Lead the legal support for privacy and cybersecurity efforts across the company’s USAC and LATAM operations.
Advise and collaborate with the IT, cybersecurity, business and functional teams, and external partners to manage legal risks related to data security and privacy.
Conduct privacy and data protection impact assessments to ensure sensitive health data is used in compliance with privacy regulations and contractual rights.
Advise cybersecurity teams on incident response and investigations, ensuring proper documentation to minimize risks, protect privacy, and fulfill legal obligations during and after security incidents.
Collaborate with Procurement and business contracting teams to draft, negotiate, and maintain privacy/data protection terms in contracts and agreements.
Lead the company’s legal response to product vulnerabilities, information security breaches, and cyber events, including advising on regulatory notifications at federal, state, and international levels.
Counsel IT operations, security teams, and business units on developing and implementing cybersecurity plans, incident response strategies, and compliance with industry standards and regulations.

Juris Doctor (JD) from an accredited law school or Law degree
8 years of experience in data privacy and cybersecurity law, ideally within the life sciences, healthcare, medical devices, or similarly regulated industries
Expertise in global data privacy laws (including GDPR) and AI laws (including EU AI Act).
Expertise in US data privacy laws and regulations, including HIPAA and US state consumer privacy laws (e.g., CCPA, CPA, etc.).
Expertise in advising on cybersecurity, including product vulnerability, incident response, and legal obligations arising from privacy and security incidents
Experience in advising on cybersecurity standards such as PCI DSS, the NIST Cybersecurity Framework

Senior Managing Counsel, Privacy & Cybersecurity

Key skills