Vice President, Compliance & Privacy, Chief Compliance Officer #4025

Our mission is to detect cancer early, when it can be cured. We are working to change the trajectory of cancer mortality and bring stakeholders together to adopt innovative, safe, and effective technologies that can transform cancer care.

We are a healthcare company, pioneering new technologies to advance early cancer detection. We have built a multi-disciplinary organization of scientists, engineers, and physicians and we are using the power of next-generation sequencing (NGS), population-scale clinical studies, and state-of-the-art computer science and data science to overcome one of medicine’s greatest challenges.

GRAIL is headquartered in Menlo Park, California, with locations in Washington, D.C., North Carolina, and the United Kingdom. It is supported by leading global investors and pharmaceutical, technology, and healthcare companies.

For more information, please visit grail.com.

The Vice President, Compliance & Privacy, Chief Compliance Officer role will oversee GRAIL’s Compliance and Privacy Functions. The role, reporting to the General Counsel, manages and is responsible for GRAIL’s Corporate Compliance program, including internal investigations and environmental health and safety, as well as GRAIL’s Privacy program, including privacy compliance, data governance and strategy, privacy incident management and response, artificial intelligence governance and ethics, and cybersecurity law.

This position requires an onsite presence in Menlo Park, CA, offering the opportunity to be deeply integrated into GRAIL’s dynamic and innovative environment.

Responsibilities

• Policy Development: develop and oversee implementation of policies with respect to US and global healthcare corporate compliance, anti-bribery, anti-corruption, privacy compliance, privacy management, and data governance.
• Commercial and Marketing: help set marketing US and global market strategies, manage contracting arrangements with HCPs and HCOs, evaluate promotional and non-promotional practices, and oversee internal training.
• Monitor environment: monitor regulatory, legislative and enforcement landscape to guide internal practices and policies.
• Interactions with HCPs & HCOs: provide strategic counseling guidance across Commercial and Medical on interactions with HCPs & HCOs, including procedures, training, and monitoring.
• Internal Investigations and Audits: oversee GRAIL’s internal investigations and monitor compliance with applicable policies.
• Enterprise Risk Management: oversee enterprise risk management to identify areas of potential compliance vulnerability and risk, develop and implement corrective action plans.
• Independence: provide independent compliance counseling to the CEO and Audit Committee of GRAIL’s Board of Directors.
• Compliance Communication Program: institute and maintain an effective compliance communication program, including promoting: (a) use of a compliance hotline; (b) heightened awareness of Code of Conduct, and (c) understanding of new and existing compliance issues and related policies and procedures.
• Global Healthcare Compliance: update GRAIL policies to address global healthcare compliance across relevant jurisdictions.
• Global Data Privacy and Data Protection Program: lead program that defines, updates, maintains, and strengthens privacy compliance program requirements.
• Data Strategy: execute on the implementation of key privacy controls and business processes that are foundational to the Company’s data strategy, including de-identification, real world data, and artificial intelligence.
• Privacy Operations: facilitate compliance with international privacy frameworks, such as NIST, GDPR, and HIPAA, and incorporation of privacy by design into new products, business operations, and business verticals.
• Product Development: drive cross-functional strategic relationships with stakeholders and business teams to collaborate on integrating privacy into product development and business processes.
• Stakeholder Engagement: counsel internal clients on a wide range of privacy matters, including permissible data uses for strategic initiatives and the application of global privacy laws and regulatory guidance to current business processes, new product development, research collaborations and commercial partnerships.
• Commercial Collaborations: counsel corporate transactions team in negotiating data use and data protection terms in complex commercial agreements, vendor agreements, business associate agreements, and data sharing agreements.
• Investigations and Training: investigate, analyze, track, manage, and remediate privacy incidents; and develop policies and procedures, privacy training, and awareness activities to continuously advance the privacy program.
• Audit Committee: report compliance and privacy dashboards and program reviews to the Audit Committee.
• Incident Management: help oversee tabletop and simulation exercises to prepare the Company for potential cybersecurity or privacy incidents.
• Cybersecurity Law: work closely with the Chief Information Security Officer, lead collaboration with Information Security on various data security initiatives, risk management, third party audits/certifications, and vendor assessments.

Preferred Qualifications

• A US based law degree from accredited law school and active member of a state bar or registration as in-house counsel.
• Minimum of 20 years of Compliance and Privacy experience in in-house medical device, biotech, clinical laboratory, pharmaceutical, or other life sciences or healthcare companies, relevant law firm experience, and/or government experience.
• Knowledge of global compliance and data privacy laws and standards, including but not limited to AKS, EKRA, Sunshine Act, OIG HHS Compliance Program Guidance, HIPAA, GDPR, NIST, UK Cyber Essentials, and state privacy laws.
• Excellent communication skills and the ability to convey complex legal issues clearly.
• A desire to be part of a high-growth, transformational company.
• Proven track record of success in building and leading high-performing teams and solid managerial experience at the executive level.