The cyber security and privacy counsel will serve as the primary legal contact for Cigna's Chief Information Security Officer and will be accountable for providing legal counsel to all of Cigna's Information Protection Unit, as well as Cigna's Digital team. In this critical leadership role, Counsel is responsible for handling complex privacy and information protection issues, partnering with business clients to create solutions that meet the business need while ensuring compliance with privacy and information protection laws, regulations and policies and participating in Cigna's privacy and security incident response process. Counsel must be a strategic thinker with has a proven track record of providing proactive, risk-based counsel to business partners. The position will work in an ongoing and collaborative way with relevant Legal, Information Security, Internal Audit, Enterprise Risk Management, Communications and Government Affairs groups in carrying out his or her responsibilities.
- Provide legal support and counseling on information security and privacy issues to the business.
- Responsible for advising on, drafting, and negotiating information security and privacy provisions in complex commercial transactions in the IT and digital technology space, and working closely with other legal department members as needed on these issues.
- Advise on the development, application, and enforcement of information security policies.
- Assist in responding to, conducting impact analyses for, and helping guide communications arising from cyber events and incidents.
- Support Cigna's information security groups for information security matters.
- Evaluate and advise on technical data protections for Cigna's products and services.
- Work closely with regulatory, public policy, and corporate communications groups to establish relationships and help shape advocacy and public facing communications about information security and privacy.
- A J.D. and bar admission.
- Minimum of (five) 5 years of legal experience in a cybersecurity and/or privacy role.
- Ability to communicate and discuss technical concepts at many levels, from IT professionals to those without a background in technology.
- Must have data protection / privacy / cyber liability experience.
- Understanding of technical concepts and an interest in technology is required.
- Experience counseling clients on cybersecurity compliance and risk management is needed.
- Significant experience managing large and high profile information incidents and security breaches.
- Experience interacting with state regulators, federal regulators, clients and customers with respect to information incidents, audits or other privacy or information protection related inquiries.
- Demonstrated ability to manage a team in a fast paced environment responsible for managing a significant workload.
- Strong, independent decision-making ability.
- Demonstrated attention to detail, ability to compile and analyze regulatory and business information, assess risk, and provide resolutions or recommendations for process improvement
- Highly collaborative individual with ability to influence others and build strong professional relationships.
- Excellent verbal and written communication skills a must.