Solventum
Senior Managing Counsel, Privacy & Cybersecurity (Americas)
Solventum, Eden Prairie, Minnesota, United States, 55344
Senior Managing Counsel, Privacy & Cybersecurity (Americas)
Senior Managing Counsel, Privacy & Cybersecurity (USAC & LATAM) will lead the legal support for privacy and cybersecurity efforts across the company’s USAC and LATAM operations. The role involves advising and collaborating with IT, cybersecurity, business and functional teams, and external partners to manage legal risks related to data security and privacy, strengthen the company's security posture, ensure compliance, and oversee security and compliance assessments across applications, processes, products, and vendors.
Base Pay Range $207,348 /yr – $253,425 /yr
Responsibilities
Provide expert legal counsel to Privacy and Cybersecurity teams to ensure compliance with contractual commitments and regulatory obligations related to data privacy and security.
Conduct privacy and data protection impact assessments to ensure sensitive health data is used in compliance with privacy regulations and contractual rights.
Advise cybersecurity teams on incident response and investigations, ensuring proper documentation to minimize risks, protect privacy, and fulfill legal obligations during and after security incidents.
Collaborate with Procurement and business contracting teams to draft, negotiate, and maintain privacy/data protection terms in contracts and agreements.
Lead the company’s legal response to product vulnerabilities, information security breaches, and cyber events, including advising on regulatory notifications at federal, state, and international levels.
Counsel IT operations, security teams, and business units on developing and implementing cybersecurity plans, incident response strategies, and compliance with industry standards and regulations.
Work closely with Cybersecurity, Procurement, and Legal teams to manage third‑party risks, including creating contract templates, negotiation frameworks, and advising on third‑party audits and assessments.
Advise on the de‑identification, pseudonymization, and anonymization of sensitive health data.
Provide guidance to business and product teams on data handling requirements based on sensitivity and compliance standards.
Implement “privacy by design” principles in product development processes and contribute to product risk assessments.
Stay informed on emerging global regulatory requirements impacting data privacy and security and advise the business accordingly.
Develop and provide legal content for privacy training programs, awareness campaigns, and compliance with sensitive health information handling requirements.
Qualifications
Juris Doctor (JD) from an accredited law school or Law degree.
Eight (8) years of experience in data privacy and cybersecurity law, ideally within the life sciences, healthcare, medical devices, or similarly regulated industries.
Expertise in U.S. data privacy laws and regulations, including HIPAA and U.S. state consumer privacy laws (e.g., CCPA, CPA).
Expertise in advising on cybersecurity, including product vulnerability, incident response, and legal obligations arising from privacy and security incidents.
Experience in advising on cybersecurity standards such as PCI DSS, the NIST Cybersecurity Framework, and the NIS2 Directive.
Additional Qualifications
Experience with Canadian and LATAM data privacy laws and regulations, including LGPD, PIPEDA, and the Privacy Act.
Familiarity with medical device regulations (FDA, FD&C Act) related to data privacy and security.
Experience managing HIPAA compliance programs and addressing legal issues related to health data.
Experience working with IT systems, data management, and collaborating with technical teams and senior leadership.
Excellent written, verbal, and presentation skills, with the ability to communicate complex legal matters clearly to non‑legal stakeholders.
Strong analytical and strategic thinking skills.
Highly organized, detail‑oriented, and committed to maintaining high ethical standards and professionalism.
Proven ability to prioritize multiple projects and work under tight deadlines in a fast‑paced, dynamic environment.
Expertise in global data privacy laws (including GDPR) and AI laws (including EU AI Act).
Relevant privacy and cybersecurity certifications (e.g., CIPP/US, AIGP, CIPP/E, CHPS).
Extensive experience in negotiating and drafting technology transactions and data protection agreements with customers, vendors, and partners.
Ability to manage legal and regulatory compliance across diverse frameworks.
Proven leadership skills with the ability to engage internal stakeholders and lead significant projects.
Work Location Remote – United States
Travel May include up to 20% domestic travel.
Relocation Assistance Not authorized.
Legal Requirements Must be legally authorized to work in the country of employment without sponsorship for employment visa status (e.g., H1B status).
