Senior Director, Global Privacy

Position Summary:

Crinetics is seeking a highly experienced and strategic Senior Director, Global Privacy to provide enterprise-level leadership of the company’s global privacy and data protection. Reporting to the VP, Global Compliance, this role serves as a senior legal and strategic advisor responsible for advancing privacy governance and strategy while managing complex privacy risk across clinical development, research pharmacovigilance, and commercial operations.

This position plays a critical role in scaling and maturing the privacy function, including oversight of policies, controls, third-party risk, incident response, and regulatory change management. The role requires significant independent judgment, cross-functional leadership, and the ability to influence and guide senior leaders through complex privacy, cybersecurity, and data-use issues in a public-company pharmaceutical environment.

Essential Job Functions and Responsibilities:

These may include but are not limited to:

• Lead the design, implementation, and ongoing enhancement of Crinetics’ global privacy and data-protection program, including the design, implementation, and ongoing oversight of policies, standards, procedures, and controls aligned with U.S. and international privacy laws and industry best practices.
• Establish and chair enterprise privacy and data-governance forums, defining decision rights, escalation pathways, and accountability across functions.
• Provide regular executive-level reporting on privacy risk posture, program effectiveness, and emerging regulatory developments. Serve as the company’s senior legal authority on privacy, data protection, and data-use governance, advising executives and cross-functional leaders on risk-based, compliant approaches to business initiatives.
• Translate complex legal requirements into practical operating guidance that supports innovation, patient trust, and responsible data use.
• Provide senior-level oversight of privacy considerations across the clinical-trial lifecycle, including recruitment, informed consent, source data access, pseudonymization/de-identification, secondary research use, and data retention.
• Advise on privacy governance for interactions with CROs, investigators, sites, and vendors, ensuring appropriate access controls, contractual protections, audit rights, and ongoing compliance monitoring.
• Lead privacy strategy for cross-border data transfers, including approval and oversight of Standard Contractual Clauses (SCCs), Transfer Impact Assessments (TIAs), and supplementary safeguards.
• Oversee privacy and data-use governance for patient support programs, open-label extensions, real-world evidence initiatives, digital health tools, patient ambassadors, and testimonials.
• Ensure appropriate consent, authorization, notice, and opt-out mechanisms, with particular attention to U.S. state consumer health data laws.
• Establish controls to maintain appropriate separation between clinical research data and commercial or marketing uses.
• Lead privacy and data-governance oversight for AI, machine learning, and advanced analytics, including review of high-risk use cases, data sourcing, transparency, and accountability.
• Monitor, interpret, and operationalize emerging privacy, cybersecurity, and AI laws and guidance, including GDPR, HIPAA, CCPA/CPRA, Washington My Health My Data Act, and other U.S. state and global requirements.
• Oversee the privacy risk-assessment framework, including Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs).
• Ensure identified risks are tracked, mitigated, and documented, with clear ownership and follow-through. Provide senior legal oversight of privacy and data-protection provisions in vendor, CRO, collaboration, and commercial agreements.
• Partner with Procurement, IT Security, and Compliance to oversee third-party privacy and security risk management, including onboarding diligence, ongoing monitoring, and remediation.
• Play a senior leadership role in privacy and data-security incident response, including assessment of regulatory notification obligations and coordination with internal and external stakeholders.
• Align privacy governance with cybersecurity controls, including data classification, access management, retention, and secure system design.
• Build and lead a high-performing privacy function, including hiring, mentoring, and developing team members as the company grows.
• Drive enterprise-wide privacy training and awareness to foster a culture of accountability, ethical data handling, and privacy by design.
• Act as a visible leader who models company values and builds trust across the organization.
• Other duties as assigned.

 Education and Experience:

Required

• Juris Doctor from an accredited law school.
• 15 years of relevant legal experience, including significant experience in biotechnology, pharmaceutical, or healthcare environments.
• A minimum of 10 years of experience as a supervisor with strong leadership skills and experience managing and developing high-performing teams. Ability to influence senior executives and cross-functional teams.
• Demonstrated experience leading an enterprise-level privacy or data-governance program, with accountability for outcomes.
• Deep expertise in HIPAA, GDPR, U.S. state privacy and consumer health data laws, and global data-transfer frameworks.
• Proven ability to influence senior leaders, manage cross-functional stakeholders, and exercise independent judgment on complex risk issues.
• Strong experience negotiating complex commercial, vendor, and clinical research agreements involving data protection.

Preferred

• CIPP/US, CIPM, or equivalent privacy certification.
• AI governance or emerging-technology experience (e.g., AIGP or equivalent).
• Experience supporting public companies or late-stage/pre-commercial organizations.

Physical Demands and Work Environment

Physical Activities: On a continuous basis, sit at desk for a long period of time; intermittently answer telephone and write or use a keyboard to communicate through written means. Some walking and lifting up to 25 lbs. may be required. The noise level in the work environment is typically low to moderate. The physical demands described above are representative of those that must be met by an employee to successfully perform the essential functions and responsibilities of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions and responsibilities.

Travel:

You may be required to travel for quarterly on-site meetings and up to an additional 5% of your time.

Equal Opportunity Employer:

Crinetics is proud to be an Equal Opportunity Employer. We provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of sex, sexual orientation, gender (including gender identity and/or expression), pregnancy, race, color, creed, national or ethnic origin, citizenship status, religion or similar philosophical beliefs, disability, marital and civil union status, age, genetic information, veteran status or any personal attribute or characteristic that is protected by applicable local, state or federal laws.

Salary Range

In addition to your base pay, our total rewards program consists of a discretionary annual target bonus, stock options, ESPP, and 401k match. We also provide top-notch health insurance plans for employees (and their families) to include medical, dental, vision and basic life insurance, 20 days of PTO, 10 paid holidays, and a winter company shutdown.