Description:
An American Bank Holding Company is seeking a dynamic mission-driven attorney who is passionate about security to join its Cyber Legal team.About the role:
As a member of the cyber legal team, you will have an opportunity to directly influence how An American Bank Holding Company responds to a constantly evolving threat landscape, while navigating a rapidly changing set of laws and regulations that govern our preparedness and response. You will actively partner with An American Bank Holding Company cyber organization to brainstorm and problem-solve in ways that anticipate and mitigate legal, operational, and reputational risk. Because our work is increasingly interdisciplinary, it requires an entrepreneurial approach … and this is what makes it fun. Your legal advice and strategic counsel will be informed by active collaboration with stakeholders from across the enterprise, and you'll do it in an environment that values your insight, promotes continuous learning, and rewards creative thinking.
So who are we looking for?
- You are someone who craves meaning in your work, and are eager to drive solutions that reduce risk to our company.
- You are an engagement multiplier who is both pragmatic and practical. You view your role as not only a lawyer, but as a trusted business advisor who enables your clients to achieve core objectives in a way that is legally supported and well-managed.
- You are a self-starter who thrives in a fast-paced environment, exercising judgment and discretion as you prioritize (and sometimes reprioritize) myriad time-sensitive matters.
- You are comfortable being uncomfortable. You're not afraid to lean into gray space when situations are unfamiliar, digging in to understand and focus on what really matters.
- You are an effective translator. You can communicate regulatory requirements and legal guardrails to developers and engineers just as easily as you can deconstruct complex technical subjects in a way that other lawyers can understand and appreciate.
- You bring an ownership mentality to your work. You want to be in the trenches with your clients, and will not hesitate to pull in legal colleagues to ensure that your clients reap the full benefit of our amazing legal department's experience and expertise.
Specific responsibilities include, but are not limited to:
- Guide and provide ongoing counsel to cyber incident response investigations, ensuring that the company is meeting all regulatory and contractual notification obligations and investigative steps are carried out in a manner that minimizes litigation and regulatory risk.
- Advise on information assurance legal requirements for the company's third party risk management program, including through the drafting, negotiation, and review of data security provisions in agreements with service providers, business partners, and other parties that make up the company's supply chain.
- Assist with the development, application, and enforcement of information security policies, standards, and procedures to confirm adherence to regulatory obligations and contractual requirements.
- Provide legal advice and strategic counsel on vulnerability management, application security, identity and access management, and other cyber security engineering and data protection initiatives.
- Coordinate review of board reports, executive committee presentations, regulatory filings, and other legal disclosures to ensure accuracy and completeness of cyber legal representations.
- Serve as a critical partner to cyber operations, intelligence, technology risk management, and compliance professionals in their collective efforts to maintain a cybersecurity program that timely detects, investigates, contains, and mitigates threats to An American Bank Holding Company customers, associates, and confidential information.
- Support the development and delivery of tabletop exercises and other cyber education and awareness efforts (e.g., phishing drills, customer facing material).
- Monitor the cyber legal and legislative landscape for key developments and actionable guidance that helps to inform business decisions, seize opportunities, and position stakeholders to overcome future legal and policy related challenges.
- Advise on the development, execution, and maintenance of cyber maturity assessments and other internal security risk evaluations in line with existing cybersecurity standards and frameworks.
- Maintain strong relationships and lines of communication with business partners and other key stakeholders across the organization.
Basic Qualifications:
- Juris Doctor from an accredited law school
- Active member in good standing of at least one state bar
- At least four 4 years of experience as an attorney in a law firm, in-house legal department, or government agency.
Preferred Qualifications:
- 2 + years of legal experience supporting a technology or information security team
- Knowledge with the cyber threat landscape
- knowledge of government or corporate investigations
- Experience with U.S. cybersecurity laws and regulations (e.g., Computer Fraud and Abuse Act, Cybersecurity Information Sharing Act) and general familiarity with global cybersecurity laws, regulations, and standards
- Knowledge of federal and state privacy laws
- knowledge of U.S. cybersecurity standards, frameworks, risk assessments and certification processes (e.g., SOC 1 & 2, NIST Cybersecurity Framework, PCI DSS)
- Previous experience in the financial industry a plus, but not required