Benefits Solventum offers a competitive package that includes medical, dental, vision, health savings accounts, disability benefits, life insurance, voluntary benefits, paid absences, and retirement benefits.
EEO Statement Solventum is an equal opportunity employer. Solventum will not discriminate against any applicant for employment on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or veteran status.
#J-18808-Ljbffr
Base Pay Range $207,348 /yr – $253,425 /yr
Responsibilities
Provide expert legal counsel to Privacy and Cybersecurity teams to ensure compliance with contractual commitments and regulatory obligations related to data privacy and security.
Conduct privacy and data protection impact assessments to ensure sensitive health data is used in compliance with privacy regulations and contractual rights.
Advise cybersecurity teams on incident response and investigations, ensuring proper documentation to minimize risks, protect privacy, and fulfill legal obligations during and after security incidents.
Collaborate with Procurement and business contracting teams to draft, negotiate, and maintain privacy/data protection terms in contracts and agreements.
Lead the company’s legal response to product vulnerabilities, information security breaches, and cyber events, including advising on regulatory notifications at federal, state, and international levels.
Counsel IT operations, security teams, and business units on developing and implementing cybersecurity plans, incident response strategies, and compliance with industry standards and regulations.
Work closely with Cybersecurity, Procurement, and Legal teams to manage third‑party risks, including creating contract templates, negotiation frameworks, and advising on third‑party audits and assessments.
Advise on the de‑identification, pseudonymization, and anonymization of sensitive health data.
Provide guidance to business and product teams on data handling requirements based on sensitivity and compliance standards.
Implement “privacy by design” principles in product development processes and contribute to product risk assessments.
Stay informed on emerging global regulatory requirements impacting data privacy and security and advise the business accordingly.
Develop and provide legal content for privacy training programs, awareness campaigns, and compliance with sensitive health information handling requirements.
Qualifications
Juris Doctor (JD) from an accredited law school or Law degree.
Eight (8) years of experience in data privacy and cybersecurity law, ideally within the life sciences, healthcare, medical devices, or similarly regulated industries.
Expertise in U.S. data privacy laws and regulations, including HIPAA and U.S. state consumer privacy laws (e.g., CCPA, CPA).
Expertise in advising on cybersecurity, including product vulnerability, incident response, and legal obligations arising from privacy and security incidents.
Experience in advising on cybersecurity standards such as PCI DSS, the NIST Cybersecurity Framework, and the NIS2 Directive.
Additional Qualifications
Experience with Canadian and LATAM data privacy laws and regulations, including LGPD, PIPEDA, and the Privacy Act.
Familiarity with medical device regulations (FDA, FD&C Act) related to data privacy and security.
Experience managing HIPAA compliance programs and addressing legal issues related to health data.
Experience working with IT systems, data management, and collaborating with technical teams and senior leadership.
Excellent written, verbal, and presentation skills, with the ability to communicate complex legal matters clearly to non‑legal stakeholders.
Strong analytical and strategic thinking skills.
Highly organized, detail‑oriented, and committed to maintaining high ethical standards and professionalism.
Proven ability to prioritize multiple projects and work under tight deadlines in a fast‑paced, dynamic environment.
Expertise in global data privacy laws (including GDPR) and AI laws (including EU AI Act).
Relevant privacy and cybersecurity certifications (e.g., CIPP/US, AIGP, CIPP/E, CHPS).
Extensive experience in negotiating and drafting technology transactions and data protection agreements with customers, vendors, and partners.
Ability to manage legal and regulatory compliance across diverse frameworks.
Proven leadership skills with the ability to engage internal stakeholders and lead significant projects.
Work Location Remote – United States
Travel May include up to 20% domestic travel.
Relocation Assistance Not authorized.
Legal Requirements Must be legally authorized to work in the country of employment without sponsorship for employment visa status (e.g., H1B status).
Benefits Solventum offers a competitive package that includes medical, dental, vision, health savings accounts, disability benefits, life insurance, voluntary benefits, paid absences, and retirement benefits.
EEO Statement Solventum is an equal opportunity employer. Solventum will not discriminate against any applicant for employment on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or veteran status.
#J-18808-Ljbffr