Senior Counsel - Data Governance, Privacy and Cyber Security

Our team members are at the heart of everything we do. At Cencora, we are united in our responsibility to create healthier futures, and every person here is essential to us being able to deliver on that purpose. If you want to make a difference at the center of health, come join our innovative company and help us improve the lives of people and animals everywhere. Apply today!

Job Details

Position Summary
Cencora seeks an attorney with significant experience in the areas of data governance, privacy, cybersecurity, and emerging artificial intelligence issues to provide strategic legal advice in addressing Cencora’s data risk management and innovation priorities. This role will report to the and will collaborate with other legal, business, and functional teams across the enterprise. 

While part of a global team, this particular role will also require expertise in and frequent counseling with regards to EU, UK, Swiss, and Asia-Pacific privacy, cybersecurity, and AI laws, regulations, and guidance. This position thus requires a lawyer with strong analytical skills and the ability to deliver business-oriented, pragmatic, and efficient legal services in a fast-paced, changing technology environment. The successful candidate will also have strong prioritization and project management skills. This suite of skills includes the ability to provide strategic insights to compliance partners tasked with operationalizing privacy and cybersecurity compliance along with developing governance mechanisms for areas of data and technology law.

PRIMARY DUTIES AND RESPONSIBILITIES:

Advise clients on complex legal, regulatory, and policy questions in the areas of data privacy and protection (particularly GDPR, Swiss privacy laws, UK privacy laws, Asia-Pacific privacy laws), cybersecurity (e.g., NIS2), and artificial intelligence (including the EU AI Act). Draft, review, and/or negotiate various contracts, particularly data processing agreements and contract provisions dealing with privacy, cybersecurity, AI, and other data protection and operational continuity issues. This work also envisions creating template agreements and associated playbooks to expedite contracting issue management in privacy, cyber, and AI law arenas. Assess and help mitigate harms associated with privacy and cybersecurity incidents through clear communication, disciplined issue escalation, and partnership with other privacy, cybersecurity, and business stakeholders. Conduct reviews of new customer- and/or vendor- related technology proposals entailing privacy, cyber, and/or AI risks and offer pragmatic, creative solutions reflecting privacy and security by design concepts. Demonstrate strong and calm decision-making capability and communication skills in the midst of time-sensitive incidents or high-risk business proposals requiring escalation to senior levels of leadership. Manage competing projects and reviews with agility, effectively multi-tasking and prioritizing work to ensure that high value and/or high-risk business needs and projects are addressed in an efficient and strategically stream-lined way.

.

Experience and Education Requirements
A minimum of 5-7 years of experience as a lawyer, combined with expertise and in cybersecurity and privacy/data governance. Prior in-house experience and cross-functional collaboration with multi-national company/companies is preferred. Additionally, substantial legal work with or for healthcare companies is also ideal.

Must be a graduate of a reputable solicitor/lawyer program and be a qualified solicitor or equivalent from another jurisdiction.

Minimum Skills, Knowledge and Ability Requirements

Familiarity with variety of privacy, cybersecurity, emerging AI and related laws and regulations (including cyber disclosures to other regulatory bodies such as the SEC), across multiple EU countries and other jurisdictions. Knowledge of healthcare-specific laws, regulations, guidance and applications also a plus. Ability to capture and communicate consistent themes across jurisdictions for pragmatic risk management counseling to relevant business partners when working on multi-country technology launches or business investments. Facility in managing outside counsel and liaising with other experts engaged to work on matters for Cencora, including specialists from major law firms, consulting agencies, and forensics experts. Capable of readily grasping existing and new business models and technology trends and of marrying existing legal requirements and anticipated future regulatory developments with business strategy to help “future proof” Cencora’s business investments. Experience in advising and presenting to all levels of business management, including senior leadership, with clear distillations of risk, potential impacts, possible solutions, and risk mitigation strategies. Strong soft skills, particularly while handling incident management and risk escalation issues – i.e., projecting calm and confidence to business partners and leadership in time-sensitive and elevated risk scenarios. Experience collaborating with compliance professionals, advising on highest priority compliance requirements, and helping to define operational targets through ongoing partnership, feedback, and clear communication skills. Possession of one or more privacy, AI, and/or information security certifications (CIPP, CIPM, AIGP, CIPT, CISSP) (preferred). Excellent negotiating, prioritization, multi-tasking, juggling, and client management and expectation-setting skills – including forging and managing strong relationships to ease conflict when new projects/issue management scenarios take priority over existing matters. Fluency in English required; additional fluency in German, French, or Spanish would be highly advantageous.

What Cencora offers

​Benefit offerings outside the US may vary by country and will be aligned to local market practice. The eligibility and effective date may differ for some benefits and for team members covered under collective bargaining agreements.

Full time

Affiliated Companies

Affiliated Companies: Alliance Healthcare Management Services Limited