Head Data Privacy & AI Compliance - Switzerland & Germany
Bewerben
locations
Munich (Novartis Business Services GmbH)
Nuremberg (Novartis Business Services GmbH)
time type
Full time
posted on
Heute ausgeschrieben
time left to apply
Enddatum: 20. Juni 2026 (Noch 14 Tage Zeit für Bewerbung)
job requisition id
REQ-10078216
Band
Level 5
Job Description Summary
Hybrid
Location: Basel, Switzerland or Munich or Nuremberg Germany
There are separate requisitions for Switzerland and Germany-please make sure you apply to the correct role for your preferred base location
Relocation: This role is based in Munich or Nuremberg-Germany. Novartis is unable to offer relocation support-please apply only if this location is accessible for you.
At Novartis, data and AI are helping us reimagine medicine-while trust remains non negotiable. As Head Data Privacy & AI Compliance for Switzerland and Germany, you will enable innovation responsibly by making sure our teams can use data and AI confidently, ethically, and in line with evolving regulations. You will lead the country DPDAI agenda, guide senior stakeholders on practical solutions, and provide clear assurance through strong risk management and governance-helping protect patients, employees, and partners every day.
Job Description
- Lead DPDAI for Switzerland and Germany, ensuring strong local implementation of Novartis’ global Data Privacy & AI program.
- Manage and develop the German DPDAI team; set clear priorities, ways of working, and delivery standards.
- Serve as Data Privacy Officer for the Swiss Novartis entities.
- Partner with business and functional leaders to enable responsible data and AI use-providing clear, pragmatic regulatory advice.
- Translate global policies and standards into practical country guidance (e.g., consent, secondary use, retention/destruction, and cross‑border transfers).
- Act as the first point of contact for interpretation and application of group‑wide DPDAI policies, procedures, and guidelines.
- Horizon‑scan for emerging privacy and AI legislation; assess impact and drive timely country adoption of required changes.
- Own the country DPDAI risk strategy-identify, assess, and escalate key risks through governance channels, including senior leadership reporting where needed.
- Oversee privacy notices, procedures, training, and response processes (e.g., access requests and complaints) in line with global standards.
- Maintain evidence and risk/control documentation in OneTrust and related frameworks, enabling timely remediation by the business.
- Represent Novartis in relevant industry groups and associations on privacy and AI topics.
Requirements
Essential
- Law degree or business degree with executive education in data privacy (Swiss and German context).
- Proven people leadership experience.
- Deep knowledge of global data privacy and AI regulatory regimes and how to apply them in practice.
- Hands‑on experience designing and running privacy/AI compliance programs, controls, and governance.
- Ability to operate effectively in complex, multi‑country regulatory environments.
- Strong stakeholder management and influencing skills across business and functional teams.
- Fluent in German and English.
Desirable
- Experience in an international law firm and/or in a data privacy & AI compliance function within a multinational organisation.
- Relevant certifications (e.g., CIPP/E, CIPM, AIGP, or AI ethics/compliance credentials).
- Experience in the pharmaceutical, life sciences, or healthcare sector.
Commitment to Diversity & Inclusion:
Novartis is committed to building an outstanding, inclusive work environment and diverse teams representative of the patients and communities we serve.
Adjustments for Applicants with Disabilities:
The law provides for severely disabled / equal applicants the opportunity to involve the local representative body for disabled employees (SBV) in the application process. If you would like to request this, please let us know in advance as a note on your CV.
Skills Desired
Betriebsrisiken, Betriebsrisikomanagement, Business Networking, Elektronische Komponenten, Internes Auditing, Management der Geschäftskontinuität (BCM), Marktrisiko, Personalführung, Rechnercluster, Rechnungsprüfung, Recht (Rechtsordnung), Regulatorisches Compliance-Management, Risikobewertungen, Risiko-Compliance (Inactive), Risiko-Management, Software-Frameworks
