VP, Assistant General Counsel, Cybersecurity
LPL Financial · New York, United States · 2 wk ago
Legal$172k–$287k/yrFull-time
Job Overview
LPL is seeking a Vice President, Cybersecurity Attorney to join the Legal Privacy team. This role serves as the firm’s lead legal advisor on cybersecurity matters.
Responsibilities
- Advise on legal and regulatory obligations applicable to cybersecurity incidents, including materiality assessments, regulatory notifications, disclosure requirements, and client/advisor communications.
- Serve as the primary legal advisor for incident response, working closely with Information Security, Technology, Communications, Compliance, and executive leadership during cyber and data events.
- Monitor and interpret evolving cybersecurity regulations (e.g., NYDFS Cybersecurity Rules, state breach laws, privacy laws, SEC/FINRA expectations) and assess their impact on business operations.
- Support crisis management activities and provide legal guidance on escalation, response coordination, and regulatory engagement during high-priority events.
- Draft, review, and update cybersecurity and incident response policies, standards, procedures, and playbooks, including enhancements to the firm’s incident response program and governance model.
- Participate in cyber tabletop exercises, readiness assessments, and cross-functional simulations to strengthen operational resilience.
- Provide legal input into cybersecurity requirements applicable to third-party service providers, vendor oversight, and technology integrations, including contractual terms, diligence, and supervisory expectations.
- Partner with Information Security to evaluate cybersecurity controls and governance frameworks, including processes related to logging, monitoring, identity and access management, endpoint protection, and vulnerability management.
- Support regulatory examinations, supervisory inquiries, remediation activities, and documentation efforts related to cybersecurity matters.
- Collaborate cross-functionally with Technology, Risk, Compliance, Data Governance, and business teams to support cybersecurity regulatory compliance and operational alignment.
Requirements
- Juris Doctor (JD) from an accredited law school; licensed to practice in at least one U.S. jurisdiction.
- 8–12+ years of legal experience with a strong background in cybersecurity, data security, privacy, technology law, or incident response.
- Experience in financial services with exposure to broker-dealer and/or investment advisory regulatory environments (SEC, FINRA, MSRB, banking regulators).
- Experience advising on cyber incident response, materiality assessments, regulatory notifications, and supervisory expectations.
Core Competencies
- Familiarity with cybersecurity regulations and frameworks, including NYDFS Cybersecurity Rules, state breach laws, Reg S-P, SEC/FINRA expectations, and data protection statutes.
- Experience drafting and maintaining cybersecurity policies, incident response procedures, standards, and playbooks.
- Strong analytical and problem-solving skills, with the ability to translate complex technical concepts into actionable legal guidance.
- Excellent written and verbal communication skills, including experience presenting to executive leadership during time-sensitive events.
- Ability to manage multiple priorities in a fast-paced, high-stakes environment.
- Collaborative mindset with the ability to work across technical, business, legal, compliance, and risk teams.
Preferences
- In-house experience in a financial services or regulated technology environment.
- Experience advising on supervisory exams, regulatory inquiries, and remediation efforts involving cyber or technology controls.
- Knowledge of cybersecurity technologies and ecosystem components (e.g., logging/monitoring, endpoint security, IAM, cloud environments, threat detection platforms).
- Strong contract negotiation and drafting skills.
- Familiarity with crisis management practices and communications during cyber or data events.