Senior Counsel, Privacy Law

at Johnson & Johnson
Location New Brunswick, NJ
Date Posted January 26, 2020
Category Default
Job Type Full-time


Johnson & Johnson recruiting for a Senior Counsel, Privacy Law, located in New Brunswick, NJ.


Caring for the world, one person at a time has inspired and united the people of Johnson & Johnson for over 125 years. We embrace research and science -- bringing innovative ideas, products and services to advance the health and well-being of people. Employees of the Johnson & Johnson Family of Companies work with partners in health care to touch the lives of over a billion people every day, throughout the world.


With $81 billion in 2018 sales, Johnson & Johnson is the world's most comprehensive and broadly-based manufacturer of health care products, as well as a provider of related services, for the consumer, pharmaceutical, and medical devices and diagnostics markets. There are more than 265 Johnson & Johnson operating companies employing approximately 126,500 people and with products touching the lives of over a billion people every day, throughout the world.  If you have the talent and desire to touch the world, Johnson & Johnson has the career opportunities to help make it happen.


Thriving on a diverse company culture, celebrating the uniqueness of our employees and committed to inclusion.  Proud to be an equal opportunity employer.


The Senior Counsel, Privacy Law, will support and provide legal advice for compliance with existing and emerging privacy and data protection laws and regulations applicable to business functions across our Pharmaceuticals, Medical Devices, and Consumer sectors within the Johnson & Johnson organization. The position will be responsible for global cross-team collaboration, including coordination with other J&J Law Department colleagues and business clients such as Global Privacy, among others.  The candidate will be expected to perform his/her duties with minimal supervision, and sound judgment and professionalism in a fast-paced and innovative environment. The candidate is expected to remain current with developments and trends in data privacy and data protection laws and regulations of major global markets. 

Job responsibilities include:

  • Provide strategic direction and counsel on proposed business arrangements and help develop innovative approaches and creative solutions to J&J companies to compliantly enable the business operations and goals regarding privacy and data protection laws.
  • Support the development and implementation of effective data privacy practices, aimed at minimizing privacy legal risk and ensuring the confidentiality and integrity of personal data. Develop and implement training to foster awareness of data privacy requirements.  Counsel on privacy risk assessments, when required, and on the practical mitigation of privacy risk.
  • Support cross-functional team in investigations of incidents involving the inappropriate or unauthorized access, loss, modification or disclosure of personal data. 
  • Develop and implement strategies to shape the external privacy landscape to enable the company to advance its mission in support of the research and development of innovative medicines and personalized health care and related programs.
  • Work collaboratively with J&J’s Chief Privacy Officer, Global Privacy colleagues, Law Department colleagues, and other leaders across the J&J enterprise to assure coordinated efforts, share knowledge, and implement best practices relating to data protection and privacy.
  • Support compliant Privacy by Design initiatives across the J&J enterprise.
  • Collaborate with business partners and contracting teams to counsel on and address data privacy issues in contractual arrangements with third parties.
  • Support innovative programs and strategies involving personal data, including digital health, connected devices, and blockchain technologies.


  • A JD degree and U.S. state bar membership in good standing are required. 
  • Certifications preferred: CISSP or CEH.
  • A minimum of 10 years of experience as a practicing attorney, in-house and/or at a law firm, with direct, hands-on experience providing legal counseling on data privacy matters in the healthcare industry.
  • Must be a licensed attorney in good standing in at least one US state or another jurisdiction.
  • Must have substantial experience assessing legal risks relating to data privacy and data protection requirements around the world, and in identifying and advising on practical, compliant ways to mitigate such risks, with minimal supervision. 
  • Must have experience working with senior-level stakeholders and cross-functional teams and achieving results through influence and collaboration.
  • The ability to work effectively in large, matrixed organizations is required.
  • The ability to demonstrate sound judgment and professional demeanor and discretion is required.
  • Experience with technology industry, health industry, and general cyber security and privacy regulations (including, but not limited to, NIST, ISO, SEC Cybersecurity Guidance, U.S. Department of Health and Human Services “Health Industry Cybersecurity Practices,” US HIPAA, HITECH, and EU GDPR) is required.
  • Familiarity with health care and/or technology regulations is preferred.
  • Knowledge of US and EU privacy rules and regulations and the interplay between those rules and regulations, data security and cybersecurity compliance best practices is required.
  • The ability to draft, analyze, and interpret complex data privacy and cyber security proposals and arrangements, and to demonstrate attention to detail for advising for conformity to policies is required.
  • Understanding of technical concepts and familiarity with innovative tools and resources that may impact cybersecurity, data protection, and privacy, such as controls within big data lakes, AI / machine learning, and IoT is required.
  • The ability to communicate and discuss technical concepts at many levels, from IT professionals to those without a background in technology, and experience counseling clients on cybersecurity compliance and data security and privacy risk management is required.
  • The ability to manage multiple tasks concurrently, continuously prioritize and reprioritize multiple competing critical actions and projects to ensure maximum value to the business is required.
  • Must have the ability to manage multi-jurisdictional assignments.
  • Must be detail-oriented, organized, and self-motivated, and able to work independently under time pressures in a fast-paced and evolving legal climate.
  • Must be committed to demonstrating the highest ethical standards in all interactions, including with colleagues, peers, stakeholders, business partners, and external parties.
  • This position is located in New Brunswick, NJ.
  • Up to approximately 20% domestic and international travel may be required.

Primary Location

United States-New Jersey-New Brunswick-


Johnson & Johnson (6067)

Job Function


Requisition ID