Description:
Preferred Location: Palo Alto, CA; Chicago, IL; Boston, MA; Atlanta, GA; New York, NY; or Indianapolis, IN.Candidates must reside within 50 miles or 1-hour commute each way of a relevant Elevance Health location.
An Advancing Health Beyond Healthcare Company supports a hybrid workplace model (virtual and office) with PulsePoint sites used for collaboration, community, and connection, with the minimum in-office commitment being 1-2 days in an office per week.
The Associate General Counsel Sr. is responsible for providing legal advice on enterprise-wide information security matters and will effectively assist and advise the office of the CISO on recommended courses of action and legal risk.
How you will make an impact:
Primary duties may include, but are not limited to:
- Work closely with the CISO's office on Incident Response in managing and coordinating legal aspects of any cybersecurity incidents. Provide oversight on security-related notification requirements, regulatory compliance, and potential legal actions.
- Collaborate with Information Security leaders and key stakeholders, including Privacy Office, to improve incident response processes and procedures.
- Work collaboratively across the organization to provide legal support for the cybersecurity and data protection programs (including legal support for regulatory and audit functions, as needed), and establish appropriate relationships with responsible members of relevant groups, such as Risk, Information Security, Marketing and Communications and Ethics, Privacy and Compliance, to ensure coordinated and appropriate responses to incidents, issues, and opportunities in the cybersecurity space including implementation of robust security measures and risk mitigation strategies.
- Ability to handle and manage legal work associated with complex, novel, high-value enterprise information security initiatives with broad organizational impact and moderate to high level of risk.
- Provide advice and assistance to executives and management on corporate, legal and regulatory matters within the scope of the attorney's job.
Minimum Requirements:
Requires a JD, current license to practice law and minimum of 15 years of specific industry and/or technical legal experience post licensure including experience in managing outside counsel; or any combination of education and experience, which would provide an equivalent background.
Preferred Skills, Capabilities, and Experience:
- JD from an ABA accredited law school and current license to practice law.
- 10-15 years of legal practice experience with a focus on information security, cybersecurity, and data privacy matters in a technology-related company, law firm, or health care setting.
- Deep experience with data protection and privacy laws that require appropriate handling and safeguarding of personal and sensitive data. Experience in health care information security a plus.
- Extensive experience managing outside counsel.
- Excellent written and oral communication skills, and the ability to effectively present information to and advise senior management.
- Ability to work well both independently and as part of a team with a manager.
- Ability to thrive in a complex corporate environment.
- Significant technical background assessing legal risks associated with information security and cybersecurity practices and developing strategies to mitigate potential liabilities.
- Deep experience providing legal guidance on information security risk management and incident prevention for a large enterprise or business unit.
- Requires experience providing legal counsel on remediation of reported security vulnerabilities and experience supporting related pre-litigation and active matters involving cybersecurity.
- Extensive experience reviewing, drafting, and negotiating contracts with clients, vendors, and partners related to information security and cybersecurity matters.
- Demonstrated experience providing legal review of updates to enterprise information security standards.
- Experience assisting in the creation of information security audit and monitoring frameworks.
- Deep understanding of relevant laws and regulations, with demonstrated ability to stay up to date with industry standards related to information security and cybersecurity.
- Significant experience advising and supporting development and implementation of policies and procedures to align with these legal requirements and guidelines.
