Senior Privacy Manager

The Senior Privacy manager of Johnson & Johnson (J&J) in China is responsible for providing practical, timely, strategic, and high-quality counseling on applicable cybersecurity, data security and other related laws, regulations & guidelines with a focus on cybersecurity and data security as it impacts Company Business, cross border operations as well as new commercial models.

The Individual, as a core member of the J&J China Privacy team, shall be primarily responsible for providing robust regulatory and operational support related to the implementation and monitoring of the Company's specific data security and cybersecurity compliance programs across J&J sectors in China, identifying cyber and data security risks and working closely with the J&J DPO, J&J Data Security officer (DSO), Information security team (ISRM) and global Data Protection Legal Team (DPLT) to develop controls, policies & procedures, and trainings to ensure the Company is operating in compliance with applicable Cybersecurity, data security laws and related security regulations and national standards, including cross border data transfer measures, as well as J&J policies and data security framework.

In this role, the Individual shall have opportunity to actively support, shape and help implement all projects and participate in assessment and remediations measures across J&J organization in China that involve specific cybersecurity, data security considerations and risks, working closely with other J&J sectors' senior privacy managers as the need arises.

The individual shall advise on potential liability and other legal aspects related to privacy, cybersecurity and data security incidents and support the Company's data security and cybersecurity incident response programs, including supporting the investigation of potential incidents, identifying applicable legal obligations, supporting timely incident response efforts and notification to regulatory authorities, and addressing any visits, controls and follow up requests from Chinese regulatory authorities.

• Monitor closely any new developments in China cybersecurity, data security laws and impact on other related regulations/standards/programs, ensure timely reporting to China DPO, DPLT, ISRM and other J&J functional teams.
• Provide legal support to interpret any new cybersecurity and data security laws & regulations and analyze the impact to JNJ's business in China, including on cross border operations and specific privacy programs. Work in close coordination with external counsels where need be.
• Partner closely with DSO/ISRM team and DPLT to develop controls, policies & procedures to ensure Company's compliance with China applicable cybersecurity and data security laws, as well as all applicable Johnson and Johnson data security and cybersecurity policies and procedures, including reporting of incidents and conducting investigations.
• In close alignment with China DPO and privacy team , support related stakeholders at Company and Sector level on cybersecurity and data security matters , as well as partner closely with ISRM, DPLT, BU legal and other functions to proactively address data security and cybersecurity matters in China.
• Act as the primary point of contact in China in the event of data security or cybersecurity incident in liaison with

• Review and help to develop and implement timely incident response plans in the event of a data security or cybersecurity incident.
• Coordinate the response to data security/cybersecurity incidents, including reporting obligations as per Chinese regulations, in close alignment with DPLT.
• Attend any inspection, down raid and address follow up requests from regulatory authorities, in close alignment with DPO, DPLT, BU legal and ISRM.
• Where applicable, provide data security and cybersecurity input on corporate projects including any acquisitions, divestitures, licensing and development terms that involve data security requirements.

Ã
Support China Data Security Officer and Information security partners in implementing strategic DSL Compliance Program to meet China DSL regulations and other related measures.

• Partner with and assist DSO/ISRM and DPLT to self-identify the Important Data for J&J once the applicable Important Data Catalog is officially released, create an inventory list of the Important Data, and complete the governmental filing of the Important Data inventory list.
• Provide legal support to internal regular security assessment for processing of the Important Data, assist the governmental filing of the risk assessment report for processing of the Important Data, and advise on risk mitigation strategies.
• Work closely with China DPO, ISRM, JJT and DPLT to draft and file for CBDT CAC security assessment of the Important Data and other related obligations.
• Support DSO/ISRM and JJT to complete data categorization and data classification for J&J China.
• Partner with DSO/ISRM and DPLT to establish internal control policies, systems & technical measures that prevent leakage, abuse, misuse of J&J data and protects the confidentiality of J&J files.
• Collaborate with the ISRM team to identify and address potential security vulnerabilities.
• Act as the legal partner of the DSO of J&J China towards the government authorities, provide legal support to DSO during government regulatory bodies' visits and down raids inspections, assist DSO in implementing, maintaining and monitoring the data security and cybersecurity compliance program for J&J China.

• Support the DPLT in Review of global projects involving specific data security/cybersecurity considerations in China
• Advising the local teams on strategic security requirements needed at project level when data localization is foreseen or requested by government regulatory authorities in China (e.g., CaC)
• Support J&J China Privacy team and review of specific data security or cybersecurity concerns or escalation related to J&J China third parties: this includes supporting data classification, compliance analysis, participate in internal compliance review processes with copy review of necessary stakeholders before digital asset launch, e.g. BPRA, CA, etc.
• Support Contract review to manage risks with third parties processing JNJ data: review and negotiation of Data Safeguards Exhibit (DSE), Supplier Information Security Requirements (SISR), and related contractual data security provisions.

• Support the development and conducting of data security and cybersecurity training materials and other communications to increase employee understanding of Company data security policies, data protection handling practices and procedures.
• Support GA &P, Participate in industry association groups to shape the external environment, benchmark, review and influence strategies in relation to data security and cybersecurity matters.

• China, APAC and Global Privacy Team, mainly DPLT
• Law Department, to assess risks related to new laws and regulations, assess responsibilities and obligations of partners, third parties, Heath Care professionals when conducting contract review
• DSO/ISRM, to support DSL compliance program and ensure to develop and implement data security policies and procedures
• Company's responsible person for Records and Information Management, on issues pertaining to data retention and purging of records
• Healthcare Compliance, to ensure a data security program that fits into the overall compliance program roll out for the company
• Corporate internal audit function to support the engagement and regularly assess the data security environment and make improvements
• Government Affairs & Policy, to support in monitoring and shaping new privacy regulations in alignment with J&J position