Description Location: This position is located at our Dublin, OH campus. Who we are Founded in 1999 and headquartered in Central Ohio, we're a privately-owned, independent healthcare navigation organization. We believe that no one should have to navigate the cost and complexity of healthcare alone, and we're on a mission to make healthcare simpler and more effective for our millions of members. Our big-hearted, tech-savvy team fights to ensure that our members get the care they need, when they need it, at the most affordable cost - that's why we call ourselves Healthcare Warriors. We're committed to building diverse and inclusive teams - more than 2,000 of us and counting - so if you're excited about this position, we encourage you to apply - even if your experience doesn't match every requirement. About the role The Associate General Counsel, Data Privacy & Cybersecurity serves as a strategic legal partner, providing expert advice and guidance to internal stakeholders that ensure regulatory compliance, mitigate security risks, and enable business growth. This role focuses on delivering measurable outcomes in data privacy and cybersecurity compliance initiatives, data protection, vendor management and risk management while supporting operational efficiency. The successful candidate will proactively address compliance and security-related risks, support company initiatives, and provide strategic counsel to leadership. What you'll do (Essential Responsibilities) Provide legal guidance to support compliance with applicable privacy and cybersecurity laws, regulations, and industry standards (e.g., GDPR, CCPA, HIPAA, SOX, NIST). Reduce compliance-related incidents by implementing proactive legal frameworks and risk assessments in partnership with cross-functional teams. Establish a system for real-time privacy and cybersecurity compliance monitoring and reporting in partnership with cross-functional teams, ensuring timely updates to leadership. Support corporate transactional work based on prior experience and expertise including, but not limited to, website development, product development and oversight of organizational privacy practices and accessibility requirements. Manage and participate in required organizational audits related to privacy and security initiatives (SOC 2). Support organizational and corporate governance initiatives, including whistleblower policies, ethics and transactional activities. Review and negotiate subcontractor and vendor agreements to reduce legal risk while accelerating time-to-close. Ensure all vendor agreements include security, compliance, and privacy safeguards to mitigate third-party risks. Review and negotiate client-facing data protection and processing agreements, business associate agreements and assist with client inquiries Represent legal in the review, approval and documentation of third-party integration requests. Act as a strategic advisor to executive leadership, ensuring legal strategies align with business objectives. Partner with product, security, and compliance teams to embed legal requirements into processes without disrupting innovation. Improve internal compliance workflows to reduce legal bottlenecks and enhance operational efficiency. Support other areas of business, as needed, based on areas of expertise or assigned new areas of development tied to strategic initiatives. All other duties as assigned. What you'll bring (Qualifications) Education: Juris Doctor (J.D.) from an accredited law school Licensure/Certifications: Active bar membership to practice law in Ohio 15+ years' experience in a law firm and/or corporate legal department; in-house counsel legal experience preferred. Proven track record of success in the areas of federal, state and foreign data privacy and security laws implicated in product development, operational process, sales and procurem