Join the World's Top Legal Talent Network

Title: Managing Lead Counsel - Privacy Cybersecurity & Emerging Technology Law (MT) Business Unit: McKesson Technology (MT) Location: Dallas, TX; Atlanta, GA; Richmond, VA; Columbus, OH

The Role McKesson’s well-regarded legal team is seeking an experienced cybersecurity privacy, and technology lawyer to lead an enterprise-focused, agile team providing decisive day-to-day legal counseling and advice to the McKesson Technology and McKesson Cybersecurity organizations. The Managing Lead Counsel will play a key role in McKesson’s risk mitigation and value-generation strategies for projects entailing nuanced cybersecurity and evolving technology arenas, as well as associated privacy issue-spotting and legal risk management coordination for these projects. This leader will collaborate with senior leaders within McKesson Technology and McKesson Cybersecurity and other key internal stakeholders. The position plays a key role within the company’s Digital & Data Assets Team of the General Counsel Organization and will primarily support McKesson’s Technology and Cybersecurity functions.

Key Responsibilities The successful candidate will:

• Bring a depth of knowledge and experience with cybersecurity and various emerging technology laws and regulations and will have the ability to translate that knowledge to deliver relevant and actionable guidance to the business.
• Possess relatively strong privacy law background, particularly as those laws dovetail with cybersecurity requirements and frameworks.
• Possess excellent legal judgment and communication skills and the ability to be both pragmatic/business-oriented and strategic.
• Excel when working independently and collaboratively.
• Display a track record of developing strong working relationships with a diverse client base.
• Showcase the ability to lead at all levels across the organization and in developing an agile, responsive, highly collaborative legal team who embraces change in tackling a variety of novel and complex legal issues.
• Integrate data points from across the company and disparate projects to provide strategic and efficiency-enabling guidance that marries business objectives with regulatory excellence.
• Be highly proactive, accountable, team-oriented, and capable of managing multiple competing priorities in a fast-paced environment.

Qualifications Minimum Requirements

• 10+ years as a practicing attorney with firm and in-house experience
• 7+ years of specific experience in cybersecurity and/or technology practice areas, with several years associated with privacy-related work and/or teams.
• 3+ years of experience leading teams
• Member of a U.S. state bar in good standing

Education

• Juris Doctor degree with excellent academic credentials

Critical Skills

• Experience handling, training against (tabletops), and operating “first chair” from legal vantage point with senior management on cyber incident response, including working with third parties such as forensics investigative firms, external counsel, insurance underwriters, and law enforcement authorities, and managing regulatory investigations and litigation related to cyber and/or privacy incidents.
• Experience managing and developing a legal team handling significantly gray and/or evolving areas of technology and cybersecurity law.
• Experience advising sophisticated clients – both business and legal leaders – on complex legal, regulatory, and policy questions in the areas of cybersecurity, privacy, emerging technology law, strategic data governance, and artificial intelligence.
• Knowledge of a broad range of cybersecurity, privacy and data protection laws including, for example, the HIPAA Security Rule, the FTC Act, TCPA, CAN-SPAM Act, federal cybersecurity laws and regulations (CIRCIA and SEC disclosure requirements), and state data security breach laws.
• Experience with global cybersecurity standards, frameworks, risk assessments, and certification processes, for example ISO/IEC 27001, NIST Cybersecurity Framework, HIPAA Security Rule, HITRUST, CMMC, SOX cyber controls, SOC1 and SOC2.
• Experience assisting with, cybersecurity, privacy-, and other tech law-focused reviews of new technology, services, and product launches and in evaluating updates to existing technology, products, and services.
• Understanding of, thirst for tackling, and ability to quickly learn (often self-teaching of) technical concepts and advanced knowledge of trends and issues applicable to privacy, cybersecurity, artificial intelligence, and emerging technology arenas. This includes knowledge of such concepts as optimization, data localization, data lakes, threat hunting/threat intelligence, red teaming, and insider threat mitigation.
• Ability to monitor and evaluate evolving laws, regulations, and industry best practices to help the company navigate new requirements against both existing and anticipated business models. This includes the ability to guide the business units toward opportunities, including reviewing, advising, and supporting cyber risk management strategies and/or advising on external influencing approaches.
• Experience interpreting and advising on the legal methodology of vulnerability testing, pen testing, monitoring, and other proactive line of defense information security strategies of an enterprise-level technical environment – guidance regarding both the how and the legal interpretation/distillation of the results.
• Experience managing outside counsel, as necessary.

Additional Knowledge and Skills

• Track record of dealing with emerging areas of technology law and training team members and other legal and compliance professionals while collaborating with business partners and functions to build workable compliance frameworks reflecting those new laws and associated regulations.
• Experience in establishing trusted advisor status with senior management on significant cybersecurity, privacy, and/or other technology-related legal risks and strategies.
• Experience supporting the development and implementation of cybersecurity and/or privacy-related business-specific processes and procedures, training, and other controls.
• Experience counseling participants in the healthcare industry, and CISSP and/or similar professional certification(s).
• Ability to provide strategic legal advice from a privacy, cyber, and technology law perspective in various complex business transactions, including performing legal due diligence, recommending appropriate post-integration actions, and drafting and negotiating applicable language in M&A-related contracts and documents.
• Ability to effectively and efficiently collaborate with internal stakeholders to support the due diligence, analysis, preparation, drafting and/or negotiation of pertinent business arrangements and contractual provisions dealing with privacy, cybersecurity, and other technology law provisions associated with third party business relationships and agreements such as Managed Services Agreements, Master Services Agreements, SOWs, Information Security Exhibits, Technology Licenses and Business Associate Agreements.
• Skilled in clearly and pragmatically advising on the legal methodology of vulnerability testing, pen testing, monitoring, and other proactive lines of defense related to robust information security strategies of an enterprise-level technical environment. This includes guidance in translating how various data and IT operational systems’ protectionary tools work, and the legal interpretation/distillation of these tools’ results.

Must be authorized to work in the US. Sponsorship is not available for this position.