Director, Privacy R&D and CPO
Location: Belgium-Wavre, UK – London – New Oxford Street
Posted Date: Oct 24 2025
Job Purpose: A Director Privacy for R&D/CPO ensures compliance with global data protection laws like GDPR and HIPAA. They mitigate privacy risks and safeguard sensitive health data to ensure patient privacy rights are respected and to avoid legal and reputational damage. The role fosters study participants trust by ensuring confidentiality and ethical data handling in research. They oversee data governance, ensuring secure and appropriate use of information. The Director provides strategic guidance in product development, partnerships, and mergers, integrating privacy into innovation. They lead training initiatives to build a privacy‑conscious organizational culture across R&D and CPO. The role enhances security and supports digital health initiatives, ultimately protecting both the company and patient interests in a highly regulated sector.
The role will also have line management responsibilities and reports to the Head of Bioethics and CMO Oversight.
Key Responsibilities
* Develop and implement a strategy to ensure Privacy by Design into R&D & CPO processes, including completing new or adjusting existing privacy inventories and/or privacy risk assessments and implementing mitigating controls.
* Oversee the privacy strategy to ensure timely creation and review of existing R&D & CPO privacy inventories and privacy impact assessments, identify gaps, assign appropriate actions, and track actions to completion.
* Support the design of privacy‑related training for R&D & CPO staff to foster a privacy by design culture.
* Analyze and implement process changes required to enhance R&D/CPO Privacy framework.
* Maintain ongoing communication with relevant LOC stakeholders, Privacy Legal, Data Privacy Officer and enterprise risk, ensuring continued alignment between global and local R&D/CPO Privacy processes.
* Coordinate efforts with the privacy lead to respond to Data Privacy Regulators in the event of Data Privacy Breaches; monitor frequency and resolution of breach and implement remediation strategy to avoid recurrence.
* Coordinate privacy lead responses to Individual Rights Management requests, ensuring engaging the right R&D stakeholders in information collection.
* Oversee and ensure adequate privacy expertise related to data and human biological sample reuse (including support to the DSAP panel).
* Create and maintain R&D/CPO’s approach to the GSK Privacy Enterprise Risk Plan and maintain ongoing communication with Privacy professionals in other GSK business areas and the R&D/CPO privacy champion network.
* Provide Risk Management expertise and oversight for R&D/CPO Privacy covering all therapy areas with global-regional-local span.
* Collaborate with GSK Enterprise Risk Owner, R&D Enterprise Risk Owner, and Risks Council Business members to define R&D’s risk strategy, appetite, and approach to embed, assess and enhance internal control framework maturity.
* Lead the review of R&D/CPO risks and update the Risk Register with privacy leaders; perform risk assessments related to control deficiencies, root cause analysis, after action reviews, and process detailed reviews.
* Maintain up-to-date knowledge of national and international regulatory legislation and guidelines; utilize intelligence for continuous improvement of internal control framework of business processes relevant to enterprise risk.
* Educate, guide and influence GSK management and staff on best quality and compliance policy and practices, especially as they relate to identified responsibilities.
* Support the development, management, and implementation of processes and job aids specific to Privacy to support effective management of Regulatory Inspections and Issue Investigations across GSK R&D/CPO.
Basic Qualifications
* Expertise in essential regulation guidelines and medical governance policies and procedures applicable to R&D.
* Broad scientific/pharmaceutical industry background with more than 10 years of experience in privacy EU and ex EU.
* Previous experience implementing/embedding Privacy risk controls into a worldwide organization.
* Proven success in developing and executing activities that improve the application of the internal control framework.
* Good understanding of privacy regulatory framework.
* Relevant experience in governance type activities with understanding of the R&D, medical, commercial and compliance functions.
Preferred Qualifications
* Accreditation/qualification in Privacy.
* Strong bioethical mindset and ability to evaluate complex cases, leverage various bioethical options in autonomy.
* Ability to incorporate strategy & organizational considerations and operationalize them.
* Performance and results driven with proven sense of urgency.
* Excellent English language communication and negotiation skills.
* Excellent presentation and facilitation skills, ability to influence senior leaders and external experts.
* Ability to resolve problems using knowledge, information and networks in a flexible way within a matrix environment.
* Self‑motivated; can work independently and build credibility with colleagues inside and outside GSK.
* Act as a role model in line with GSK core values and behaviours.
* Comfortable evolving in changing and challenging environment.
* Ability to set directions, lead and motivate a team to deliver in a changing environment; mentoring and coaching staff.
* Risk management or business experience with privacy.
Disability Accommodations
If you have a disability and require assistance during the selection process, please let us know what specific assistance you require so that we can make suitable arrangements.
Why GSK
Uniting science, technology and talent to get ahead of disease together. GSK is a global biopharma company committed to positively impacting the health of 2.5 billion people by the end of the decade. We innovate in specialty medicines, vaccines and focus on respiratory, immunology, oncology, HIV and infectious diseases. We strive to create a workplace where people thrive, focusing on patients, shareholders and our people.
#J-18808-Ljbffr