Job Details

Cencora is seeking an attorney with significant experience advising and providing strategic leadership in data governance, privacy, cybersecurity, and AI as they apply to our Managed Service Organization (MSO), which serves clinical practice groups in multiple healthcare specialty areas across the United States.

This role reports to the VP, Responsible Data, within Cencora's legal team and serves as a primary legal partner to MSO leadership on the design, launch, and operation of MSO services, including the collection, use, sharing, and protection of sensitive health information and other regulated data.

This role requires a dynamic, pragmatic leader who collaborates closely with MSO medical professionals, clinical operations, product/technology, information security, compliance, and commercial teams to enable MSO offerings while managing risk in a highly regulated healthcare environment. The successful candidate will deliver business-oriented legal services and project management across MSO initiatives, including privacy-by-design and security-by-design reviews, prospective and retrospective research protocols from privacy and technology law angles, data sharing and interoperability arrangements, AI governance, and incident response readiness for MSO platforms and vendor ecosystems.

Primary Duties and Responsibilities:

• Serve as lead counsel for MSO data governance, privacy, AI, and cybersecurity matters, including advising on MSO data flows and operating models; the use and protection of PHI and other sensitive data; and compliance with applicable U.S. federal and state privacy and security requirements (e.g., HIPAA/HITECH and state consumer health privacy laws, as applicable).
• Counsel MSO business owners on privacy, security, and AI requirements for new and existing MSO offerings, including product counseling for MSO platforms, analytics, care/therapy services support, population health insights, and other data-enabled services.
• Draft, review, and negotiate MSO-facing privacy and security contractual terms, including BAAs, DPAs, data sharing agreements, service agreements, and vendor/partner security addenda; advise on third-party risk management, subcontractor flow-downs, and MSO client requirements.
• Partner with MSO information security and technology teams to support MSO security program needs (e.g., NIST-aligned controls, HITRUST/ISO considerations where required), including vulnerability management, application security, identity and access management, encryption, logging/monitoring, and secure SDLC practices.
• Lead MSO incident preparedness and response legal support, including tabletop exercises; advise on breach assessment and notification obligations; and coordinate with privacy, security, compliance, communications, and client teams on MSO client and regulatory communications.
• Support MSO governance and reporting, including board/executive updates and diligence support for MSO transactions and strategic partnerships; and respond to MSO client audits, questionnaires, and regulatory inquiries relating to privacy and cybersecurity representations.
• Establish and maintain strong relationships and clear escalation paths with MSO stakeholders (clinical/medical, operations, product/engineering, security, compliance, commercial, and enterprise legal) to drive consistent, scalable MSO approaches to data governance, privacy, and security risk management and to enable MSO data innovation goals.

Experience and Educational Requirements:

The lawyer in this role is expected to have a minimum of 9 years of experience as a lawyer combined with expertise in cybersecurity and data governance. The attorney must have a law degree - i.e., be a graduate of an accredited law school and admitted into a US state bar.

The lawyer in this role is comparable to a counsel, non-equity partner, or service partner in a law firm. This professional can navigate novel legal arenas, complete sophisticated and nuanced work independently, and supervise other individual legal professionals or teams of legal professionals to address fast-paced work in a timely, risk-prioritized manner. The lawyer in this role should also be able to work collaboratively in multi-functional settings tackling shared business and risk management goals.

Minimum Skill, Knowledge and Ability Requirements:

• Suitably familiar with a variety of cybersecurity and privacy regulations and frameworks relevant to MSO operations, including HIPAA/HITECH, state privacy laws (including consumer health privacy laws, as applicable), SEC cybersecurity disclosure rules (as applicable), AI regulatory frameworks, and commonly used security standards (e.g., NIST CSF/800-53, HITRUST) as needed to counsel clients and business partners.
• Significant expertise and background to be comfortable supervising outside lawyers engaged to work on matters for Cencora, including outside lawyers from the major law firms used by Cencora.
• Knowledgeable in Cencora's business and industry policies, practices, and trends, and capable of quickly learning the competitive landscape.
• Compelling risk prioritization and management experience, with ability to clearly communicate plans and accomplish goals.
• Strong decision-making capability and proficiency in making business-oriented yet legally compliant recommendations to business partners.

• Ability to solve both straight-forward and complex problems and to take a new perspective on existing, but potentially inefficient, solutions.
• Able to juggle multiple matters and effectively multi-task and prioritize deliverables to ensure that work is completed in a timely and efficient manner.
• Willingness to embrace change and to shift priorities and focus.

• Ability to communicate effectively, both orally and in writing.
• Robust collaboration skills and ability to work smoothly with all levels of associates.
• Strong interpersonal skills, creativity, negotiating ease, presentation and communication skills, organizational savvy, leadership skills, and legal-trend-spotting skills.
• Demonstrated attention to detail and ability to learn nuances of new technologies or approaches that impact the MSO and its associated clinical spaces, particularly in the data insights arena.
• Proficiency in Microsoft Word, Excel, PowerPoint, Teams, Sharepoint and the AI capabilities associated with this suite of tools.

What Cencora offers

We provide compensation, benefits, and resources that enable a highly inclusive culture and support our team members' ability to live with purpose every day. In addition to traditional offerings like medical, dental, and vision care, we also provide a comprehensive suite of benefits that focus on the physical, emotional, financial, and social aspects of wellness. This encompasses support for working families, which may include backup dependent care, adoption assistance, infertility coverage, family building support, behavioral health solutions, paid parental leave, and paid caregiver leave. To encourage your personal growth, we also offer a variety of training programs, professional development resources, and opportunities to participate in mentorship programs, employee resource groups, volunteer activities, and much more. For details, visit https://www.virtualfairhub.com/cencora

Full time

Salary Range*

$156,300 - 241,010

*This Salary Range reflects a National Average for this job. The actual range may vary based on your locale. Ranges in Colorado/California/Washington/New York/Hawaii/Vermont/Minnesota/Massachusetts/Illinois State-specific locations may be up to 10% lower than the minimum salary range, and 12% higher than the maximum salary range.