Solventum is a new healthcare company with a long legacy of solving big challenges that improve lives and help healthcare professionals perform at their best. We enable better, smarter, safer healthcare to improve lives by pioneering game-changing innovations at the intersection of health, material, and data science.

The Impact You’ll Make in this Role

The Sr. Managing Counsel, Privacy & Cybersecurity (USAC & LATAM) will lead the legal support for privacy and cybersecurity efforts across the company’s USAC and LATAM operations. Key responsibilities include:

• Advising and collaborating with IT, cybersecurity, business, and functional teams, and external partners to manage legal risks related to data security and privacy
• Providing expert legal counsel to Privacy and Cybersecurity teams to ensure compliance with contractual commitments and regulatory obligations
• Conducting privacy and data protection impact assessments to ensure sensitive health data is used in compliance with privacy regulations and contractual rights
• Advising cybersecurity teams on incident response and investigations

Responsibilities

The role involves:

• Collaborating with Procurement and business contracting teams to draft, negotiate, and maintain privacy/data protection terms in contracts and agreements
• Leading the company’s legal response to product vulnerabilities, information security breaches, and cyber events
• Counseling IT operations, security teams, and business units on developing and implementing cybersecurity plans, incident response strategies, and compliance with industry standards and regulations
• Working closely with Cybersecurity, Procurement, and Legal teams to manage third-party risks
• Advising on the de-identification, pseudonymization, and anonymization of sensitive health data
• Implementing “privacy by design” principles in product development processes and contributing to product risk assessments

Your Skills & Expertise

To set you up for success in this role, Solventum requires:

• Juris Doctor (JD) from an accredited law school or Law degree
• 8 years of experience in data privacy and cybersecurity law, ideally within the life sciences, healthcare, medical devices, or similarly regulated industries
• Expertise in global data privacy laws (including GDPR) and AI laws (including EU AI Act)
• Expertise in US data privacy laws and regulations, including HIPAA and US state consumer privacy laws
• Excellent written, verbal, and presentation skills, with the ability to communicate complex legal matters in a clear, concise manner to non-legal stakeholders

Additional Qualifications

Additional qualifications that could help you succeed include:

• Experience in Canada and LATAM data privacy laws and regulations
• Familiarity with medical device regulations (FDA, FD&C Act) related to data privacy and security
• Experience managing HIPAA compliance programs and addressing legal issues related to health data
• Relevant privacy and cybersecurity certifications (e.g., CIPP/US, AIGP, CIPP, CIPM, CIPP/E, CIPT, CHPS, CHPC, CISSP)

Work Details

• Work location: Remote - United States
• Travel: May include up to 20% domestic/international travel
• Relocation Assistance: Not authorized
• Must be legally authorized to work in the country of employment without sponsorship for employment visa status

Compensation and Benefits

• The expected compensation range for this position is $211,600 - $290,950, which includes base pay plus variable incentive pay, if eligible
• This position may be eligible for a range of benefits (e.g., Medical, Dental & Vision, Health Savings Accounts, etc.)