Privacy & Compliance Manager

About Us:

How many companies can say they have been in business for over 178 years?!

Here at ZEISS, we certainly can! As the pioneers of science, ZEISS handles the ever-changing environments in a fast-paced world, meeting it with cutting edge technologies and continuous advancements.

ZEISS believes that innovation and technology are the key to a sustainable future and solutions for global change.

We have a diverse range of portfolios throughout the ZEISS family in segments like Industrial Quality & Research, Medical Technology, Consumer Markets and Semiconductor Manufacturing Technology.

We are a global company with over 42,000 employees and have over 4,000 in the US and Canada alone! Make a difference, come join the team!

This position is located in USA, remote in USA with US work authorization needed.

Salary range could be based on location.

What's the role?

The Privacy & Compliance Manager will oversee privacy, data protection, and healthcare transparency compliance for ZEISS's U.S.

Medical Technology businesses ("Meditec").

Reporting to the General Counsel, this role is responsible for the day-to-day operation of Meditec's privacy program while also leading U.S.

federal and state aggregate spend / Open Payments (Sunshine Act) reporting activities.

This position works closely with ZEISS's Corporate Data Protection Office, Compliance Operations, IT and Security, R&D, Product Security, Finance, and external vendors to ensure regulatory compliance, data integrity, and effective risk management across our U.S.

medical device and digital businesses.

Sound Interesting?

Here's what you'll do:


* Oversee the day-to-day operation of Meditec's U.S.

privacy program, including development and maintenance of policies, procedures, training, and privacy governance documentation.


* Lead incident investigation and response, including breach assessment, remediation, and notifications to regulatory agencies and other stakeholders as required.


* Monitor and interpret international, federal, and state privacy and data protection laws (e.g., GDPR, HIPAA, CCPA/CPRA) and ensure Meditec's collection, retention, use, and disclosure of data comply with applicable requirements.


* Conduct routine audits and assessments of privacy and data protection practices; draft reports of findings and present recommendations for technical and operational improvements.


* Lead project management efforts for implementation of new privacy tools, controls, and processes.


* Draft, review and negotiate a broad range of privacy, information security, and product security agreements, including Business Associate Agreements (BAAs), Data Transfer Agreements, customer-supplied questionnaires, and cybersecurity documentation.


* Serve as a subject matter expert on privacy and data protection, providing guidance to product engineering, IT, security, and business teams.


* Act as a liaison with Meditec affiliates and ZEISS Corporate Data Protection Off...