Share this Job

VP & Associate General Counsel, Cybersecurity

Apply now »

Date Posted: Jul 29, 2022

Location(s): New York, NY, US, 10166

Company: MetLife

PositionVP & Associate General Counsel, Cybersecurity

 

Job Location:  New York, NY

 

Department:

The Legal Affairs line of business is comprised of the Law Department and Legal Affairs Operations, and provides legal services and oversight to the Company, globally. Within the Law Department, the Global Technology & Operations, Employment, Benefits & Information (GEBI) section oversees matters affecting the MetLife group of companies, handles thousands of matters internally and closely supervises outside counsel, as appropriate. The GEBI section strives to provide the highest quality support to MetLife, in a variety of matters, pre-litigation and preventative litigation service, contract/vendor negotiation, benefits counseling, cybersecurity and information lifecycle management support in an efficient, cost-effective and timely manner, and is comprised of five practice areas, or units: (1) Global Technology & Operations; (2) Employment; (3) Employment Benefits, Compensation & Tax; (4) Contract Management and Procurement; and (5) Information Lifecycle Management.

 

The Role:

MetLife is seeking a senior attorney with substantial global cybersecurity legal experience. Working closely and collaboratively with professionals across Legal Affairs, Compliance, and Information Security, the attorney in this role will provide principal support to MetLife’s Information Security group and be the main point of contact for providing legal interpretation and guidance on information security laws and regulation across the Enterprise as well as guidance for the business and Information Security in assessing and managing information management risk.

    

Key Responsibilities:

  • Acting as the principal lawyer for MetLife’s Information Security group, including:
    • Collaborating with the Privacy Office, Compliance, Government Relations and Global Technology and Operations (GTO) to provide legal advice and guidance on cybersecurity issues, including cyber incident response/preparedness, third-party breach response, client ransomware incidents, risk assessment, client/regulatory inquiries, and client-facing communications;
    • Advising on the application of cybersecurity and data protection considerations to new and existing technologies, project offerings, insurance products and services, business models and transactions (including mergers and acquisitions); and
    • Providing advice for MetLife’s contracts, both as a service provider and as an acquirer of goods and services.
  • Acting as the principal lawyer for cybersecurity advice and guidance to the business, including:
    • Advising business partners in all regions on information security matters concerning existing and emerging law and regulation.
    • Partnering with business to interpret and apply cybersecurity data management law, regulations and policy across the company’s global operations.
    • Providing day-to-day legal advice and counsel to internal business partners (e.g., cross-functional cyber threat team, Information Risk, Information Technology, Privacy, Compliance and LOB partners).
    • Monitoring business activity to ensure legal compliance policies/standards are followed and associated risks are mitigated; advising and helping clients understand complex cyber compliance issues; facilitating development of creative solutions to complex cyber issues utilizing MetLife’s Information Lifecycle Management framework
    • Advising on the application of cybersecurity and data protection considerations to technologies, project offerings and/or business models. Advising business partners and the Law Department on the acquisition of vendor cybersecurity tools and services Enterprise wide, including periodic review and updating of information security addenda to vendor agreements. Advising on information security issues pertaining to customer-facing insurance products and services, including the negotiation of information security components of customer agreements.
    • As needed, leading teams to assist in providing advice and guidance.
  • Serving as the legal point of contact during cybersecurity incidents:
    • Providing guidance and risk assessment.
    • Participating in and advising on cyber incident exercises, drafting/reviewing incident response playbooks, and providing training in line with changing regulatory guidance and best practices.
  • Advising on cybersecurity governance issues throughout the Enterprise, including:
    • Data governance and other risk management functions, Global Technology & Operations, business lines, Compliance, and the Law Department (including the Corporate Secretary’s Office).
    • Information security issues during merger & acquisition activities.
    • Design and implementation of policies, procedures, and tools to enhance cybersecurity and data protection.
    • New technology from the perspective of cybersecurity laws and regulations, among others, and advising on regulatory and contractual implications.
    • Developing information governance training materials as it pertains to cybersecurity issues including retention and destruction programs with a cybersecurity perspective.
    • Ensuring that department staff are knowledgeable and keep current with cybersecurity policies and procedures
    • Working with Internal Audit and Information Security, advising on legal concerns regarding, as appropriate, internal and external audits of cybersecurity practices and controls.
    • Assisting in the development of departmental policies and procedures to support MetLife’s information records, records risk management and data lifecycle management.
    • Fostering awareness of evolving cybersecurity needs and demands.
  • Keeping abreast of statutory and regulatory trends, including:
    • Providing statutory and regulatory interpretation of existing and proposed federal and state cybersecurity law and regulation, including the NYS DFS cybersecurity regulation, the NAIC model law as enacted in various states, and enacted and proposed federal law, regulation, and executive orders.
    • Monitoring developments of legislation and regulation and working closely on related regulatory investigations.

