Deputy General Counsel - Cyber Security & Privacy

United Health Group is a health care and well-being company that is dedicated to improving the health outcomes of millions around the world. We are comprised of two distinct and complementary businesses, United Healthcare and Optum, working to build a better health system for all. Here, your contributions matter as they will help transform health care for years to come. Join us to start Caring.

Connecting. Growing together.

This role will provide senior level privacy and security legal counsel to United Health Group and Enterprise Security and Resiliency Office (ESRO) leaders, as well as provide legal support to the overall Enterprise privacy and security programs. This position will address regulatory and legal considerations and obligations arising from the Enterprise's handling of personal and confidential data. This individual will also provide experience, expertise and leadership counsel on cyber events and other escalated privacy or security investigations.

In this role, you will provide advice and drive compliance efforts with respect to global privacy, cybersecurity, and data protection laws in all state, federal and global jurisdictions. You will be a part of a team who help support our businesses operate in a manner that complies with privacy, cybersecurity, and data protection regulations. You will be a partner to the business, leading initiatives and providing pragmatic, consultative advice.

You will act as a point of escalation on behalf of the Enterprise Privacy Office for cyber events and escalated privacy and security legal matters with ESRO leaders and other stakeholders.

You will enjoy the flexibility to work remotely from anywhere within the U.S. as you take on some tough challenges.

• Identify security and privacy risks and provide guidance to leaders on mitigating risk associated with privacy, security and new and evolving cyber issues
• Provide counsel and advise leaders on risk remediation and best practices in the privacy and security space
• Drive compliance efforts relating to cybersecurity, global privacy and data security regulations and standards (e.g., NYDFS)
• Lead implementation relating to new and pending laws that impact United Health Groups privacy, cybersecurity and data protection program; translate that into practical, effective advice
• Implement and update privacy, cybersecurity, and data protection related policies, procedures, best practices, and guidelines
• Analyze and resolve privacy and security questions and issues that arise in business operations and commercial relationships
• Counsel on information technology development, acquisition and implementation and data architecture to ensure compliance with global privacy and data protection laws such as data localization requirements
• Oversee legal and compliance aspects of insider risk and Red Flag programs
• Counsel on privacy and security incident preparedness and management, including providing counsel and participation in tabletop exercises
• Demonstrate the ability to lead and coordinate a significant, multi department privacy/security breach investigation, concomitant regulatory inquiries and related litigation
• Assist with and support other day-to-day legal and compliance matters and processes associated with the privacy and security programs as needed
• Prepare, coordinate, and deliver legal and compliance training regarding security, privacy, data protection, information risk management and associated activities
• Work collaboratively with intra-team and cross-functional partners, including United Health Group Corporate Security, Communications and Technology, and other department and business units to develop creative solutions to complex challenges related to a significant cyber event
• Closely collaborate and align about privacy, cybersecurity, and data protection compliance or related issues with the members of the Enterprise Privacy Office, Enterprise Security and Resiliency Office, Technology, Human Resources, and other relevant (group) functions

• 10-15+ years' experience and expertise in the HIPAA Security Rule and other state and federal law cybersecurity requirements
• Law firm and/or Fortune 100 in-house Privacy and Security experience preferred
• Experience managing significant and publicized cyber events end-to-end
• Solid executive communication skills and experience in counseling C-suite leaders and board members on security related matters/risks
• Demonstrated team player, confidently able to work in a matrixed environment

All employees working remotely will be required to adhere to United Health Group's Telecommuter Policy.

You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

The salary range for this role is $191,800 to $364,800 annually based on full-time employment. Pay is based on several factors including but…