Jobs · Information Technology · New York

VP & Associate GC, Cybersecurity & Privacy

MetLife · New York, NY · 1 wk ago
HybridInformation Technology$239k–$318k/yrFull-time

About the role

The Opportunity MetLife is seeking a senior legal leader with deep global cybersecurity and privacy expertise to serve as the enterprise lead for cybersecurity and privacy legal risk and as a key member of the GEBI leadership team.

Responsibilities

  • Enterprise Strategy, Governance And Leadership
    • Owns the cybersecurity and privacy legal strategy and operating model; establishes standards, playbooks, escalation paths, and risk tolerances aligned to enterprise objectives.
    • Acts as principal legal advisor to Information Security leadership and a key partner to the Chief Privacy Office, Compliance, Risk, Technology and business leadership; influences senior decision-making through risk-based guidance.
    • Represents Government & Legal Affairs in senior governance forums and drives alignment on complex, high-impact initiatives (e.g., cloud and transformation programs, data strategy, AI/analytics enablement, and enterprise resilience activities).
  • Incident Response And Regulatory Engagement (cybersecurity And Privacy)
    • Serves as lead legal point of contact for significant cybersecurity incidents and privacy incidents, directing legal response, strategy, investigation oversight, notification analysis, and remediation support in partnership with Information Security, Privacy, Compliance and Communications, and colleagues in other legal areas.
    • Led legal readiness for enterprise incident response (tabletops, playbooks, training) and advises on third-party breach response, client ransomware events, and client-facing communications.
    • Owns legal strategy for regulator and law enforcement engagement related to cyber and privacy events; supports examinations, inquiries, and investigations and drives defensible, timely responses.
    • Presents closely with Government Affairs colleagues on regulatory engagement.
  • Privacy-by-design, Product/technology Enablement And Data Protection
    • Provides strategic legal advice on global privacy and data protection requirements (e.g., GDPR, CCPA, HIPAA/HITECH and other applicable regimes) across products, services, marketing, HR, and operations.
    • Advises on privacy-by-design and cybersecurity-by-design for new and existing technologies, including cloud, digital channels, data sharing, cross-border transfers, analytics, and AI/ML use cases; partners on governance, controls, and documentation to enable compliant innovation.

Requirements

  • Business Knowledge/Technical Skills:
    • 15+ years legal experience with deep cybersecurity and privacy/data protection expertise; financial services and in-house experience preferred.
    • Significant cyber and privacy incident response experience (investigations, privilege strategy, remediation, breach notification and regulator engagement).
    • Strong knowledge of global privacy/data protection and cybersecurity requirements applicable to the role (e.g., GDPR, CCPA/CPRA, HIPAA/HITECH; NYDFS/NAIC-related requirements as applicable) and ability to translate them into practical guidance.
    • Ability to support complex technology and data-enabled initiatives (cloud, digital channels, data sharing, analytics and AI/ML), including privacy-by-design and security-by-design.
    • Familiarity with security frameworks and control environments (e.g., NIST, ISO 27001/27002) and enterprise policy/program development (standards, playbooks, training).
    • Experience negotiating cybersecurity and privacy terms in complex commercial/vendor agreements; supporting third-party risk and strategic sourcing; and leading cyber/privacy diligence for strategic transactions (including M&A).
    • Demonstrates baseline AI fluency, including the ability to effectively and responsibly use approved AI tools to enhance productivity, decision‑making, and work quality.
    • Understands AI capabilities, limitations, and ethical considerations, and applies AI in alignment with company policies, data privacy standards, and business objectives.
  • Leadership/Management Competencies:
    • Proven people leadership (including leading senior professionals and/or managers): sets strategy and priorities, allocates resources, develops talent and succession.
    • Trusted advisor with executive presence; influences outcomes in a matrixed, global environment through sound, risk-based judgment.
    • Excellent communication and negotiation skills; able to simplify complex cyber/privacy issues and drive timely decisions on high-risk matters.
    • Solution-oriented and operationally disciplined; leads through change while maintaining strong governance.

Qualifications

  • Education: Juris Doctor (JD) degree from an accredited law school.
  • License: Active bar membership in good standing in the jurisdiction where the candidate intends to practice.

Skills

  • Strong analytical and problem-solving skills.
  • Excellent written and verbal communication skills.
  • Ability to manage multiple projects simultaneously.
  • Experience with regulatory compliance and risk management.
  • Knowledge of cybersecurity and privacy laws and regulations.
  • Experience with data protection and privacy frameworks.
  • Experience with AI and machine learning.

Benefits

We Offer Our U.S. benefits address holistic well-being with programs for physical and mental health, financial wellness, and support for families. We offer a comprehensive health plan that includes medical/prescription drug and vision, dental insurance, and no-cost short- and long-term disability. We also provide company-paid life insurance and legal services, a retirement pension funded entirely by MetLife and 401(k) with employer matching, group discounts on voluntary insurance products including auto and home, pet, critical illness, hospital indemnity, and accident insurance, as well as Employee Assistance Program (EAP) and digital mental health programs, parental leave, paid time off, paid holidays, volunteer time off, tuition assistance and much more!

Pay

The expected salary range for this position is $238,800 - $318,300. This role may also be eligible for annual short-term incentive compensation and stock-based long-term incentives. All incentives and benefits are subject to the applicable plan terms.

Schedule

This is a hybrid role requiring a minimum of 3 days per week in office.

Similar jobs

Privacy & Cyber Associate

The People Of: Professional ServicesCalifornia, United States· 3 wk ago
Engineering$260/hrapply on tposearch.com