyst for innovative data enablement – helping leadership leverage data responsibly to transform patient experiences, accelerate scientific insight, and fuel next generation medical advances.

Interaction with the Global Privacy Organization (GPO)

• Represent MT’s privacy needs and priorities within the Global Privacy Organization (GPO), collaborating closely with the enterprise privacy back office and center of excellence teams.
• Ensure MT sector demand, novel use cases, and operational requirements are triaged effectively, adhere to GPO’s documented policies, standards and processes, and receive accurate and timely guidance from GPO teams.
• Oversee the translation of recurring use cases into codified Specifications within the global Privacy Rulebook, ensuring consistency, clarity, and scalable operationalization.

Enterprise and Cross Functional Leadership

• Serve as a key member of the GPO Leadership Team, contributing to the enterprise privacy strategy, operating model modernization, and long term transformation initiatives.
• Champion the organization’s modernization mandate by driving initiatives that enhance simplicity, agility, speed, and effectiveness in privacy operations.
• Collaborate cross functionally with Legal, Compliance, IT, Cybersecurity, Data Science, R&D, Commercial, Quality, and Supply Chain to embed privacy into end to end business processes.
• Represent the Privacy function in appropriate external engagements with industry groups, think tanks, and regulators, as appropriate and aligned with the GPO External Engagement Strategy.

Governance, Risk Management & Compliance

• Oversee privacy risk assessments, regulatory readiness, incident response support, and the development of remediation strategies.
• Ensure consistent accountability for compliance across MT with J&J Privacy Policies & Standards and global privacy laws (e.g., GDPR, LGPD, PIPL, HIPAA, federal/state laws, and emerging regulations).
• Serve as a trusted advisor during interactions with regulatory bodies, auditors, and external partners when needed.
• Serve as a subject matter expert and provide appropriate support throughout A&D processes.

Job Qualifications, Education & Experience

• Juris Doctor (JD) degree required.
• Concentration or advanced study in law, privacy, data protection, information governance, cybersecurity, public policy, or a related discipline strongly preferred.
• Minimum of 12+ years of progressive experience in privacy, data protection, legal, compliance, or data governance roles within a complex, global organization.
• Significant experience operating at the enterprise or sector executive level, with accountability for global privacy strategy, governance, and regulatory compliance across multiple regions and jurisdictions.
• Demonstrated experience leading privacy and data protection programs within highly regulated, technology enabled environments, including MedTech, life sciences, digital health, or adjacent industries.
• Proven track record of shaping and executing multi year privacy strategies that balance regulatory compliance, patient and customer trust, and business innovation.
• Experience partnering with executive leadership, including Sector Leaders, Executive Committees, and Board adjacent forums, to influence strategy and guide risk balanced decision making.
• Hands on experience supporting or overseeing major transformation initiatives, including modernization of operating models, simplification of processes, and scaling of global privacy services.
• Experience engaging with regulators, auditors, and external stakeholders, including preparation for regulatory inquiries, inspections, or audits.
• Exposure to mergers, acquisitions, and divestitures, including privacy due diligence, integration, and separation activities.

Privacy & Technical Expertise

• Deep expertise in global privacy and data protection laws and frameworks, including but not limited to GDPR, LGPD, PIPL, HIPAA, U.S. state privacy laws, and emerging global regulations.
• Strong understanding of complex data ecosystems, including connected devices, software enabled products, AI enabled solutions, digital platforms, and advanced analytics.
• Demonstrated ability to operationalize privacy requirements through governance, policies, standards, processes, and scalable operating models.
• Strong command of privacy by design principles and their application in product development, digital innovation, and patient engagement models.

Leadership & Organizational Capabilities

• Proven people leader with experience building, leading, and developing high performing global teams, including both direct reports and extended networks (e.g., embedded Privacy Stewards).
• Demonstrated ability to lead in highly matrixed environments, influencing without authority and aligning diverse stakeholders toward shared outcomes.
• Strong change leadership skills, with a history of successfully driving organizational transformation and cultural adoption.
• Exceptional executive communication and influencing skills, with the ability to translate complex privacy and regulatory concepts into clear, actionable business guidance.

Professional Attributes

• Strategic, forward-thinking leader with strong business acumen and a pragmatic approach to risk management.
• Collaborative and trusted advisor mindset, operating effectively across Legal, Technology, R&D, Commercial, Digital, Quality, and Supply Chain functions.
• Demonstrated commitment to ethical data use, patient trust, and Johnson & Johnson’s Credo values.
• Results oriented, resilient, and capable of operating confidently in fast moving, ambiguous, and evolving environments.

Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.

Johnson and Johnson is committed to providing an interview process that is inclusive of our applicants’ needs. If you are an individual with a disability and would like to request an accommodation, please email the Employee Health Support Center (ra-employeehealthsup@its.jnj.com) or contact AskGS to be directed to your accommodation resource.

Please note that this role is available across multiple countries and may be posted under different requisition numbers to comply with local requirements. While you are welcome to apply to any or all of the postings, we recommend focusing on the specific country(s) that align with your preferred location(s):

• US - Requisition Number: R-077560
• Belgium - Requisition Number: R-077830 

Remember, whether you apply to one or all of these requisition numbers, your applications will be considered as a single submission. 

Required Skills:

 

 

Preferred Skills:

Audit and Compliance Trends, Audit Findings and Recommendations, Compliance Management, Compliance Policies, Compliance Risk, Confidentiality, Controls Compliance, Corporate Investigations, Developing Others, Inclusive Leadership, Leadership, Legal Function, Legal Services, Policy Development, Risk Management Framework, Tactical Planning

 

 

The anticipated base pay range for this position is :

$178,000.00 - $307,050.00

Additional Description for Pay Transparency: