Associate Director, Privacy

Accepting BioReady™: Yes
Category: Legal / Intellectual Property
Education: Master
Employer: Zymeworks Inc.
Location: Vancouver, BC
Posted: October 16, 2020
Closes: November 15, 2020

Zymeworks is a clinical-stage biopharmaceutical company dedicated to the discovery, development and commercialization of next-generation bispecific and multifunctional biotherapeutics.  Zymeworks’ suite of complementary therapeutic platforms and its fully-integrated drug development engine provide the flexibility and compatibility to precisely engineer and develop highly-differentiated product candidates.

This position will be located in Vancouver, BC and Seattle, WA and will report to the Vice President, Legal.

Key Responsibilities: 

  • Participates in the strategic development, long-term direction and continuous improvement of Zymeworks’ company-wide data privacy program.
  • Partners with stakeholders throughout the organization to instill the importance of privacy requirements and safeguards.
  • Serves as a privacy subject matter expert to the organization and provides strategic and practical counsel to internal stakeholders on privacy and data governance principles and requirements.
  • Acts as an escalation point for negotiation, drafting and review of privacy and data processing contract terms.
  • Interfaces with contract research organization (CRO) privacy representatives, external counsel and external privacy vendors on program development and infrastructure.
  • Participates in vendor due diligence assessments to evaluate data privacy risk.
  • Executes program initiatives to ensure that the right privacy controls and processes are documented, adopted and implemented to promote compliance with privacy laws, regulations, policies and procedures.
  • Conducts and provides guidance to stakeholders on privacy impact assessments.
  • Reviews assessments to identify potential privacy-related risks and gaps in compliance.
  • Provides expertise in the management and investigation of privacy incidents or complaints, taking a proactive approach to risk remediation and supporting stakeholders in assessing risks and identifying solutions.
  • Investigates and takes appropriate action with respect to privacy complaints regarding access to personal/confidential information.
  • Monitors relevant privacy and data protection laws and enforcement activities to ensure ongoing compliance, track emerging risks and assist with policy creation and other program materials.
  • Participates in the development, maintenance and delivery of training, education, communication and awareness materials.
  • Drafts and maintains policies, processes and other documentation (e.g., checklists, guidelines, FAQs) to ensure consistent, relevant and up-to-date guidance is available to stakeholders according to operational needs, current laws, industry trends and emerging best practices.
  • Establishes best practices in the inventory and mapping of data flows and business processes.
  • Maintains expertise in areas of applicable global privacy and data protection laws (including GDPR, PIPEDA, ePrivacy Directive, PIPA, CCPA and HIPAA), regulatory guidance and enforcement actions.
  • Contributes to the improvement of standard forms of agreements, alternate language playbooks, and internal resource documents with respect to privacy and data processing matters.
  • Participates in special projects and perform other duties as needed.

Education and Experience:

  • JD degree and a minimum of 8 years’ related experience, preferably including both law firm and in-house experience supporting the privacy functions at a biotechnology/ pharmaceutical company, or an equivalent combination of education and experience.
  • Member in good standing of a Canadian or U.S. state bar (depending on location), preferably the British Columbia or Washington State bar, respectively.
  • Completion of an Information Access and/or Protection of Privacy Certificate Program or other related certifications is an asset ( i.e., CIPP/C, CIPT or CIPM).

Skills and Abilities:

  • Hands on, practical experience in implementing data privacy programs.
  • Demonstrated experience in providing regulatory and policy advice in the areas of data protection and privacy law, particularly within the biotechnology/ pharmaceutical industry.
  • Expert knowledge of data protection and information security laws, rules and regulations in the US and globally, including GDPR, PIPEDA, PIPA, CCPA and HIPAA, as well as industry-leading privacy and data protection practices and standards.
  • Knowledge of and experience with data security, data breach and data loss prevention processes, tools and statutes.
  • Experience with FDA regulatory issues related to data security and privacy, including government requirements for compliance programs, preferred.
  • Able to translate complex rules and regulations into straightforward requirements that are easily understood by stakeholders.
  • Experience and interest in gaining a detailed understanding of how data is gathered, where it resides, how it is used.
  • Ability to apply critical thinking to program objectives, evaluate and document the tasks needed to achieve objectives, create actionable workplans and oversee to completion.
  • Comfortable proactively interfacing with stakeholders at all levels.
  • Awareness for escalating issues when appropriate.
  • Efficient, focused and pragmatic, offering quality practical legal advice and strategic solutions.
  • Proven interpersonal skills with the ability to work collaboratively as a member of a cross-functional team. Ability to establish and maintain effective working relationships.
  • Strong leadership skills with the proven ability to manage, develop and empower employees.
  • Excellent organizational skills and the ability to manage competing priorities and concurrent deliverables and work effectively in a challenging, milestone-driven environment.
  • Ability to think and act strategically, anticipate roadblocks and map out next steps.
  • Sound business acumen with a practical, results-oriented management style that can translate innovative, creative strategies and conceptual thinking into action plans.
  • Demonstrated high level of integrity and ethics.
  • Extremely strong written and oral communication and presentation skills.
  • Positive, can-do attitude.

Why Work for Us? 

At Zymeworks, we stand for innovation, integrity, collaboration and care.  

Zymeworks’ employees are passionate, engaged and extremely motivated to succeed.  We are excited by the cutting-edge science and technology, the endless possibilities this union holds and the sheer opportunity to be a part of something big. To learn more about Zymeworks Inc. and our current openings, please visit our website at 

We offer challenging career opportunities, competitive benefits and an environment that recognizes and rewards performance. 

How to Apply 

If you are interested in this challenging opportunity, please apply online at Due to the high volume of applicants, only those selected for interviews will be contacted. 

NOTE TO EMPLOYMENT AGENCIES: Zymeworks values our relationships with our Recruitment Partners. We will only accept resumes from those partners whom have been contracted by a member of our Human Resources team to collaborate with us. Zymeworks is not responsible for any fees related to resumes that are unsolicited or are received without contract. 

Apply Now