Associate General Counsel Sr. - Information Security
Preferred Location: Palo Alto, CA; Chicago, IL; Boston, MA; Atlanta, GA; New York, NY; or Indianapolis, IN.
Candidates must reside within 50 miles or 1-hour commute each way of a relevant Elevance Health location.
Elevance Health supports a hybrid workplace model (virtual and office) with PulsePoint sites used for collaboration, community, and connection, with the minimum in-office commitment being 1-2 days in an office per week.
The Associate General Counsel Sr. is responsible for providing legal advice on enterprise-wide information security matters and will effectively assist and advise the office of the CISO on recommended courses of action and legal risk.
How You Will Make an Impact: Primary duties may include, but are not limited to:
Work closely with the CISO's office on Incident Response in managing and coordinating legal aspects of any cybersecurity incidents. Provide oversight on security-related notification requirements, regulatory compliance, and potential legal actions.
Collaborate with Information Security leaders and key stakeholders, including Privacy Office, to improve incident response processes and procedures.
Work collaboratively across the organization to provide legal support for the cybersecurity and data protection programs (including legal support for regulatory and audit functions, as needed), and establish appropriate relationships with responsible members of relevant groups, such as Risk, Information Security, Marketing and Communications and Ethics, Privacy and Compliance, to ensure coordinated and appropriate responses to incidents, issues, and opportunities in the cybersecurity space including implementation of robust security measures and risk mitigation strategies.
Ability to handle and manage legal work associated with complex, novel, high-value enterprise information security initiatives with broad organizational impact and moderate to high level of risk.
Provide advice and assistance to executives and management on corporate, legal and regulatory matters within the scope of the attorney's job.
Minimum requirements:
Requires a JD, current license to practice law and minimum of 15 years of specific industry and/or technical legal experience post licensure including experience in managing outside counsel; or any combination of education and experience, which would provide an equivalent background.
Preferred Skills, Capabilities, and Experience:
JD from an ABA accredited law school and current license to practice law.
10-15 years of legal practice experience with a focus on information security, cybersecurity, and data privacy matters in a technology-related company, law firm, or health care setting.
Deep experience with data protection and privacy laws that require appropriate handling and safeguarding of personal and sensitive data. Experience in health care information security a plus.
Extensive experience managing outside counsel.
Excellent written and oral communication skills, and the ability to effectively present information to and advise senior management.
Ability to work well both independently and as part of a team with a manager.
Ability to thrive in a complex corporate environment.
Significant technical background assessing legal risks associated with information security and cybersecurity practices and developing strategies to mitigate potential liabilities.
Deep experience providing legal guidance on information security risk management and incident prevention for a large enterprise or business unit.
Requires experience providing legal counsel on remediation of reported security vulnerabilities and experience supporting related pre-litigation and active matters involving cybersecurity.
Extensive experience reviewing, drafting, and negotiating contracts with clients, vendors, and partners related to information security and cybersecurity matters.
Demonstrated experience providing legal review of updates to enterprise information security standards.
Experience assisting in the creation of information security audit and monitoring frameworks.
Deep understanding of relevant laws and regulations, with demonstrated ability to stay up to date with industry standards related to information security and cybersecurity.
Significant experience advising and supporting development and implementation of policies and procedures to align with these legal requirements and guidelines.
For candidates working in person or remotely in the below locations, the salary* range for this specific position is $184,800 to $332,640.
Locations: California; Colorado; Hawaii; Nevada; New York; Washington State; Jersey City, NJ
In addition to your salary, Elevance Health offers benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). The salary offered for this specific position is based on a number of legitimate, non-discriminatory factors set by the company. The company is fully committed to ensuring equal pay opportunities for equal work regardless of gender, race, or any other category protected by federal, state, and local pay equity laws.
* The salary range is the range Elevance Health in good faith believes is the range of possible compensation for this role at the time of this posting. This range may be modified in the future and actual compensation may vary from posting based on geographic location, work experience, education and/or skill level. Even within the range, the actual compensation will vary depending on the above factors as well as market/business considerations. No amount is considered to be wages or compensation until such amount is earned, vested, and determinable under the terms and conditions of the applicable policies and plans. The amount and availability of any bonus, commission, benefits, or any other form of compensation and benefits that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company's sole discretion, consistent with the law.
Please be advised that Elevance Health only accepts resumes for compensation from agencies that have a signed agreement with Elevance Health. Any unsolicited resumes, including those submitted to hiring managers, are deemed to be the property of Elevance Health.
Who We Are
Elevance Health is a health company dedicated to improving lives and communities - and making healthcare simpler. We are a Fortune 25 company with a longstanding history in the healthcare industry, looking for leaders at all levels of the organization who are passionate about making an impact on our members and the communities we serve.
How We Work
At Elevance Health, we are creating a culture that is designed to advance our strategy but will also lead to personal and professional growth for our associates. Our values and behaviors are the root of our culture. They are how we achieve our strategy, power our business outcomes and drive our shared success - for our consumers, our associates, our communities and our business.
We offer a range of market-competitive total rewards that include merit increases, paid holidays, Paid Time Off, and incentive bonus programs (unless covered by a collective bargaining agreement), medical, dental, vision, short and long term disability benefits, 401(k) +match, stock purchase plan, life insurance, wellness programs and financial education resources, to name a few.
Elevance Health operates in a Hybrid Workforce Strategy. Unless specified as primarily virtual by the hiring manager, associates are required to work at an Elevance Health location at least once per week, and potentially several times per week. Specific requirements and expectations for time onsite will be discussed as part of the hiring process. Candidates must reside within 50 miles or 1-hour commute each way of a relevant Elevance Health location.
The health of our associates and communities is a top priority for Elevance Health. We require all new candidates in certain patient/member-facing roles to become vaccinated against COVID-19. If you are not vaccinated, your offer will be rescinded unless you provide an acceptable explanation. Elevance Health will also follow all relevant federal, state and local laws.
Elevance Health is an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to age, citizenship status, color, creed, disability, ethnicity, genetic information, gender (including gender identity and gender expression), marital status, national origin, race, religion, sex, sexual orientation, veteran status or any other status or condition protected by applicable federal, state, or local laws. Applicants who require accommodation to participate in the job application process may contact elevancehealthjobssupport@elevancehealth.comfor assistance.
