|Date Posted||April 9, 2021|
The Law Department of The Company Insurance Company of America seeks an attorney to support the information security and cybersecurity functions of Company. The position will report to the Chief Legal Officer for Global Technology & Enterprise Services Law.
Job Responsibilities include:
Lead or support incident response for a broad range of circumstances including data breaches, insider risk, denial of service, availability attacks and other computer security events.
Select, retain, and manage outside counsel and relevant professionals for various cyber issues, including current and emerging legal and regulatory requirements and best practices, risk assessment and management, incident response, and government reporting.
Provide counsel on company responses to regulatory inquiries and litigation concerning technology and cybersecurity.
Provide counsel to the Chief Information Security Officer, the information security office, and security operations center.
Draft, negotiate and review cyber security and privacy provisions for business transactions and initiatives, including vendor and third-party service provider contracts.
Provide legal advice on security and privacy -related technology issues, including the use of online websites and advertising, mobile devices and applications, and social media in compliance with laws, regulations, and self-regulatory guidelines.
Maintain fluency with U.S. federal and state privacy and data protection laws and regulations impacting financial institutions, including but not limited to, GLBA and Regulation SP, HIPAA, New York Department of Financial Services Cybersecurity Regulations, CPRA and state data breach notification requirements.
Maintain relationships with law enforcement and industry groups, including the FBI, U.S. Secret Service. NCFTA, and FSSCC.
Support development of legal compliance efforts related to relevant privacy and cybersecurity-related laws and regulations. Develop and provide training on a broad range of topics concerning the intersection of legal requirements to technology, cybersecurity, and privacy matters.
Providing legal advice on international data security matters to support Company’s multi-national business units.
Participate in cybersecurity tabletop exercises for domestic and international businesses.
Follow and keeping apprised of information security legal developments, understanding, and interpreting existing and proposed federal and state security laws and regulations, including the ability to evaluate and draft legislative proposals and language.
J.D. with 7-10 years of experience in a law firm or an in-house corporate law department with emphasis on regulatory or information security/cybersecurity/data protection/privacy law.
Strong knowledge of federal and state information security and privacy laws, regulations, and regulatory guidelines including state financial/insurance privacy laws, and state security breach laws.
Familiarity with international privacy and data protection laws and regulations, and cross border transfers.
Strong interpersonal skills, the ability to work independently and in teams, and the ability to influence through collaboration without direct authority.
Strong writing, analytical, and communication skills.
Experience managing outside counsel.
Financial services/insurance industry experience preferred.