Johnson & Johnson logo

Privacy Manager

Johnson & Johnson
1 hour ago
Full-time
On-site
Madrid, Community of Madrid, Spain
Manager

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at jnj.com.

As guided by Our Credo, Johnson & Johnson is responsible to our employees who work with us throughout the world. We provide an inclusive work environment where each person is considered as an individual. At Johnson & Johnson, we respect the diversity and dignity of our employees and recognize their merit.

Job Function:

Legal & Compliance

Job Sub Function:

Enterprise Compliance

Job Category:

Professional

All Job Posting Locations:

Madrid, Spain

Job Description:

An internal pre-identified candidate for consideration has been identified. However, all applications will be considered.

Position Summary

We are hiring a Privacy Manager to support the organization’s workplace privacy program, with a focus on privacy risk assessments, compliance documentation, regulatory monitoring, and providing strategic privacy guidance to Global Corporate Functions for workplace-related processing of personal data (including applicants, employees, contingent workers, and retirees). This role helps maintain and continuously improve workplace privacy processes across the enterprise, ensuring risks are identified, documented, reviewed, and addressed in line with applicable privacy requirements.

The Privacy Manager will coordinate and execute workplace privacy assessments, maintain privacy records and inventories, track compliance actions, and support recurring and ad-hoc reviews of workplace data processing. The role requires knowledge / awareness of relevant laws and regulatory guidance that is used to support periodic validation and refresh of assessments, documentation, and guidance materials as requirements and business practices evolve.

This role is suited to being a detail-oriented, organized, and collaborative professional who is comfortable working in a regulated, fast-changing environment. The successful candidate will be able to interpret requirements, apply internal privacy processes, and communicate clearly with cross-functional stakeholders, including when assumptions and guidance need to be revisited.

 

Major Duties & Responsibilities

Workplace Privacy Risk Assessments & Program Execution

  • Support and administer workplace privacy risk assessments (including Compliance Analysis, DPIAs, PIAs, and internal privacy reviews) for Corporate Functions projects involving personal data across the employee lifecycle, from job applicants through retired employees, focusing on governance, transparency, and proportionate processing (not employee performance monitoring).
  • Identify, document, and track privacy risks related to the collection, use, storage, sharing, access, and retention of workplace personal data, ensuring issues are logged, assigned, and followed through to remediation.
  • Create and maintain detailed records of processing activities and related assessment documentation to support audit readiness, program transparency, and ongoing compliance.

Cross‑Functional Coordination & Stakeholder Engagement

  • Coordinate with cross‑functional stakeholders across Privacy, Legal, HR, IT, InfoSec, and Corporate Functions to gather inputs, validate materials, and ensure consistent implementation of workplace privacy requirements.
  • Support escalation of complex or high‑risk issues by assembling structured analysis, relevant documentation, and regulatory context for review by senior Privacy leadership.

Privacy Documentation, Policies & Governance

  • Create, review, and update workplace privacy policies, procedures, and internal guidance to ensure alignment with applicable legal requirements and evolving best practices.
  • Maintain and update administrative privacy materials, including assessment templates, compliance trackers, issue logs, inventories, and program documentation supporting workplace privacy operations.
  • Ensure consistent application of privacy processes and standards across Corporate Functions through documented workflows and governance practices.

 

Legal Research, Regulatory Monitoring & Compliance Mapping

  • Conduct and support legal research on global and regional privacy laws and regulatory guidance applicable to workplace data processing (e.g., GDPR, UK GDPR, CCPA/CPRA, HIPAA, LGPD, PDPA, PIPL), with a focus on employee and internal data.
  • Perform compliance analysis and regulatory mapping to assess how workplace data processing aligns with legal requirements, including lawful basis, transparency, employee notice obligations, monitoring limitations, data minimization, retention, and cross‑border transfers.
  • Work with Privacy Market Surveillance to monitor regulatory developments, enforcement trends, and guidance impacting workplace privacy and support the annual and ad‑hoc validation of privacy assessments, assumptions, and compliance positions from the changing regulatory landscape.
  • Prepare concise internal summaries, research memos, and guidance for the Corporate Functions Legal Pillar and Privacy team to support informed decision‑making.

 

Other Duties

Demonstrate the ability to exercise sound judgment and make decisions with an appropriate level of autonomy, while escalating issues as needed.

Required Minimum Education: Bachelor’s degree or equivalent

Years Required of Related Experience: Significant relevant experience (typically 8+ years), or an equivalent combination of education and experience.

Required Knowledge, Skills and Abilities:

  • Proven experience in privacy, data protection, or related roles.
  • Knowledge of privacy laws and frameworks such as GDPR and key U.S. state privacy laws (e.g., CCPA/CPRA), as applicable to a global company.
  • Strong technical, analytical, communication, and problem-solving skills.
  • Professional proficiency in English (written and spoken) to collaborate with global stakeholders.

Travel on the Job: May require domestic and international travel as needed for the role.

Preferred Knowledge, Skills and Abilities:

  • Team player with collaborative skills.
  • Communicative, self-starter with strong interpersonal, analytical and organizational skills.
  • Strong ethical behavior, with the ability to remain impartial and report all non-compliance to Director.
  • Ability to independently develop solutions that generate value through partnerships while ensuring compliance.
  • Mindset of curiosity and interest in creative ways of doing things.
  • Ability to enable innovation in use of employee data while providing a practical, risk-based approach to required privacy controls; ability to manage confidential and sensitive information pertaining to the workplace.

 

Key Working Relationships

Internal

Stakeholders and requestors across the organization in relation to workplace personal data (from applicants through to retirees).

External

N/A

Supervisory Responsibilities

Trains employees

 

 

Required Skills:

 

 

Preferred Skills:

Audit and Compliance Trends, Coaching, Compliance Management, Compliance Policies, Compliance Risk, Confidentiality, Consulting, Controls Compliance, Developing Others, Internal Auditing, Investigation Techniques, Legal Function, Legal Services, Policy Development, Process Improvements, Tactical Planning, Technical Credibility

  

 

The anticipated base pay range for this position is:

€61 800,00 - €106 260,00

 

 

Benefits:

In addition to base pay, we offer the following benefits*: an annual bonus with set target (% of pay) depending on pay grade / location, where the actual amount is based on the employees’ and companies’ performance of the previous calendar year, or sales commissions. Moreover, we offer vacation days, parental leave for a minimum of 12 weeks, bereavement leave, caregiver leave, volunteer leave, well-being reimbursement, programs for financial, physical and mental health. We also offer service anniversary and recognition awards, and subject to the terms of their respective plans, employees - and in some location’s eligible dependents - can participate in several insurance plans. For more information, visit Employee benefits | Supporting well-being & career growth | Johnson & Johnson Careers.

 

*This is for informative purposes only. Amounts and actual benefits may vary by location and are subject to change.