GDPR Clinical Trial Compliance Director

Job Description

The Director, GDPR Clinical Trial Compliance is a subject-matter expert in the objectives and requirements for data privacy controls and documentation as related to GDPR in clinical trials, as well as data privacy best practices in general. They will work with internal and external stakeholders in the Development division to ensure data privacy compliance by Exelixis, vendors, and sites in the conduct of clinical trials. Primary liaison with Exelixis’ Data Protection Representative (DPR). Develop data protection standards and compliance curriculum and coordinate the training of staff involved in trial execution and analysis.

Qualifications

ESSENTIAL DUTIES AND RESPONSIBILITIES: Act as Development subject-matter expert on GDPR principles, compliance, and documentation requirements for the conduct and analysis of clinical trials Primary liaison with Exelixis’ Data Protection Representative (DPR) and Data Protection Officer (DPO) to help manage Exelixis global data protection obligations in clinical trials Support development and maintenance of GDPR Data Registry to meet expectations of Article 30 records documentation per processing activity Perform and maintain Data Protection Impact Assessments (DPIA) Contribute to Exelixis policies such as Respect for Privacy and Protection of Personal Information, Incident Response, Data Subject Rights, Data Subject Access Request, Risk Log Support investigating and addressing a Data Subject Request (DSR) in collaboration with the DPO and appropriate Exelixis designated stakeholders. Collaborate with internal stakeholders in Legal, Development Operations, and Data Privacy Committee to develop process to ensure consistent GDPR practices and processing rights are established implemented across Exelixis clinical trials, vendors and study sites Contribute to execution of a common control framework to manage Exelixis' data protection programs, including the laws of the US, EMEA, APAC, and AMER. Contribute to the selection, implementation, and ongoing management of key tools for documenting and tracking compliance. Provide input and assist to the development a data protection audit program cross-functionally with Data Protection Team and key business stakeholders Provide ongoing management and contribute to content development and oversight of data privacy process continuity across clinical trial teams, including to support training and interface with our outside provider of GDPR services for external facing content. Form strong working relationships with internal stakeholders in Legal, Development Operations and external industry stakeholders (i.e., DPOs, vendors/processors)

SUPERVISORY RESPONSIBILITIES: None

EDUCATION/EXPERIENCE/SKILLS: Education: BA/BS/BSN in sciences or data privacy related field with twelve years of relevant experience; or, MS/MSN/ MPH in sciences or data privacy related field with ten years of relevant experience; or, PhD/PharmD in sciences or data privacy related field with eight years of relevant experience; or, Equivalent combination of education and experience.

Experience: Typically requires a minimum of 5 years of related experience in life sciences, including 2 years in experience in clinical research data privacy compliance/experiences

Knowledge/Skills/Abilities: Understanding or experience with advanced concepts of clinical research Deep understanding of data privacy and security requirements globally as related to clinical research and associated legal basis Experience with contributing to the development and implementation GDPR Familiarity with privacy program management tools Ability to deal with time demands, incomplete information or unexpected events Experience in interactions with outside vendors, e.g., CROs and contract services Experience with administration of GDPR objectives Experience with reviewing adequacy of site-proposed ICs for compliance with relevant regulations Demonstrated ability to write and present clearly using on GDPR as related to clinical trials Advanced computer skills Good organizational and planning skills Strong interpersonal skills and communication skills (both written and oral) Ability to work effectively in a team/matrix environment Ability to understand technical, scientific, and medical information Familiarity with concepts of clinical research Ability to problem-solve Fundamental project management skills (e.g., project charters, trackers, timelines, and reports) Experience with sophisticated in-house legal department, privacy department, or consulting firm Experience with global data protection laws, standards, and associated frameworks (e.g., GDPR, CCPA, HIPAA, and APEC CBPR) Proficiency with project management practices, tools, and methodologies Familiarity with privacy program management tools

JOB COMPLEXITY: Applies judgement and professional expertise in new situations Independent team member performing highly technical or specialized work

#LI-MB1

Additional Information

DISCLAIMER

The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to the job.

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.