[Legal]Senior Privacy Manager Japan

Requiredwork experience

lFamiliarity with the healthcare orpharmaceutical / medical device industry and its business processes;

lSignificant (8 to 10 years) experienceas Lawyer in house legal counsel or compliance officer preferred Functional understanding of applicable dataprivacy laws and regulations

lSignificant experience with theroll out of (privacy) compliance programs and their management

Requiredskill set

lAbility to maintain the higheststandards of quality compliance and accountability when advising the business

lDemonstrable ability to engagewith a range of business units and functions and uncover their objectives andneeds

lAbility to translate a widevariety of principles and sometimes complex legal requirements intoactionable solutions for the business

lExcellent organizationalfacilitation communication and presentation skills (management employeesbusiness partners government agencies)

lGlobal mindset and preparedness toincorporate global standards and practices for consistency and efficiencyreasons

lAbility to work autonomously

lAttention to details and strategicthinking

lEnglish proficiency

I.Summaryof the Job Description

The Senior PrivacyManager of the Johnson & Johnson Family of Companies in Japan is responsible at cross Sector level and for all OperatingCompanies of Johnson & Johnson in Japan for: i developing and implementing theprivacy program for all J&J companies in Japan; ii identifying privacy risks;iii developing maintaining and implementing privacy policies and procedures;iv providing orientation and training to J&J Japan employees; and vestablishing controls to ensure that the conduct of Johnson & Johnsonsbusinesses and operations are compliant with applicable privacy laws andregulations and J&J privacy policies and guidelines. The role includes coordinationof all activities related to implementation of and adherence to Johnson &Johnson privacy policies and applicable data protection laws in accordancewith the Johnson & Johnson Privacy Framework. Therole also includes the responsibilities of the Privacy Compliance Officerfunction for each of the Japanese J&J operating companies as may berequired by Japanese law.

The SeniorManager Privacy Compliance reports directly to the Global Privacy Director in the region with dotted reportingline responsibilities to the appropriate leadership levels of the above-mentionedcompanies.

II.Main responsibilities

l Aligns with the management key stakeholders and businessowners and ensures compliance of the Japanese Operating Companies to JapansAct of Protection of Personal Information (APPI) and other applicable privacy-relatedlaws and regulations as well as all applicable Johnson and Johnson privacy anddata protection policies and procedures.

l Establishes and implements a PersonalInformation protection strategy and plan.

lIdentifies privacy risks andinforms business owners and management of data privacy and protection relatedrisks which may arise. Participates in the companys Compliance Committee orsimilar or equivalent governance structure to highlight privacy risks andprovide status updates on the Privacy Compliance Program. Advises all staffwhose activities possibly put the company at risk and provides actionablesolutions to remediate risks and issues.

lEnsures local oversight of PrivacyCompliance Programs as implemented by the operating companies. Helps the companies develop a culture anddiscipline of data privacy and updates executive and senior management teams of significantdata privacy concerns.

l Reviews and handles privacy-related complaintsand incidents and implements remediation in accordance with J&Js procedures.

l Partners with the Information SecurityOfficer to establish internal control systems that i prevent leakage abusemisuse or unauthorized use or processing of personal information and ii protectthe confidentiality of personal information files.

lCollaborateswith IT and ISRM on compliance assessments and internet compliance reviewprocess.

l Conducts training and orientation onpersonal information protection including the companys privacy frameworkrelevant sections of data privacy laws notice and consent data incident andbreach and data breach reporting.

lIncreases awareness of thestakeholders (such as employees business partners third party vendors andservice providers) of the companys data protection policies and guidelines.

lReviews and advises when necessary the LawDept Procurement team and other stakeholders about adequate privacy languagein contracts with third party service providers amongst others.

lLiaises with the PersonalInformation Protection Commission where necessary.

lServes as first point of contactfor internal and external audits and inspections in respect of data privacy andprotection or data privacy related complaints against the company.

lBuilds and maintains knowledgeabout applicable laws and regulations and assesses impact of changes in laws tothe Privacy Program.

lActively engages with the GlobalPrivacy Team and participates in its information sessions to ensure maximalalignment with global standards and practices.

III.Partners

Liaises/ works with:

lRepresentatives from businessprocess owners who collect or process personal information (including asapplicable Human Resources Clinical Sales and Marketing Customer Call CentersInformation Technology and Procurement)

lGlobal Privacy Team

lkey functional partners like

othe Law Department to obtainlegal advice when needed

oIT Security including the organizationsInformation Security Officer (ISO) to ensure adequate security and accesscontrols on systems that process personal information and to partner on anadequate response to security incidents with a Privacy impact

oThe companys responsible personfor Records and Information Management on issues pertaining to retention andpurging of records that contain personal information

oHealthcare Compliance to ensure coordination intothe overall compliance program for the company

oCorporate internal audit functionto support the engagement and regularly assess the personal informationprocessing and make improvements