Data Privacy & Cybersecurity Lawyer and Associate General Counsel

New York NY
April 30 2018
Insurance, Securities
Functional Area:

LG - Legal, Regulatory & Gov't Affairs

Estimated Travel Percentage (%): Up to 25%

Relocation Provided: No

AIG Employee Services, Inc.

AIG is looking to add a highly skilled Data Privacy and Cybersecurity Attorney to its Global Legal, Compliance and Regulatory department in New York City. This role offers the opportunity to join an award winning Legal department and work directly with key members of Legal, Compliance, IT and various business teams on a variety of cutting edge projects.

We are seeking an experienced privacy professional with in-depth knowledge of international, federal and state laws and regulations regarding data protection, privacy and data security to provide counsel on data privacy and security related matters. As the Data Privacy and Cybersecurity Attorney, you will have the opportunity to work with a dynamic and experienced team on privacy and information security issues impacting AIG's products, businesses, customers and employees globally. You will work with cross functional teams to develop the privacy and cybersecurity legal strategy, and design innovative privacy and security solutions, for our business partners.

Responsibilities include:

  • Advising on legal and regulatory developments impacting data privacy and data security, including identifying trends and potential impacts on the business's risk management activities.
  • Guiding business leaders and effectively counseling multiple business partners in a matrix organization on data privacy and data security legal requirements for new products and services, including in the areas of data analytics (including the use of “big data”), Internet of things (IoT), mobile apps, wearables, artificial intelligence (AI), and digital marketing initiatives.
  • Advising AIG's global businesses on complying with global data privacy and cybersecurity laws while enabling the development and execution of data driven business initiatives.
  • Providing legal guidance on the company's global data privacy and data security programs and providing support for their implementation, maintenance and compliance throughout the organization.
  • Advising on data privacy and data security legal requirements for the company's third-party risk management program, including negotiating, drafting and reviewing the global data privacy and security provisions in agreements with service providers, business partners and other transaction parties.
  • Supporting the Chief Information Security Officer in drafting and/or reviewing IT Security policies, standards and programs to ensure adherence to global data security legal requirements.
  • Managing and coordinating with local privacy lawyers in-country to evaluate and, where appropriate, help design products and services for compliance with local data privacy laws and data security regulations.
  • Working with Compliance colleagues, including AIG's Chief Privacy Officer, developing and providing business partners general and targeted data privacy and data security counseling and training.
  • Managing potential liability and other legal aspects related to data privacy and data security incidents and supporting the company's incident response program, including investigating potential incidents, identifying applicable legal obligations, and supporting incident response.
  • Responding to regulatory inquiries and serving as a liaison with regulators on privacy and data security issues, in coordination with local legal, compliance and other stakeholders as appropriate.
  • Developing and updating data privacy templates (e.g., contract language, consents, and privacy notices), and providing counseling on the use of such templates to Compliance colleagues and lawyers in-country, as business needs and data privacy laws and regulations change.
  • Providing legal support to work streams and processes relating to the EU General Data Protection Regulation (GDPR), including advising on Data Protection Impact Assessments (DPIAs), and, when finalized, the EU ePrivacy Regulation.
  • Managing outside counsel and third-party consulting firms on discreet data privacy and data security projects, as needed.


  • Experienced lawyer with a minimum of 8+ years of experience in Data Privacy and Cybersecurity at a major law firm and/or with a large multinational/global organization, or within a government agency.
  • The Ideal candidate will have a legal background that reflects a strategic focus on data privacy and data security, but will also have had experience advising on big data, data analytics, and data usage legal strategy.
  • Expertise in U.S., European, and other international data privacy laws, regulations and practices, including an in-depth understanding of the GDPR.
  • Experience negotiating data privacy and data security provisions in third party agreements.
  • Experience in responding to regulatory inquiries involving data privacy and data security matters.
  • Experience responding to data incidents, including forensic investigations, notifications to consumers and regulators, and other external communications.
  • Knowledge of data security laws, industry standards and best practices.
  • Ability to communicate effectively with all levels of internal management, customers, regulators and other stakeholders across national boundaries and cultures.
  • Familiarity with information technology developments, including cybersecurity software and the cloud industry.
  • Relevant technical certifications such as a Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or Certified Information Privacy Professional (CIPP) or other relevant certifications offered by the International Association of Privacy Professionals preferred.
  • Member of the New York State Bar or otherwise qualified to practice law in New York as a registered in-house counsel.

It has been and will continue to be the policy of American International Group, Inc., its subsidiaries and affiliates to be an Equal Opportunity Employer. We provide equal opportunity to all qualified individuals regardless of race, color, religion, age, gender, gender expression, national origin, veteran status, disability or any other legally protected categories.

At AIG, we believe that diversity and inclusion are critical to our future and our mission - creating a foundation for a creative workplace that leads to innovation, growth, and profitability. Through a wide variety of programs and initiatives, we invest in each employee, seeking to ensure that our people are not only respected as individuals, but also truly valued for their unique perspectives.