Herspiegel is a global life sciences consultancy that guides pharmaceutical and biotech companies through their most decisive moments—powering commercial success and expanding patient access. From early asset strategy to launch readiness and market optimization, we help clients navigate complexity and seize opportunity. Our integrated approach brings together scientific insight, evidence strategy, deep market intuition, and executional precision to ensure brands are built to lead.
Position Summary
The Compliance Associate will support the organization’s legal and compliance functions by ensuring adherence to global regulatory requirements, internal policies, and contractual obligations. This role focuses on contract review and analysis, data privacy compliance (GDPR and equivalents) and IT diligence frameworks to mitigate risk and maintain operational integrity across global markets.
Responsibilities
- Identify and mitigate legal and business risks in contracts, including liability limits, indemnities, termination rights, IP ownership, and confidentiality clauses.
- Ensure contracts include appropriate compliance language for data privacy, anti-bribery, export controls, and ethical standards.
- Compliance Assurance
- Monitor and enforce compliance with global data protection and information-risk regulations (GDPR, UK GDPR, CCPA) and related internal control frameworks.
- Support implementation of Data Processing Agreements (DPAs) and Standard Contractual Clauses for international data transfers.
- Maintain awareness of evolving regulatory requirements and update templates/playbooks accordingly.
- Assist in legal-led IT vendor due diligence, by reviewing and coordinating assessments of data protection, and compliance posture for third party suppliers.
- Collaborate with IT and security teams to validate contractual obligations for cybersecurity, data residency, and breach notification processes.
- Support audits and monitoring activities related to IT risk management and compliance certifications (e.g., ISO, SOC, etc.).
- Track remediation commitments and contractual obligations arising from vendor risk reviews.
- Policy & Process Development
- Contribute to continuous improvement of compliance processes, including contract playbooks, clause libraries, and governance frameworks.
- Maintain accurate records of executed agreements and compliance reviews in the contract management system.
Preferred Qualifications & Experience
- Education: Bachelor’s degree in Law, Business Administration, Management Information Systems, or related field; JD or equivalent legal training preferred.
- Experience:
- 2–4 years in compliance, legal operations, and/or IT and data privacy within a global organization.
- Hands-on experience with GDPR compliance, data governance frameworks, and IT diligence processes.
- Familiarity with contract lifecycle management tools and risk assessment methodologies.
- Skills:
- Strong understanding of international data privacy regulations and IT security principles.
- Excellent drafting, negotiation, and analytical skills.
- Ability to manage multiple priorities and collaborate across legal, IT, and business teams.
- Certifications (Preferred): CIPP/E, CIPM, or ISO 27001 Lead Implementer or auditor, or equivalent compliance/Information-risk certification.
#J-18808-Ljbffr…