Senior Analyst, Data Privacy and Protection, IT ...

Description Lantheus is headquartered in Bedford, Massachusetts with offices also in Billerica as well as in Canada and Sweden. For more than 60 years, Lantheus has been instrumental in pioneering the field of medical imaging and has helped physicians enhance patient care with our broad product portfolio. Lantheus is an entrepreneurial, agile, growing organization that provides innovative diagnostics, targeted therapeutics, and artificial intelligence (AI) solutions that empower clinicians to find, fight and follow disease. Lantheus is in search of a Senior Analyst, Data Privacy and Protection, IT Operations with experience in the US pharmaceutical industry to help support the IT Security and Ethics & Compliance functions with cross-functional operational execution of company-wide data privacy and protection initiatives to ensure the confidentiality, integrity, and availability of both personal and sensitive corporate data. This role involves the configuration and management of our systems to comply with global data privacy and protection regulations and assisting with the proactive management of our diverse data assets. Safeguarding the information that is the cornerstone of our innovative work is critical for maintaining the trust of our patients, partners, and stakeholders. At Lantheus our purpose and values guide our behaviors in all interactions and play a vital role in creating a dynamic environment that contributes to our success. Every employee is crucial to our success, we respect one another and act as one knowing that someone's health is in our hands. We believe in helping people be their best and are seeking to bring together a diverse group of individuals with different viewpoints and skills sets to be a part of a productive and inclusive team while actively promoting an organizational culture that encourages ethical and law-abiding conduct. Essential Responsibilities Support the Ethics & Compliance Data Privacy team to operationalize the Company's company-wide data privacy and protection strategy, management framework, and initiatives to ensure the confidentiality, integrity, and availability of both personal and sensitive corporate data by implementing necessary technical controls. Oversee the configuration and management of data privacy and protection tools and related measures within our systems, ensuring compliance with global data privacy and data protection regulations, and safeguarding sensitive corporate data, including intellectual property. Collaborate with Ethics & Compliance Data Privacy team to support data protection policies that align with Lantheus's innovative and patient-focused approach by implementing necessary technical controls. Collaborate with Ethics & Compliance Data Privacy team to support education and training for employees on data handling protocols, emphasizing the protection of sensitive health-related information and Corporate assets. Collaborate with cross-functional teams to support major new initiatives as a "Privacy Architect" by building the Data Flow Diagrams (DFDs) and inventories of Data Elements and Processing. Supporting relevant assessments for the Privacy program (e.g., Performing Privacy Impact Assessments (PIA) as appropriate for any new processes or systems that will touch Privacy data and when the "privacy risk threshold" is exceeded, performing Data Protection Impact Assessments (DPIA) as appropriate for those proposed new processes or systems) Support the Ethics & Compliance Data Privacy team with pulling together information from disparate sources, either manually or via the Lantheus Data Privacy Tool to comply with Data Subject Access Requests (DSARs). Operating our system of record for Privacy Operations by maintaining the inventory of Privacy data (PI, PII, PHI, PCI) that we handle, collect, process, etc. and maintaining the actual records of processing activities (ROPA) for each system that handles PI/PII/etc. Stay abreast of emerging threats and advancements in data protection technology to continuously enhance Lantheus's security posture. Maintain awareness of existing and evolving privacy legislation, regulations, frameworks, and other marketplace/industry dynamics relevant to Lantheus and its industry, business, and operations to determine the practical effects on and requirements for Lantheus programs, policies, communications, and training needs. Act as a change agent encouraging an environment that employs accountability, collaboration and trust while fostering teamwork and execution. Actively demonstrate the Lantheus values of helping people be their best; respecting one another and acting as one; owning the solution and making it happen; learning, adapting, and winning; knowing someone's health is in our hands. Ability to be flexible and adaptable to changes. Must feel comfortable in creating new processes and grow with organizational and regulatory changes. Professional Experience / Qualifications Minimum 5-10 years in Privacy and/or other related experience, and experience preferred in Biotech/Pharmaceuticals. Foundational understanding of key elements required for a Privacy program, HITRUST certification and/or experience with SOC 2 "Privacy" Trust Services Criteria (TSC) a plus A./B.S. degree or equivalent in a related field required (advanced degree preferred). International Association of Privacy Professionals (IAPP) certifications such as Certified Information Privacy Technologist (CIPT) or Manager (CIPM) preferred Knowledge of and experience with laws, regulations, and industry guidance that affect the pharmaceutical industry including the U.S. Privacy Act, Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA) and GDPR. Experience in document management and process flow creation. Capabilities / Competencies Lantheus is also looking for the right fit for its Management team and the Company, which means the successful candidate must also have: A passion for performing meaningful work that impacts patients' lives; The highest integrity and sound judgment; Interpersonal skills and a collaborative style; An ability to escalate issues appropriately; Confidence navigating a highly regulated, public company environment; Strong reasoning skills and a creative, pragmatic, solution-oriented and cross-functional problem-solving approach; Strong oral and written communication skills; An innate and unshakable sense of ownership; An astute resourcefulness with which to attack unfamiliar legal and regulatory frameworks and business problems efficiently and effectively; A proactive, entrepreneurial mindset and a willingness to "roll up your sleeves" to get the job done; A serious interest in developing and implementing cross-functional process improvement initiatives; A passion, curiosity, receptiveness and capacity to learn about the Company, its complex and evolving businesses and industry, the underlying clinical use of its products, and the sale, delivery and use of its products within the healthcare system; and An ability to set and manage multiple, constantly-changing, sometimes conflicting priorities in a dynamic, fast-paced environment. Other Requirements This position is intended to be hybrid, with an expectation of working out of the Company's Bedford, Massachusetts executive offices 3 days per week (or more) and as otherwise necessary. Periodic travel to other Company sites and events will be required. For more information, please visit

Created: 2024-11-05