Senior Manager, Privacy Operations (Legal)

The Senior Manager, Privacy Operations will be responsible for implementing, operationalizing, and continuously improving Corcept’s global privacy program. This role will translate legal and regulatory privacy requirements into practical, scalable, and auditable operational processes across the organization.

The role requires close collaboration with IT, HR, Clinical, Commercial, Drug Safety, and Quality functions to ensure that privacy requirements are embedded into day‑to‑day business activities, systems, and vendor relationships. The ideal candidate combines strong privacy program management experience with the ability to work hands‑on in a regulated pharmaceutical environment. The role also offers the opportunity to support broader compliance topics.

This is a hybrid position typically requiring on-site presence 3 days per week.

This role reports to the Sr. Director, Legal & Privacy.

Responsibilities:

Privacy Program Operations

• Implement and maintain the Corcept’s privacy program, including policies, guidelines, and work instructions
• Operationalize privacy requirements under applicable data protection laws (e.g., GDPR, UK GDPR, CCPA, U.S. state privacy laws, and other global regulations)
• Maintain records of processing activities (RoPA), data inventories, and supporting documentation
• Support privacy‑by‑design principles in business processes and systems

Data Subject Rights & Incident Management

• Own and manage the intake, tracking, and fulfillment of data subject rights requests (DSARs), including access, deletion, correction, and objection requests
• Support privacy incident and breach response activities, including intake, triage, investigation support, documentation, and remediation tracking
• Coordinate with internal stakeholders to ensure timely, accurate, and well documented responses within statutory deadlines

Privacy Risk Management

• Coordinate and perform privacy impact assessments / data protection impact assessments (PIAs/DPIAs) in collaboration with IT and business teams
• Identify operational privacy risks and recommend mitigation strategies
• Support internal audits, inspections, and regulatory inquiries related to privacy

Vendor Privacy Support

• Support vendor privacy due diligence and onboarding processes, including privacy questionnaires and risk assessments
• Assist with the operational implementation of data processing agreements and privacy‑related contractual requirements
• Track and monitor privacy obligations applicable to vendors

Training, Awareness & Enablement

• Develop and deliver role‑based privacy training and awareness materials
• Act as a point of contact for business teams on operational privacy questions
• Promote a culture of privacy, accountability, and data protection across the organization

Reporting & Continuous Improvement

• Track and report on privacy metrics and key performance indicators (KPIs)
• Identify opportunities to streamline and automate privacy processes and workflows
• Monitor regulatory developments and recommend operational enhancements as needed

Preferred Skills, Qualifications and Technical Proficiencies:

• Hands‑on experience operationalizing privacy programs in a regulated environment, preferably pharmaceuticals, biotech, or life sciences
• Strong working knowledge of global privacy frameworks, including GDPR, CCPA and U.S. privacy laws
• Demonstrated experience managing DSARs, PIAs/DPIAs, and privacy incident workflows
• Familiarity with Privacy management and workflow tools (e.g., OneTrust or similar platforms), Data mapping, RoPA, and DSAR management tools
• Familiarity with information security and IT concepts (e.g., access controls, encryption, data lifecycle management)
• Proficiency with Microsoft 365 tools (Excel, Word, PowerPoint, Teams) for documentation and reporting
• Ability to translate legal requirements into clear, practical operational processes
• Strong project management, organizational, and documentation skills
• Excellent communication skills with the ability to work effectively across legal, technical, and business teams

Preferred Education and Experience:

• 7+ years of experience in privacy and data protection, preferably in the pharmaceutical/biotech/life sciences industry
• Bachelor’s degree required
• Relevant privacy or compliance certifications preferred, such as:
  • Certified Information Privacy Manager (CIPM)
  • Certified Information Privacy Professional (CIPP/US, CIPP/E, or equivalent)

The pay range that the Company reasonably expects to pay for this headquarters-based position is $193,770 – $227,880; the pay ultimately offered may vary based on legitimate considerations, including geographic location, job-related knowledge, skills, experience, and education.

 Applicants must be currently authorized to work in the United States on a full-time basis.