You desire impactful work.
 

You’re RGA ready

RGA is a purpose-driven organization working to solve today’s challenges through innovation and collaboration. A Fortune 200 Company and listed among its World’s Most Admired Companies, we’re the only global reinsurance company to focus primarily on life- and health-related solutions. Join our multinational team of intelligent, motivated, and collaborative people, and help us make financial protection accessible to all.

Senior Counsel, Data Privacy & Security

This experienced data privacy and cybersecurity attorney provides practical, day-to-day legal support on data protection and information security matters. This role supports the company’s global operations by advising on compliance with data privacy and data security laws and regulations; reviewing and negotiating data-related contractual provisions; and assisting the business identifying and addressing legal risks related to the collection, use, storage, and transfer of personal and sensitive information.

PRINCIPAL DUTIES

Data Privacy

• Provide legal advice on US and global: (i) data privacy laws including GLBA, HIPAA, CAN-SPAM ACT,  CCPA, PIPEDA, GDPR, PDPA; (ii) AI [governance requirements?]; and (iii) other existing and emerging regulations related to data privacy, cybersecurity and AI
• Advise on regulatory privacy requirements for financial services and insurance sectors
• Review and negotiate contracts including data processing agreements and clauses and cybersecurity exhibits
• Advise on privacy impact assessments (PIAs) and data protection impact assessments (DPIAs)
• Assist with data subject rights requests and incident response procedures within the legal team
• Advise on legal risk identification and mitigation efforts and privacy compliance efforts including privacy-by-design in business operations, product development, data analytics and technology solutions

Cybersecurity Legal Support

• Provide legal guidance on cybersecurity risk management and incident response
• Advise on cybersecurity laws and regulations, including CCPA, SEC cybersecurity rules, US and non-US breach notification requirements
• Support global breach notification obligations
• Collaborate with IT security teams on legal aspects of security controls and frameworks
• Advising on reasonable security safeguards from legal perspective
• Advise on regulatory cybersecurity requirements for financial services and insurance sectors
• Review and negotiate cybersecurity exhibits in vendor contracts and reinsurance agreements.

Regulatory Compliance & Risk Management

• Monitor and interpret evolving data protection, cybersecurity and AI regulations globally
• Conduct legal risk assessments for data-related business activities
• Develop training programs and awareness initiatives for workforce members and business stakeholders
• Support internal audits and regulatory examinations related to data practices

Cross-Functional Collaboration

• Partner with IT, risk management, compliance, and business teams on data-related initiatives
• Support M&A due diligence on data privacy and cybersecurity matters
• Collaborate with external counsel and privacy consultants as needed
• Participate in industry associations and regulatory working groups
• Contribute to enterprise risk management and business continuity planning

QUALIFICATIONS

• Juris Doctor (JD), Law Degree from a United States accredited law school or equivalent accredited institution.
• Advanced degree (LLM), Privacy law, cybersecurity, or technology law are preferred
• 6+ Years of Legal experience with significant focus on data privacy and cybersecurity law, risk management.
• Licensed to practice law in the US
• CISSP, CIPP, CIPM, CIPT, CISA or equivalent are preferred
• Demonstrated experience working with US and global cybersecurity and privacy laws, regulations and frameworks (GLBA, HIPAA, CCPA, GDPR, NIST CSF, NIST PF, CIS, ISO, SOC2)
• Proven ability to assess privacy and cybersecurity risks, translate regulatory requirements into practical controls and support remediation efforts.
• Hands on experience with incident response, US breach notification processes and regulatory reporting obligations.
• Strong documentation skills – drafting policies, agreements, standards, procedures and reports.
• In-house counsel and leadership experience at a financial services, insurance, or technology company is preferred.
• Experience supporting public company, or SEC regulated environments
• Big law firm experience with privacy and cybersecurity practice groups

Skills and Abilities:

• Deep understanding of US and global data protection laws and regulations
• Extensive knowledge of incident response and personal data breach notification requirements, as well as of cybersecurity legal frameworks and industry standards (CCPA, SEC requirements, NIST CSF, NIST PF, SOC 2, ISO)
• Strong understanding of cloud computing, data analytics, and emerging technologies
• Knowledge of U.S. financial, insurance or reinsurance business operations
• Advanced experience with reviewing, drafting, amending and negotiating contracts including data processing addendums and cybersecurity addendums
• Experience with cross-border data transfers and international privacy frameworks
• Highly advanced interpersonal skills, with demonstrated ability to positively influence change among clients and working groups.
• Expert skills in managing multiple projects and/or sub-teams simultaneously
• Highly advanced ability to make timely and effective decisions and produce results through strategic planning and the implementation and evaluation of programs and policies

#LI-MJ1 #LI-Remote

What you can expect from RGA:

• Gain valuable knowledge from and experience with diverse, caring colleagues around the world.

• Enjoy a respectful, welcoming environment that fosters individuality and encourages pioneering thought.

• Join the bright and creative minds of RGA, and experience vast, endless career potential.

We’re excited to get to know you and connect your unique skills with our global opportunities. To create a modern and seamless experience, we use artificial intelligence (AI) in parts of our preliminary screening process. This technology helps us personalize job recommendations, automate interview scheduling, evaluate candidates based solely on experience—without considering name, gender, or other personal details—and provide real-time answers through our chatbot. AI is used only during early screening and never makes hiring decisions. Your RGA recruiter will work closely with you every step of the way to ensure the process feels personal, thoughtful, and focused on you.

Compensation Range:

$150,770.00 - $224,640.00 Annual

Base pay varies depending on job-related knowledge, skills, experience and market location. In addition, RGA provides an annual bonus plan that includes all roles and some positions are eligible for participation in our long-term equity incentive plan. RGA also maintains a full range of health, retirement, and other employee benefits.

RGA is an equal opportunity employer. Qualified applicants will be considered without regard to race, color, age, gender identity or expression, sex, disability, veteran status, religion, national origin, or any other characteristic protected by applicable equal employment opportunity laws.