Need help hiring top legal talent? Contact our team.
Company logo

Associate General Counsel Sr. - Information Security

$184,800- $332,640
Posted Jul 04
Full Time
Wallingford, Connecticut

Preferred Location: Palo Alto, CA; Chicago, IL; Boston, MA; Atlanta, GA; New York, NY; or Indianapolis, IN.

Candidates must reside within 50 miles or 1-hour commute each way of a relevant Elevance Health location.

Elevance Health supports a hybrid workplace model (virtual and office) with PulsePoint sites used for collaboration, community, and connection, with the minimum in-office commitment being 1-2 days in an office per week.

The Associate General Counsel Sr. is responsible for providing legal advice on enterprise-wide information security matters and will effectively assist and advise the office of the CISO on recommended courses of action and legal risk.

How You Will Make An Impact

Primary duties may include, but are not limited to:

  • Work closely with the CISO’s office on Incident Response in managing and coordinating legal aspects of any cybersecurity incidents. Provide oversight on security-related notification requirements, regulatory compliance, and potential legal actions.
  • Collaborate with Information Security leaders and key stakeholders, including Privacy Office, to improve incident response processes and procedures.
  • Work collaboratively across the organization to provide legal support for the cybersecurity and data protection programs (including legal support for regulatory and audit functions, as needed), and establish appropriate relationships with responsible members of relevant groups, such as Risk, Information Security, Marketing and Communications and Ethics, Privacy and Compliance, to ensure coordinated and appropriate responses to incidents, issues, and opportunities in the cybersecurity space including implementation of robust security measures and risk mitigation strategies.
  • Ability to handle and manage legal work associated with complex, novel, high-value enterprise information security initiatives with broad organizational impact and moderate to high level of risk.
  • Provide advice and assistance to executives and management on corporate, legal and regulatory matters within the scope of the attorney’s job.

Minimum Requirements

Requires a JD, current license to practice law and minimum of 15 years of specific industry and/or technical legal experience post licensure including experience in managing outside counsel; or any combination of education and experience, which would provide an equivalent background.

Preferred Skills, Capabilities, And Experience

  • JD from an ABA accredited law school and current license to practice law.
  • 10-15 years of legal practice experience with a focus on information security, cybersecurity, and data privacy matters in a technology-related company, law firm, or health care setting.
  • Deep experience with data protection and privacy laws that require appropriate handling and safeguarding of personal and sensitive data. Experience in health care information security a plus.
  • Extensive experience managing outside counsel.
  • Excellent written and oral communication skills, and the ability to effectively present information to and advise senior management.
  • Ability to work well both independently and as part of a team with a manager.
  • Ability to thrive in a complex corporate environment.
  • Significant technical background assessing legal risks associated with information security and cybersecurity practices and developing strategies to mitigate potential liabilities.
  • Deep experience providing legal guidance on information security risk management and incident prevention for a large enterprise or business unit.
  • Requires experience providing legal counsel on remediation of reported security vulnerabilities and experience supporting related pre-litigation and active matters involving cybersecurity.
  • Extensive experience reviewing, drafting, and negotiating contracts with clients, vendors, and partners related to information security and cybersecurity matters.
  • Demonstrated experience providing legal review of updates to enterprise information security standards.
  • Experience assisting in the creation of information security audit and monitoring frameworks.
  • Deep understanding of relevant laws and regulations, with demonstrated ability to stay up to date with industry standards related to information security and cybersecurity.
  • Significant experience advising and supporting development and implementation of policies and procedures to align with these legal requirements and guidelines.

For candidates working in person or remotely in the below locations, the salary* range for this specific position is $184,800 to $332,640.

Locations: California; Colorado; Nevada; New York; Washington State; Jersey City, NJ

In addition to your salary, Elevance Health offers benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). The salary offered for this specific position is based on a number of legitimate, non-discriminatory factors set by the company. The company is fully committed to ensuring equal pay opportunities for equal work regardless of gender, race, or any other category protected by federal, state, and local pay equity laws.

  • The salary range is the range Elevance Health in good faith believes is the range of possible compensation for this role at the time of this posting. This range may be modified in the future and actual compensation may vary from posting based on geographic location, work experience, education and/or skill level. Even within the range, the actual compensation will vary depending on the above factors as well as market/business considerations. No amount is considered to be wages or compensation until such amount is earned, vested, and determinable under the terms and conditions of the applicable policies and plans. The amount and availability of any bonus, commission, benefits, or any other form of compensation and benefits that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company’s sole discretion, consistent with the law.