Director of Compliance & Data Privacy

LOCATION: Pennsylvania
Submit Resume

Princeton Legal Search Group has been retained on an exclusive basis to lead the search for an experienced compliance and data privacy attorney for a major non-profit organization in Philadelphia, Pennsylvania. Our client is a mission-driven global organization focused on improving world health and promoting quality health care.

Reporting directly to the Senior Vice President & General Counsel, the Director of Compliance & Data Privacy, Associate Counsel will have enterprise wide visibility and responsibility. In this role, you will interact with and advise the CEO, the Executive Leadership Team, Senior Leadership and the Board of Trustees with respect to compliance and privacy initiatives and issues.

Specific responsibilities include:     

A.   Compliance

    1. Developing and implementing an annual compliance plan for the enterprise
    2. Determining compliance metrics and establishing a system for tracking them
    3. Overseeing, developing and delivering training and education programs to employees on compliance and privacy related topics
    4. Acting as liaison between employees, Compliance and Quality Assurance Committee and the Board’s Compliance, Audit and Quality Assurance Committee and delivering reports to the Board
    5. Leading development of appropriate compliance initiatives and strategies for the enterprise
    6. Ensuring that operations are in compliance with the laws and regulations applicable to non-profit corporations and in particular to any federal regulations such as OFAC the organization must adhere to
    7. Ensuring the enterprise is in compliance with internal and external policies and procedures and contractual obligations
    8. Maintaining the Compliance Hotline and investigating any complaints
    9. Conducting investigations and internal audits
    10. Assessing enterprise operations to determine compliance risk
    11. Creating a resource library on compliance and privacy related topics for employees to reference
    12. Interacting with regulators on compliance issues
    13. Overseeing administration of annual conflict of interest questionnaires

B.   Privacy

    1. Serving in a leadership role for privacy compliance and fostering privacy awareness within the enterprise
    2. Overseeing all ongoing activities related to the development, implementation and maintenance of the enterprises’ privacy policies in accordance with applicable international, federal and state laws and particularly GDPR
    3. Serving on the privacy subcommittee
    4. Monitoring compliance with all applicable privacy laws and regulations
    5. Developing and delivering privacy training across the enterprise
    6. Investigating and tracking incidents and breaches and managing all required breach determination and notification processes under applicable laws and regulations
    7. Collaborating with information security officer to ensure alignment between security and privacy compliance programs; acting as liaison with information systems department
    8. Ensuring the enterprise has and maintains appropriate privacy and confidentiality consents, authorization forms and information notices and materials reflecting regulatory and policy requirements
    9. Performing periodic privacy risk assessment/analysis, mitigation and remediation

C.   Advise and Assist the Senior Vice President and General Counsel

    1. Providing high quality legal advice on all matters that affect or potentially affect the enterprise and/or the performance of its business and employment activities, including contemplated actions
    2. Acting in a proactive manner in resolving legal issues emphasizing solutions rather than the identification of problems
    3. Responding to legal inquiries from regulatory agencies, students/graduates and the medical education community
    4. Interpreting laws, rulings, and regulations for the enterprise’s leadership
    5. Reviewing and approving legal documents
    6. Reviewing and providing legal advice on employment, IT and other policies and practices
    7. Drafting, reviewing and/or negotiating agreements with external organizations and vendors


Candidates must have a JD from an accredited law school and a strong academic record. You must be admitted to the Pennsylvania Bar or be eligible for and secure a Limited In-House Corporate Counsel License pursuant to Rule 302 of the Pennsylvania Board of Bar Examiners. Candidates should have a minimum of 5-8 years of applicable law practice experience at a law firm or as in-house counsel and compliance/privacy officer. Significant experience with compliance matters and privacy regulations, including GDPR, is required. Experience with OFAC is helpful. Knowledge of legal issues affecting non-profit/tax exempt organizations and graduate medical education is helpful. A strong candidate for this role will have the following skills and abilities:

  • Negotiation skills
  • Problem solver employing good business and practical sense
  • Strong Emotional Intelligence
  • Influencing skills
  • Attention to detail
  • Business awareness
  • Keen judgment
  • Organizational skills
  • Excellent written and verbal skills
  • Excellent presentation skills
  • Computer literacy
  • Collaborative skills
  • Confidence to challenge existing practices
  • Highest standards of professionalism
  • At ease with cultural and language differences

Salary is commensurate with experience. Excellent benefits.  Remote work flexibility.

Submit Resume

← Back