Senior Manager, Privacy Operations (Legal)

The Senior Manager, Privacy Operations will be responsible for implementing, operationalizing, and continuously improving Corcept’s global privacy program. This role will translate legal and regulatory privacy requirements into practical, scalable, and auditable operational processes across the organization.

The role requires close collaboration with IT, HR, Clinical, Commercial, Drug Safety, and Quality functions to ensure that privacy requirements are embedded into day‑to‑day business activities, systems, and vendor relationships. The ideal candidate combines strong privacy program management experience with the ability to work hands‑on in a regulated pharmaceutical environment. The role also offers the opportunity to support broader compliance topics.

This is a hybrid position typically requiring on-site presence 3 days per week.

This role reports to the Sr. Director, Legal & Privacy.

Responsibilities:

Privacy Program Operations

• Implement and maintain the Corcept’s privacy program, including policies, guidelines, and work instructions
• Operationalize privacy requirements under applicable data protection laws (e.g., GDPR, UK GDPR, CCPA, U.S. state privacy laws, and other global regulations)
• Maintain records of processing activities (RoPA), data inventories, and supporting documentation
• Support privacy‑by‑design principles in business processes and systems

Data Subject Rights & Incident Management

• Own and manage the intake, tracking, and fulfillment of data subject rights requests (DSARs), including access, deletion, correction, and objection requests
• Support privacy incident and breach response activities, including intake, triage, investigation support, documentation, and remediation tracking
• Coordinate with internal stakeholders to ensure timely, accurate, and well documented responses within statutory deadlines

Privacy Risk Management

• Coordinate and perform privacy impact assessments / data protection impact assessments (PIAs/DPIAs) in collaboration with IT and business teams
• Identify operational privacy risks and recommend mitigation strategies
• Support internal audits, inspections, and regulatory inquiries related to privacy

Vendor Privacy Support

• Support vendor privacy due diligence and onboarding processes, including privacy questionnaires and risk assessments
• Assist with the operational implementation of data processing agreements and privacy‑related contractual requirements
• Track and monitor privacy obligations applicable to vendors

Training, Awareness & Enablement

• Develop and deliver role‑based privacy training and awareness materials
• Act as a point of contact for business teams on operational privacy questions
• Promote a culture of privacy, accountability, and data protection across the organization

Reporting & Continuous Improvement