Associate General Counsel, Cyber & Privacy Legal
Key Responsibilities
- Provide sophisticated counsel on U.S. and global cybersecurity regulations applicable to financial institutions.
- Serve as a primary point of legal contact for cybersecurity-related inquiries from financial-services regulators, including responding to exams, supervisory requests, and regulatory reporting obligations.
- Monitor global regulatory developments and proactively advise leadership on required compliance enhancements.
- Lead legal strategy for cybersecurity incidents, including directing complex, multi-jurisdictional incident response, coordinating with internal stakeholders, regulators, third-party forensic firms, and law enforcement as needed.
- Develop and refine enterprise incident response protocols, including tabletop exercises, crisis-management structures, and regulatory notification workflows.
- Advises on legal risks related to ransomware, data breaches, network intrusions, vendor incidents, and emerging cybersecurity threats.
- Draft, negotiate, and advise on a wide range of vendor and client facing cybersecurity-related agreements.
- Partner with procurement, security, technology, and business stakeholders to ensure contractual controls align with enterprise risk and regulatory expectations.
- Serve as a trusted advisor to the CISO organization, technology leadership, and operational risk teams on cybersecurity and data-risk strategy.
- Promote a positive, collaborative culture within the GLCR department and act as a thought leader across the company and the broader cybersecurity legal community.
Qualifications
- J.D. from an accredited U.S. law school and active license to practice law.
- 10+ years of legal experience, including significant experience supporting incident response and advising on cyber-risk management for a complex, highly regulated organization.
- Deep knowledge of cybersecurity laws, regulations, and regulatory expectations applicable to financial services.
- Extensive experience drafting and negotiating technology and cybersecurity-related contracts.
- Exceptional communication, problem-solving, and crisis-management skills; ability to advise senior leaders under pressure.
- Highly collaborative, adaptive, and business-focused approach.
- CIPP-US, CISSP, or other cybersecurity/privacy certification preferred, but not required.
Pay
The base salary range for this position is $170,000-$200,000 and the position is eligible for a bonus in accordance with the terms of the applicable incentive plan. Your actual compensation will be dependent on your skills, experience, and qualifications.
Benefits
We are proud to offer a range of competitive benefits, a summary of which can be viewed here: US Benefits At AIG, we value in-person collaboration as a vital part of our culture, which is why we ask our team members to be primarily in the office. This approach helps us work together effectively and create a supportive, connected environment for our team and clients alike. Enjoy Benefits That Take Care Of What Matters At AIG, our people are our greatest asset. We know how important it is to protect and invest in what’s most important to you. That is why we created our Total Rewards Program, a comprehensive benefits package that extends beyond time spent at work to offer benefits focused on your health, wellbeing and financial security—as well as your professional development—to bring peace of mind to you and your family.