VP & Associate GC, Cybersecurity & Privacy

Overview

In Government & Legal Affairs, you  be an engaged and trusted partner - empowered to deliver innovative solutions, influence public policy, and achieve results that enable Met Life  growth and protect its global interests. Applying a commercial and contemporary mindset, you  advocate for what  possible, overcome challenges, and embrace different perspectives. If you also pride yourself on acting with accountability, transparency, and respect, apply to join our Government & Legal Affairs team today.

Met Life is seeking a senior legal leader with deep global cybersecurity and privacy expertise to serve as the enterprise lead for cybersecurity and privacy legal risk and as a key member of the GEBI leadership team. This role functions as the principal legal advisor to Met Life  Information Security organization and provides strategic, enterprise wide legal guidance on cybersecurity, data protection, and privacy governance laws and regulations across all regions and business lines.

The role partners closely with senior leaders across Government & Legal Affairs, Compliance, Privacy, Information Security, Global Technology & Operations, and the businesses to shape risk informed decision making and align legal strategy with Met Life  broader business objectives.

As a senior legal leader, serves as Met Life  enterprise lead for cybersecurity and privacy legal risk, setting strategy and priorities and delivering consistent, high-quality legal support across regions and business lines, including:

• Enterprise strategy, governance and leadership:
  Owns the cybersecurity and privacy legal strategy and operating model; establishes standards, playbooks, escalation paths, and risk tolerances aligned to enterprise objectives.
• Acts as principal legal advisor to Information Security leadership and a key partner to the Chief Privacy Office, Compliance, Risk, Technology and business leadership; influences senior decision-making through risk-based guidance.
• Represents Government & Legal Affairs in senior governance forums and drives alignment on complex, high-impact initiatives (e.g., cloud and transformation programs, data strategy, AI/analytics enablement, and enterprise resilience activities).

Incident response and regulatory engagement (cybersecurity and privacy):

• Serves as lead legal point of contact for significant cybersecurity incidents and privacy incidents, directing legal response, strategy, investigation oversight, notification analysis, and remediation support in partnership with Information Security, Privacy, Compliance and Communications, and colleagues in other legal areas.
• Leads legal readiness for enterprise incident response (tabletops, playbooks, training) and advises on third-party breach response, client ransomware events, and client-facing communications.
• Owns legal strategy for regulator and law enforcement engagement related to cyber and privacy events; supports examinations, inquiries, and investigations and drives defensible, timely responses. Partners closely with Government Affairs colleagues on regulatory engagement.

Privacy-by-design, product/technology enablement and data protection:

• Provides strategic legal advice on global privacy and data protection requirements (e.g., GDPR, CCPA, HIPAA/HITECH and other applicable regimes) across products, services, marketing, HR, and operations.
• Advises on privacy-by-design and cybersecurity-by-design for new and existing technologies, including cloud, digital channels, data sharing, cross-border transfers, analytics, and AI/ML use cases; partners on governance, controls, and documentation to enable compliant innovation.

Business Knowledge/Technical

Skills:

• 15+ years legal experience with deep cybersecurity and privacy/data protection expertise; financial services and in-house experience preferred.
• Significant cyber and privacy incident response experience (investigations, privilege strategy, remediation, breach notification and regulator engagement).
• Strong knowledge of global privacy/data protection and cybersecurity requirements applicable to the role (e.g., GDPR, CCPA/CPRA, HIPAA/HITECH; NYDFS/NAIC-related requirements as applicable) and ability to translate them into practical guidance.
• Ability to support complex technology and data-enabled initiatives (cloud, digital channels, data sharing, analytics and AI/ML), including privacy-by-design and security-by-design.
• Familiarity with security frameworks and control environments (e.g., NIST, ISO 27001/27002) and enterprise policy/program development (standards, playbooks, training).
• Experience negotiating cybersecurity and privacy terms in complex commercial/vendor agreements; supporting third-party risk and strategic sourcing; and leading cyber/privacy diligence for strategic transactions (including M&A).

Demonstrates baseline AI fluency, including the ability to effectively and responsibly use approved AI tools to enhance productivity, decision making, and work…