Senior Manager, Privacy Operations (Legal)

Corcept is leading the way in the research and development of cortisol modulators, molecules that regulate cortisol activity at the glucocorticoid receptor (GR). To date, we have discovered more than 1,000 selective proprietary cortisol modulators.

In 2012, we received FDA approval of Korlym® (mifepristone), the first approved treatment for hypercortisolism (Cushing’s syndrome).

Today, our team and collaborators continue to unlock the possibilities of cortisol modulation as a way to treat serious diseases. With more than 30 ongoing studies across a wide range of disease areas, including endocrinology, oncology, metabolism, and neurology, we remain dedicated to advancing the possibilities of cortisol modulation.

What began as a ripple of scientific truth is now poised to unleash a sea change of discovery representing a fundamental shift in the way we understand and treat disease.

The Senior Manager, Privacy Operations will be responsible for implementing, operationalizing, and continuously improving Corcept’s global privacy program. This role will translate legal and regulatory privacy requirements into practical, scalable, and auditable operational processes across the organization.

The role requires close collaboration with IT, HR, Clinical, Commercial, Drug Safety, and Quality functions to ensure that privacy requirements are embedded into day‑to‑day business activities, systems, and vendor relationships. The ideal candidate combines strong privacy program management experience with the ability to work hands‑on in a regulated pharmaceutical environment. The role also offers the opportunity to support broader compliance topics.

This is a hybrid position typically requiring on-site presence 3 days per week.

This role reports to the Sr. Director, Legal & Privacy.

Responsibilities:

Privacy Program Operations

• Implement and maintain the Corcept’s privacy program, including policies, guidelines, and work instructions
• Operationalize privacy requirements under applicable data protection laws (e.g., GDPR, UK GDPR, CCPA, U.S. state privacy laws, and other global regulations)
• Maintain records of processing activities (RoPA), data inventories, and supporting documentation
• Support privacy‑by‑design principles in business processes and systems

Data Subject Rights & Incident Management

• Own and manage the intake, tracking, and fulfillment of data subject rights requests (DSARs), including access, deletion, correction, and objection requests
• Support privacy incident and breach response activities, including intake, triage, investigation support, documentation, and remediation tracking
• Coordinate with internal stakeholders to ensure timely, accurate, and well documented responses within statutory deadlines

Privacy Risk Management

• Coordinate and perform privacy impact assessments / data protection impact assessments (PIAs/DPIAs) in collaboration with IT and business teams
• Identify operational privacy risks and recommend mitigation strategies
• Support internal audits, inspections, and regulatory inquiries related to privacy

Vendor Privacy Support

• Support vendor privacy due diligence and onboarding processes, including privacy questionnaires and risk assessments
• Assist with the operational implementation of data processing agreements and privacy‑related contractual requirements
• Track and monitor privacy obligations applicable to vendors

Training, Awareness & Enablement

• Develop and deliver role‑based privacy training and awareness materials
• Act as a point of contact for business teams on operational privacy questions
• Promote a culture of privacy, accountability, and data protection across the organization

Reporting & Continuous Improvement

• Track and report on privacy metrics and key performance indicators (KPIs)
• Identify opportunities to streamline and automate privacy processes and workflows
• Monitor regulatory developments and recommend operational enhancements as needed

Preferred Skills, Qualifications and Technical Proficiencies:

• Hands‑on experience operationalizing privacy programs in a regulated environment, preferably pharmaceuticals, biotech, or life sciences
• Strong working knowledge of global privacy frameworks, including GDPR, CCPA and U.S. privacy laws
• Demonstrated experience managing DSARs, PIAs/DPIAs, and privacy incident workflows
• Familiarity with Privacy management and workflow tools (e.g., OneTrust or similar platforms), Data mapping, RoPA, and DSAR management tools
• Familiarity with information security and IT concepts (e.g., access controls, encryption, data lifecycle management)
• Proficiency with Microsoft 365 tools (Excel, Word, PowerPoint, Teams) for documentation and reporting
• Ability to translate legal requirements into clear, practical operational processes
• Strong project management, organizational, and documentation skills
• Excellent communication skills with the ability to work effectively across legal, technical, and business teams

Preferred Education and Experience:

• 7+ years of experience in privacy and data protection, preferably in the pharmaceutical/biotech/life sciences industry
• Bachelor’s degree required
• Relevant privacy or compliance certifications preferred, such as:
  • Certified Information Privacy Manager (CIPM)
  • Certified Information Privacy Professional (CIPP/US, CIPP/E, or equivalent)

The pay range that the Company reasonably expects to pay for this headquarters-based position is $193,770 – $227,880; the pay ultimately offered may vary based on legitimate considerations, including geographic location, job-related knowledge, skills, experience, and education.

 Applicants must be currently authorized to work in the United States on a full-time basis.

For information on how Corcept collects, uses, discloses, protects, and otherwise processes personal information and an explanation of the rights and choices available to you with respect to your personal information, please refer to our Privacy Notice link. 

Corcept appreciates the commitment and hard work of all our team members as we strive to discover and develop novel treatments for patients with serious unmet medical needs.

 Please visit our website at: https://www.corcept.com/

Corcept is an Equal Opportunity Employer

Corcept will not conduct interviews via text message or messaging platforms and will not ask you to download anything as part of your interview.  Though we use third-party tools to help with advertising our jobs, please be vigilant in checking that the communication is in fact coming from Corcept.