 

Key Relationships:

  • Reports to: Chief Counsel, Global Technology & Operations, Employment, Benefits & Information (GEBI)
  • Direct reports/team: TBD
  • Key Stakeholders: Executive Leadership Team, CISO organization, Business Lines

 

Essential Business Experience and Technical Skills:

  • 15+ total years of legal experience with expertise in one or more of information security policies and standards (including incident response management, investigation and remediation), data governance and data standards (including data mapping and retention and deletion programs), anonymization/pseudonymization of data, analytics, and/or artificial intelligence/machine learning. In-house legal experience in the financial services industry preferred, particularly in connection with technology platforms.
  • Substantive data protection and data privacy experience and knowledge of relevant global data protection regulations and statutes – e.g., NY Department of Financial Services Cybersecurity Regulation, NAIC, HIPAA HiTech, GDPR, CCPA.
  • Knowledge of information security frameworks and compliance (e.g., NIST and ISO27001).
  • Experience standardizing policies, protocols, and training programs, including the associated documents such as vendor and client contracts. This includes providing guidance across various stakeholders, such as business and product development, mergers and acquisitions, investor relations, and procurement.
  • Experience working independently and cross-functionally.
  • Experience taking on complex projects.
  • Strong communication and project management skills, including a strong desire and ability to make complex topics understandable for various audiences.
  • Ability and strong desire to effectively advise, develop relationships, and work collaboratively across stakeholders both within and outside of a law department.
  • Solution-oriented, risk awareness, customer service focused, while maintaining a growth mindset.
  • Bar admission and in good standing to practice law in your relevant jurisdiction.
  • Strong interpersonal skills.

 

 

      MetLife Success Principles

  • Experiment with Confidence – Courageously learn and test new ideas without fear of failure
  • Act with Urgency – Demonstrate speed to action with agility and determination
  • Seek Diverse Perspectives – Source ideas and feedback to expand thinking and make informed decisions
  • Seize Opportunity – Drive responsible growth and identify areas for continuous improvement
  • Champion Inclusion – Foster an environment where everyone is valued, heard, and can speak up
  • Create Alignment – Partner with others across the organization with candor and transparency
  • Take Responsibility – Be accountable and act in pursuit of the right outcomes
  • Enable Solutions – Anticipate and address obstacles while managing risk
  • Deliver What Matters – Execute meaningful priorities and follow through on commitments

 

 

MetLife:

MetLife, through its subsidiaries and affiliates, is one of the world’s leading financial services companies, providing insurance, annuities, employee benefits and asset management to help its individual and institutional customers navigate their changing world. Founded in 1868, MetLife has operations in more than 40 countries and holds leading market positions in the United States, Japan, Latin America, Asia, Europe and the Middle East.

 

We are one of the largest institutional investors in the U.S. with $669 billion of total assets under management as of December 31, 2021. We are ranked #46 on the Fortune 500 list for 2021. In 2020, we were named to the Dow Jones Sustainability Index (DJSI) for the fifth year in a row. DJSI is a global index to track the leading sustainability-driven companies. We are proud to have been named to Fortune magazine’s 2021 list of the “World’s Most Admired Companies.”      

           

MetLife is committed to building a purpose-driven and inclusive culture that energizes our people. Our employees work every day to help build a more confident future for people around the world.

 

We want to make it simple for all interested and qualified candidates to apply for employment opportunities with MetLife.  If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to accommodations@metlife.com or call our Employee Relations Department at 1-877-843-3711.

 

MetLife is a proud Equal Employment Opportunity and Affirmative Action employer dedicated to attracting, retaining, and developing a diverse and inclusive workforce. All qualified applicants will receive consideration for employment at MetLife without regards to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, uniformed service member or veteran status, or any other characteristic protected by law.

 

MetLife maintains a drug-free workplace.

 

 


Nearest Major Market: New York City