Corporate Counsel, Privacy and Data Security

Corporate Counsel, Privacy and Data Security

Location:

Remote – USA

At agilon health, we are reimagining health care by empowering primary‑care physicians to focus on the total health of their senior patients. agilon’s mission is rooted in better outcomes, stronger physician satisfaction, and healthier communities. The Senior Associate General Counsel, Data Privacy & Security will play a critical enterprise leadership role at the intersection of healthcare, technology, compliance, and innovation.

• Lead and evolve agilon’s privacy legal governance framework, including policies, standards, and operational guardrails aligned with U.S. and India requirements
• Advise on healthcare privacy, data security, governance, retention, defensible deletion, and compliant data use across products, analytics, operations, and enterprise initiatives
• Build scalable privacy programs, playbooks, implementation guides, and self‑service tools that enable teams to move quickly within clear legal boundaries
• Serve as a primary legal advisor on high‑risk or novel data uses, privacy and security risk assessments, digital tracking, website governance, and member outreach
• Embed practical privacy review into core business workflows, including product development, vendor procurement, marketing, and data‑sharing activities
• Draft, negotiate, and close a wide range of commercial agreements, including BAAs, SaaS, services, licensing, NDAs, SOWs, grants, consultant, and information security terms
• Own legal standards for data protection terms and advise on third‑party risk, vendor diligence, and vendor‑related incidents
• Lead legal response to privacy and data security incidents, including breach analysis, notification strategy, regulatory engagement, and stakeholder coordination
• Support regulatory audits, examinations, and inquiries involving privacy and data security
• Advise on AI governance and emerging technologies, including acceptable use, legal risk, transparency, accountability, and evolving regulatory expectations
• Monitor developments in privacy, healthcare, and technology law and translate them into clear, actionable business guidance
• Support privacy integration and remediation in acquisitions, new partnerships, and periods of organizational growth

• Active license to practice law
• 6-8+ years of privacy and data security experience in‑house and/or at a law firm, with preference for candidates who have supported healthcare or technology companies
• Strong knowledge of U.S. privacy and data security laws, including HIPAA/HITECH, CCPA/CPRA, and evolving state privacy laws
• Proven ability to develop and operationalize privacy governance frameworks, policies, playbooks, and scalable processes
• Experience managing a high volume of diverse contract types (services agreements, BAAs, SaaS, NDAs, EULAs, licensing agreements, and similar)
• Experience leading or supporting privacy and data security incident response, including breach analysis, regulatory notification, and vendor investigations
• Experience participating in or supporting regulatory audits or examinations by state or federal regulators

• Prior healthcare regulatory experience, with particular familiarity with Medicare Advantage, CMS requirements, value‑based care models, or primary‑care‑oriented healthcare delivery
• Experience supporting technology‑enabled healthcare products, data platforms, or digital health initiatives
• Familiarity with AI/ML governance frameworks, algorithmic accountability, and legal considerations related to emerging technologies
• Experience leading privacy program integration following a merger, acquisition, or significant organizational change
• Experience advising on the use of protected health information (PHI) in clinical, operational, analytics, or value‑based care contexts

The strongest candidates will bring excellent judgment, a practical and collaborative style, and the ability to translate complex legal and regulatory requirements into business‑friendly guidance. They should be comfortable operating in a fast‑paced environment, managing multiple priorities, and partnering across technical and…