Corporate Privacy Counsel

Indulge your passion for problem-solving and embrace the thrill of addressing risk head-on at Gallagher's global brokerage team. Join a family of diverse minds, united by a relentless pursuit of excellence. As part of our team, you'll be the architect of protection, safeguarding businesses and empowering their ambitions. Together, we'll build a legacy of trust and triumph in the dynamic world of risk management.

We believe that every candidate brings something special to the table, including you! So, even if you feel that you’re close but not an exact match, we encourage you to apply.

As Corporate Privacy Counsel, you will play a crucial role in ensuring the protection and privacy of data within Gallagher Global Brokerage (“GGB”), focusing primarily on the U.S. business segment.

You will be responsible for developing and implementing data protection strategies, polices, standards, procedures, and training materials to both gain efficiencies in our privacy practices and to ensure compliance with relevant privacy laws and regulations across GGB, with a particular focus on the US. As the need arises, the Privacy Counsel will also occasionally support other business units under the GGB umbrella to include non-U.S. operations (Caribbean, Canada, etc.).

You will collaborate with the Global Privacy Office (“GPO”), local privacy, security, IT, AI, Legal and compliance teams, senior business stakeholders and third parties to ensure the delivery of Gallagher's data privacy strategy within the established risk appetite. This involves adhering to company and regulatory requirements while meeting the needs of customers, regulators, colleagues and stakeholders.

You will provide advice and support to the business to identify, articulate and guide them in the implementation and management of their privacy risks in support of their business strategies.

You will monitor compliance with data privacy, AI and cybersecurity laws, as well as internal policies and procedures.

You are comfortable working fully onsite, remote (U.S.), or in a hybrid office arrangement.

• Data Protection Strategy : Collaborate with the GPO, GGB Division Privacy and IT Leads, the GGB-US General Counsel and local GGB business leaders to develop and execute a comprehensive data protection strategy for GGB that aligns with business objectives and regulatory requirements. Assist the Global Chief Privacy Officer to implement the Global Data Privacy Framework (Tier 1) within GGB and develop and implement any required GGB local Data Privacy Frameworks (Tier 2) to minimize privacy risks and drive risk reduction initiatives.

• Policy Development : Create and maintain data protection policies, standards, guidelines and playbooks that reflect best practices and ensure compliance with applicable laws and regulations.

• Risk Management : Identify and assess privacy risks (including conducting privacy risk assessments and data transfer impact assessments) across jurisdictions and provide guidance to business units on risk mitigation strategies; Complete and maintain GGB Privacy Risk Registers, with specific focus on inherent and residual risk.

• Privacy Advice and Support : Provide expert advice and guidance to GGB, the GPO and other stakeholders on privacy-related matters, including data sharing, international transfers of personal data, consent management, data subject rights, data incidents, vendor risk management, due diligence and integration relating to merger and acquisition activities, responses to client privacy queries, data minimization, privacy complaints, determinations of requirements to have a Data Protection Officer (or equivalent) in an entity, data analytics and artificial intelligence. Handle internal and third-party requests for access to GGB data. Act as GGB’s HIPAA Privacy Officer, as legally required.

• Training and Awareness : Develop and deliver privacy training programs (Including HIPAA) to raise awareness and ensure understanding of data protection obligations among employees, including high risk users.

• Privacy Impact Assessments and Data Transfer Impact Assessments : Conduct assessments for new projects, systems, and processes to identify and address potential privacy risks, and for data transfers where required by law.

• Incident Response : Lead and coordinate the containment and response to data privacy incidents, including conducting investigations, implementing corrective actions, responding to client, carrier and data subject queries, and reporting to relevant authorities, companies and involved data subjects.

• Supplier Risk : Assess privacy risks in relation to GGB’s supply chain, working closely with colleagues in security, IT, the GPO, legal and procurement.

• Contractual Risk : Provide review and negotiation of privacy-related contractual terms with individuals, vendors, clients and insurance markets.

• Compliance Monitoring : Monitor and report on compliance with data protection, HIPAA and AI laws, regulations, and internal policies, and implement controls to ensure ongoing adherence.

• Records Retention : Advise business units on privacy requirements and best practices related to records retention and de-identification/destruction and work closely with IT and business units to implement new retention and de-identification/destruction guidelines and capabilities.

