McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care.
What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.
Title: Managing Lead Counsel - Privacy Cybersecurity & Technology Law (PSAS)
Business Unit: Pharmaceutical Solutions & Services (PSAS)
Location: Dallas, TX; Atlanta, GA; Richmond, VA; Columbus, OH (Preferred)
The Role
McKesson’s well-regarded legal team is seeking an experienced data enablement, privacy, cybersecurity, and emerging technology lawyer to lead a team providing decisive day-to-day legal counseling and advice to the Pharmaceutical Solutions and Services (PSaS) business. The Managing Lead Counsel will play a key role in McKesson’s risk mitigation and value-generation strategies for projects entailing nuanced privacy, cybersecurity, and artificial intelligence (AI) issues, among other evolving technology arenas. This leader will collaborate with PSaS Business Unit attorneys, Business Unit compliance professionals, and other key internal stakeholders.
Key Responsibilities
The successful candidate will:
- Bring a depth of knowledge and experience with data strategy and enablement, privacy (including experience with HIPAA/healthcare privacy issues), cybersecurity, and various emerging technology laws and regulations and will have the ability to translate that knowledge to deliver relevant and actionable guidance to the business.
- Possess excellent legal judgment and communication skills and the ability to be both pragmatic/business-oriented and strategic.
- Excel when working independently and collaboratively.
- Display a track record of developing strong working relationships with a diverse client base.
- Showcase the ability to lead within PSaS and in developing an agile, responsive, highly collaborative legal team who embraces change in tackling a variety of novel and complex legal issues.
- Integrate data points from across the various PSaS sub-business units and collaborate with legal peers advising other business units and disparate projects to provide strategic and data enabling guidance that marries enterprise and business units’ objectives with regulatory excellence.
- Be highly proactive, accountable, team-oriented, and capable of managing multiple competing priorities in a fast-paced environment.
Qualifications
Minimum Requirements
- 10+ years as a practicing attorney with firm and in-house experience
- 7+ years of specialized experience in data strategy and enablement, privacy, and/or technology law
- 3+ years of experience leading legal teams
- Member of a U.S. state bar in good standing
Education
- Juris Doctor degree with excellent academic credentials
Critical Skills
- Experience managing and developing a legal team handling significantly gray and/or evolving areas of technology, privacy, and cybersecurity law and assessing new legal requirements and governance frameworks for artificial intelligence.
- Experience advising sophisticated clients – both business and legal leaders – on complex legal, regulatory, and policy questions in the areas of data strategy and enablement, privacy, cybersecurity, emerging technology law, strategic data governance, and artificial intelligence.
- In-depth knowledge of HIPAA and other healthcare privacy laws with an emphasis on data rights, data enablement and data strategy.
- Knowledge of a broad range of other privacy and data protection laws including, for example, the FTC Act, TCPA, CAN-SPAM Act, biometrics laws, federal cybersecurity laws, evolving AI laws and regulations, and state data protection and data security breach laws.
- Experience assisting with privacy-, cybersecurity-, and other tech law-focused reviews of new technology, services, and product launches and in evaluating updates to existing technology, products, and services.
- Understanding of, thirst for tackling, and ability to quickly learn (often self-teaching of) technical concepts and advanced knowledge of trends and issues applicable to privacy, cybersecurity, artificial intelligence, and emerging technology arenas. This includes knowledge of such concepts as:
- Data strategy: data optimization, data enablement, data localization, data rights contracting;
- Proactive cybersecurity practices: threat hunting/threat intelligence, insider threat concerns, cyber disclosure requirements; and
- Emerging technology insights: AI/machine learning, generative AI, and data privacy-enhancing technologies such as synthetic data, tokenization, anonymization/de-identification, etc.
- Experience leading and/or supporting the development of strategic data governance frameworks and their associated rollouts across a complex business organization.
- Ability to monitor and evaluate evolving laws, regulations, and industry best practices to help the company navigate new requirements against both existing and anticipated business models. This includes the ability to guide the PSaS business unit toward opportunities, including reviewing, advising and supporting data rights strategies and/or advising on external influencing approaches.
- Experience managing outside counsel, as necessary.
Additional Knowledge and Skills
- Track record of dealing with emerging areas of technology law and training team members and other legal and compliance professionals while collaborating with business partners and functions to build workable compliance frameworks reflecting those new laws and associated regulations.
- Experience in establishing trusted advisor status with senior management on significant data privacy, cybersecurity, and/or other technology-related legal risks and strategies.
- Experience counseling participants in the healthcare industry, and CIPP/US, and/or similar professional certification(s).
- Ability to provide strategic legal advice from a data strategy and enablement privacy, cyber, and technology law perspective in various complex business transactions, including performing legal due diligence, recommending appropriate post-integration actions, and drafting and negotiating applicable language in M&A-related contracts and documents.
- Ability to effectively and efficiently collaborate with internal stakeholders to support the due diligence, analysis, preparation, drafting and/or negotiation of pertinent business arrangements and contractual provisions dealing with privacy, cybersecurity, and other technology law provisions associated with third party business relationships and agreements such as Managed Services Agreements, Master Services Agreements, SOWs, Information Security Exhibits, and Business Associate Agreements.
Must be authorized to work in the US. Sponsorship is not available for this position.
We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. For more information regarding benefits at McKesson, please click here.
Our Base Pay Range for this position
$181,100 - $301,900
McKesson is an Equal Opportunity Employer
McKesson provides equal employment opportunities to applicants and employees and is committed to a diverse and inclusive environment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age or genetic information. For additional information on McKesson’s full Equal Employment Opportunity policies, visit our Equal Employment Opportunity page.
Join us at McKesson!