Sr. Associate General Counsel, Cyber Security and Privacy – Remote

UnitedHealth Group is a health care and well-being company that’s dedicated to improving the health outcomes of millions around the world. We are comprised of two distinct and complementary businesses, UnitedHealthcare and Optum, working to build a better health system for all. Here, your contributions matter as they will help transform health care for years to come. Make an impact with a team that shares your passion for helping others. Join us to start Caring. Connecting. Growing together.

The Sr. Associate General Counsel – Cyber Security & Privacy will support the Deputy General Counsel (DGC) for Cyber Security & Privacy in providing high quality, pragmatic legal counsel on a broad range of cybersecurity, privacy, and data protection matters. This position will be the front -line lead attorney on cyber security events.  Additionally, this role will provide substantive legal analysis, issue spotting, and operational guidance and will partner closely with the Enterprise Privacy Office (EPO), Enterprise Security & Resiliency Office (ESRO), Technology, Human Resources, and other cross functional stakeholders to help the organization meet rapidly evolving privacy and cybersecurity regulatory requirements.

You’ll enjoy the flexibility to work remotely * from anywhere within the U.S. as you take on some tough challenges. For all hires in the Minneapolis or Washington, D.C. area, you will be required to work in the office a minimum of four days per week.

Primary Responsibilities:

• Privacy, Cybersecurity & Data Protection Legal Support
  • Analyze and advise on legal obligations related to UnitedHealth Group’s handling of personal and confidential information, including HIPAA, state privacy laws, U.S. federal privacy/security laws, and emerging global privacy regulations
  • Support compliance efforts related to cybersecurity, privacy, and data security frameworks and regulations (e.g., NYDFS)
  • Stay apprised of changing state/federal laws and requirements and develop practical recommendations on privacy/security requirements for business operations, vendor engagements, and product development
  • Assist with drafting, updating, and operationalizing privacy, cybersecurity, and data protection policies, procedures, standards, and guidelines
• Cyber Incident & Investigation Support
  • Lead and run a cyber event and investigation from discovery through investigation/forensics to fulfillment of state and federal notice requirements
  • Support the DGC in cyber incident preparedness and response, including participating in tabletop exercises and reviewing incident assessments
  • Assist in evaluating incidents involving personal or confidential data, privacy/security investigations, and regulatory reporting obligations
• Regulatory & Compliance Advisory
  • Monitor, interpret, and assist with implementation of new and emerging privacy, cybersecurity, and data protection laws
  • Review and advise on IT development, acquisition, and data architecture matters (e.g., data localization, cross border transfers)
  • Support legal analysis for insider risk and Red Flags program requirements
• Cross Functional Collaboration & Business Partnership
  • Partner with ESRO teams, Technology, Corporate Security, Communications, and other legal partners to deliver coordinated, well reasoned guidance
  • Assist business leaders in understanding privacy and cybersecurity risks and recommended mitigations
  • Provide consultative legal support to help business teams operate in compliance with privacy and cybersecurity expectations
• Training, Operational Support & Program Enablement
  • Develop and deliver legal training related to privacy, cybersecurity, data protection, and information risk management
  • Support day to day operational legal needs arising within the Enterprise Privacy Office and ESRO
  • Assist with preparing materials and documentation for internal audits, stakeholder briefings, or regulatory inquiries

You’ll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

Required Qualifications:

• 8+ years of experience in privacy, cybersecurity, data protection, or related regulatory legal practice
• Experience with HIPPA security rule
• Solid understanding of U.S. federal and state privacy/security frameworks (e.g., HIPAA, state breach notification laws) and ability to analyze complex legal issues and provide actionable guidance
• Demonstrated ability to lead and run a cyber investigation/breach 
• Demonstrated ability to work effectively across a large, matrixed organization

Preferred Qualifications:

• Experience advising on cybersecurity regulatory frameworks (e.g., NYDFS, SEC cybersecurity regulations)
• Experience supporting large scale healthcare, insurance, technology, or security operations
• Experience supporting enterprise privacy/security programs within a regulated industry
• Familiarity with global privacy regulations (e.g., GDPR, APAC privacy laws)
• Proven solid drafting, communication, and cross functional partnership skills

*All employees working remotely will be required to adhere to UnitedHealth Group’s Telecommuter Policy

Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with us, you’ll find a far-reaching choice of benefits and incentives. The salary for this role will range from $159,300 to $273,200 annually based on full-time employment. We comply with all minimum wage laws as applicable.

Application Deadline: This will be posted for a minimum of 2 business days or until a sufficient candidate pool has been collected. Job posting may come down early due to volume of applicants.

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes – an enterprise priority reflected in our mission.

UnitedHealth Group is an Equal Employment Opportunity employer under applicable law and qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations.

UnitedHealth Group is a drug-free workplace. Candidates are required to pass a drug test before beginning employment.