• Stakeholder Engagement : Collaborate and build effective working relationships with internal and external stakeholders, including the GPO, Legal, Security, Insurance, IT, AI, Data, HR, Marketing, Digital and third-party vendors, to ensure alignment and cooperation in data privacy initiatives.

• Industry Knowledge : Stay up-to-date with emerging trends, technologies, and legal and regulatory developments in the field of data protection, privacy, AI and cybersecurity.

Minimum Requirements:

• 3+ years practicing attorney in the privacy space

• Juris Doctor (J.D.) from an accredited U.S. law school

• Experience working in data protection and privacy management
• Experience as an attorney practicing in a law firm

Preferred Skills and Qualifications:

• Experience in carrying out privacy gap analysis, creation and implementation of remediation plans as well as designing and implementing privacy projects
• CIPP/US, CIPM, HCISPP, CISSP, or similar certifications
• Previous insurance industry experience

• In-depth understanding of privacy regulations such as HIPAA, CCPA, GDPR, and GLBA

• Strong understanding of privacy risk management principles and practices

• Knowledge of IT security or experience in working with IT Development and Security teams preferred
• An accomplished communicator with the ability and confidence to present issues and influence decisions at all levels within an organization with excellent analytical, interpersonal and stakeholder management skills
• Detailed; problem solver; outcome focused; multi tasker; and collaborative team player
• Ability to identify, articulate, guide and assist stakeholders in the management of their privacy risks and obligations to desired outcomes through stakeholder engagement
• Experience of working closely with Legal, Compliance, Information Security, HR, Data, Digital, Privacy, Marketing and Operations
• Practical privacy operations experience, for example, privacy risk impact assessments, handling complex data privacy incidents and privacy skills transfer
• Ability to travel as required (though not presently contemplated)

We offer a competitive and comprehensive compensation package. The base salary range represents the anticipated low end and high end of the range for this position. The actual compensation will be influenced by a wide range of factors including, but not limited to previous experience, education, pay market/geography, complexity or scope, specialized skill set, lines of business/practice area, supply/demand, and scheduled hours. On top of a competitive salary, great teams and exciting career opportunities, we also offer a wide range of benefits.

Below are the minimum core benefits you’ll get, depending on your job level these benefits may improve:

• Medical/dental/vision plans, which start from day one!
• Life and accident insurance
• 401(K) and Roth options
• Tax-advantaged accounts (HSA, FSA)
• Educational expense reimbursement
• Paid parental leave

Other benefits include:

• Digital mental health services (Talkspace)
• Flexible work hours (availability varies by office and job function)
• Training programs
• Gallagher Thrive program – elevating your health through challenges, workshops and digital fitness programs for your overall wellbeing
• Charitable matching gift program
• And more...

We value inclusion and diversity

Click Here to review our U.S. Eligibility Requirements

Inclusion and diversity (I&D) is a core part of our business, and it’s embedded into the fabric of our organization. For more than 95 years, Gallagher has led with a commitment to sustainability and to support the communities where we live and work.

Gallagher embraces our employees’ diverse identities, experiences and talents, allowing us to better serve our clients and communities. We see inclusion as a conscious commitment and diversity as a vital strength. By embracing diversity in all its forms, we live out The Gallagher Way to its fullest.

Gallagher believes that all persons are entitled to equal employment opportunity and prohibits any form of discrimination by its managers, employees, vendors or customers based on race, color, religion, creed, gender (including pregnancy status), sexual orientation, gender identity (which includes transgender and other gender non-conforming individuals), gender expression, hair expression, marital status, parental status, age, national origin, ancestry, disability, medical condition, genetic information, veteran or military status, citizenship status, or any other characteristic protected (herein referred to as “protected characteristics”) by applicable federal, state, or local laws.

Equal employment opportunity will be extended in all aspects of the employer-employee relationship, including, but not limited to, recruitment, hiring, training, promotion, transfer, demotion, compensation, benefits, layoff, and termination. In addition, Gallagher will make reasonable accommodations to known physical or mental limitations of an otherwise qualified person with a disability, unless the accommodation would impose an undue hardship on the operation of our business.