Senior Counsel, Data Privacy & Security

You desire impactful work.

You’re
RGA ready

RGA is a purpose-driven organization working to solve today’s challenges through innovation and collaboration. A Fortune 200 Company and listed among its World's Most Admired Companies, we’re the only global reinsurance company to focus primarily on life- and health-related solutions. Join our multinational team of intelligent, motivated, and collaborative people, and help us make financial protection accessible to all.

This experienced data privacy and cybersecurity attorney provides practical, day-to-day legal support on data protection and information security matters. This role supports the company’s global operations by advising on compliance with data privacy and data security laws and regulations; reviewing and negotiating data-related contractual provisions; and assisting the business identifying and addressing legal risks related to the collection, use, storage, and transfer of personal and sensitive information.

• Provide legal advice on US and global: (i) data privacy laws including GLBA, HIPAA, CAN-SPAM ACT, CCPA, PIPEDA, GDPR, PDPA; (ii) AI [governance requirements?]; and (iii) other existing and emerging regulations related to data privacy, cybersecurity and AI
• Advise on regulatory privacy requirements for financial services and insurance sectors
• Review and negotiate contracts including data processing agreements and clauses and cybersecurity exhibits
• Advise on privacy impact assessments (PIAs) and data protection impact assessments (DPIAs)
• Assist with data subject rights requests and incident response procedures within the legal team
• Advise on legal risk identification and mitigation efforts and privacy compliance efforts including privacy-by-design in business operations, product development, data analytics and technology solutions

• Provide legal guidance on cybersecurity risk management and incident response
• Advise on cybersecurity laws and regulations, including CCPA, SEC cybersecurity rules, US and non-US breach notification requirements
• Support global breach notification obligations
• Collaborate with IT security teams on legal aspects of security controls and frameworks
• Advising on reasonable security safeguards from legal perspective
• Advise on regulatory cybersecurity requirements for financial services and insurance sectors
• Review and negotiate cybersecurity exhibits in vendor contracts and reinsurance agreements.

• Monitor and interpret evolving data protection, cybersecurity and AI regulations globally
• Conduct legal risk assessments for data-related business activities
• Develop training programs and awareness initiatives for workforce members and business stakeholders
• Support internal audits and regulatory examinations related to data practices

• Partner with IT, risk management, compliance, and business teams on data-related initiatives
• Support M&A due diligence on data privacy and cybersecurity matters
• Collaborate with external counsel and privacy consultants as needed
• Participate in industry associations and regulatory working groups
• Contribute to enterprise risk management and business continuity planning

• Juris Doctor (JD), Law Degree from a United States accredited law school or equivalent accredited institution.
• Advanced degree (LLM), Privacy law, cybersecurity, or technology law are preferred
• 6+ Years of Legal experience with significant focus on data privacy and cybersecurity law, risk management.
• Licensed to practice lawin the US
• CISSP, CIPP, CIPM, CIPT, CISA or equivalent are preferred
• Demonstrated experience working with US and global cybersecurity and privacy laws, regulations and frameworks (GLBA, HIPAA, CCPA, GDPR, NIST CSF, NIST PF, CIS, ISO, SOC2)
• Proven ability to assess privacy and cybersecurity risks, translate regulatory requirements into practical controls and support remediation efforts.
• Hands on experience with incident response, US breach notification processes and regulatory reporting obligations.
• Strong documentation skills – drafting policies, agreements,…