Executive Director, Global Privacy

Revolution Medicines is a late-stage clinical oncology company developing novel targeted therapies for patients with RAS-addicted cancers. The companys R&D pipeline comprises RAS(ON) inhibitors designed to suppress diverse oncogenic variants of RAS proteins. The companys RAS(ON) inhibitors daraxonrasib (RMC-6236) a RAS(ON) multi-selective inhibitor; elironrasib (RMC-6291) a RAS(ON) G12C-selective inhibitor; zoldonrasib (RMC-9805) a RAS(ON) G12D-selective inhibitor; and RMC-5127 a RAS(ON) G12V-selective inhibitor are currently in clinical development. As a new member of the Revolution Medicines team you will join other outstanding professionals in a tireless commitment to patients with cancers harboring mutations in the RAS signaling pathway.

The Opportunity:

RevMed is seeking an experienced privacy executive to support RevMeds business. The Executive Director Global Privacy will lead the strategy development and execution of the companys Privacy Program ensuring all activities are conducted ethically and in accordance with applicable laws regulations and industry codes. This attorney will be instrumental in shaping and sustaining a culture of integrity as the company advances and commercializes its oncology pipeline.

The Executive Director Global Privacy is a senior leader responsible for driving the organizations global privacy strategy governance and compliance framework. This role ensures that all business activities involving personal data are conducted ethically and in compliance with applicable international laws regulations and industry standards.

Reporting to the Vice President Compliance this role serves as a key advisor to the General Counsel (GC) and other senior executives on global privacy data protection and responsible data use while fostering a culture of privacy-by-design across all business functions worldwide. Key responsibilities include:

Strategic Leadership & Governance

• Lead the development and execution of a comprehensive global privacy strategy aligned with business objectives and the broader compliance program.

• Serve as a senior advisor to the General Counsel (GC) and other senior executives on global privacy risks regulatory developments and data governance.

• Establish and maintain enterprise-wide global privacy governance frameworks policies and standards.

• Design the Global Privacy team structure and operating model leveraging both regional and global resources support design and implementation of technology-enabled systems and processes for regional adaptation where appropriate and recruit a high-performing team.

• Provide regular updates to the General Counsel and other senior executives on global privacy program performance risks and mitigation strategies.

Global Privacy Program Management

• Design implement and continuously enhance a global privacy program aligned with international laws and best practices.

• Ensure alignment of the privacy program with the companys overall compliance framework and enterprise risk management approach.

• Ensure compliance with global privacy and data protection regulations including GDPR UK GDPR HIPAA CCPA/CPRA and other applicable international and local laws.

• Oversee Data Privacy Impact Assessments (DPIAs) cross-border data transfer mechanisms and global risk assessments.

• Monitor and report on privacy metrics trends and program effectiveness across regions.

Clinical and Commercialization Data-Driven Activities

• Serve as the primary privacy lead for all clinical trial-related activities including data collected from clinical sites investigators and patients.

• Partner with R&D and clinical teams to ensure compliant handling of sensitive clinical and health data.

• Collaborate with Commercialization teams to advise on processes controls and risks related to data-driven activities including analytics digital initiatives and commercialization strategies.

Operational Integration

• Embed privacy-by-design and privacy-by-default principles into systems products and business processes globally.

• Partner cross-functionally with Compliance Legal IT Security R&D HR and Commercial teams across regions.

• Support global initiatives involving sensitive data including clinical digital and analytics-driven programs.

• Work closely with HR and Information Security (IS) to address employee and internal data privacy matters including monitoring investigations and governance of workforce data.

Risk Management Investigations & Incident Response

• Lead or oversee global privacy incident response including breach assessment notification and remediation across jurisdictions.

• Lead and/or oversee privacy-related investigations including internal reviews and regulatory-driven inquiries.

• Collaborate with Compliance and Information Security to ensure consistent global controls and preparedness.

• Identify assess and mitigate global privacy risks in alignment with enterprise risk management priorities.

Regulatory & External Engagement Third-party & Contractual Oversight

• Serve as a key point of contact for global data protection authorities and regulators in coordination with Compliance and Legal.

• Support global regulatory inquiries audits and inspections related to privacy.

• Oversee global privacy due diligence and risk management for third-party vendors and partners.

• Own and maintain privacy-related standards across the organization including templates and playbooks.

• Review negotiate or oversee negotiation of privacy and data protection terms in contracts including data processing agreements (DPAs) standard contractual clauses (SCCs) and related provisions.

• Ensure consistent and appropriate privacy language across all contractual forms and third-party engagements.

Training Culture & Awareness

• Develop and deliver global privacy training and awareness programs aligned with compliance initiatives.

• Promote a culture of privacy ethics and accountability across all geographies.

• Partner with Compliance to integrate privacy into Code of Conduct global policies and enterprise training programs.

Required Skills Experience and Education:

• Juris Doctor (JD); active bar membership a plus.

• Privacy certifications (e.g. CIPP/E CIPP/US CIPM CIPT).

• 15 years of experience in privacy data protection legal compliance or risk management

• Significant experience managing or leading global privacy programs in multi-jurisdictional environments.

• Experience in regulated industries (e.g. biotech pharmaceutical healthcare or technology) preferred.

• Deep knowledge of global privacy regulations and frameworks (e.g. GDPR UK GDPR HIPAA CCPA/CPRA and other international laws).

• Experience with cross-border data transfers data localization requirements and global data governance.

• Strong understanding of privacy risk assessments data lifecycle management and compliance program integration.

• Familiarity with emerging areas such as AI/ML governance digital health and global data strategy.

• Ability to influence senior leadership and drive global cross-functional initiatives.

• Strong strategic thinking with practical business-oriented judgment.

• Excellent communication and stakeholder management skills across diverse geographies.

• Proven ability to lead teams and operate effectively in a matrixed global organization.

• Strong organizational and project management capabilities.

  #LI-Hybrid #LI-YG1

We are aware of recent recruitment scams in which individuals or organizations falsely represent themselves as being affiliated with Revolution Medicines. These scams may appear as false job advertisements or unsolicited contacts through communication or chat platforms email phone or text message.

Please note that Revolution Medicines does not extend unsolicited employment offers and will never ask candidates to provide financial information purchase equipment or pay fees as part of the hiring process. All legitimate communication from Revolution Medicines will come from an official @ email address.

If you believe youve been contacted by someone impersonating a Revolution Medicines recruiter please report it to so we can share these impersonations with our IT team for tracking and awareness.