MetLife

In Government & Legal Affairs, you'll be an engaged and trusted partner - empowered to deliver innovative solutions, influence public policy, and achieve results that enable MetLife’s growth and protect its global interests. Applying a commercial and contemporary mindset, you'll advocate for what’s possible, overcome challenges, and embrace different perspectives. If you also pride yourself on acting with accountability, transparency, and respect, apply to join our Government & Legal Affairs team today.

MetLife is seeking a senior legal leader with deep global cybersecurity and privacy expertise to serve as the enterprise lead for cybersecurity and privacy legal risk and as a key member of the GEBI leadership team. This role functions as the principal legal advisor to MetLife’s Information Security organization and provides strategic, enterprise wide legal guidance on cybersecurity, data protection, and privacy governance laws and regulations across all regions and business lines. The role partners closely with senior leaders across Government & Legal Affairs, Compliance, Privacy, Information Security, Global Technology & Operations, and the businesses to shape risk informed decision making and align legal strategy with MetLife’s broader business objectives.

As a senior legal leader, serves as MetLife's enterprise lead for cybersecurity and privacy legal risk, setting strategy and priorities and delivering consistent, high-quality legal support across regions and business lines, including: 
 
 Enterprise strategy, governance and leadership: 
 * Owns the cybersecurity and privacy legal strategy and operating model; establishes standards, playbooks, escalation paths, and risk tolerances aligned to enterprise objectives.
 * Acts as principal legal advisor to Information Security leadership and a key partner to the Chief Privacy Office, Compliance, Risk, Technology and business leadership; influences senior decision-making through risk-based guidance.
 * Represents Government & Legal Affairs in senior governance forums and drives alignment on complex, high-impact initiatives (e.g., cloud and transformation programs, data strategy, AI/analytics enablement, and enterprise resilience activities).
 
 Incident response and regulatory engagement (cybersecurity and privacy): 
 * Serves as lead legal point of contact for significant cybersecurity incidents and privacy incidents, directing legal response, strategy, investigation oversight, notification analysis, and remediation support in partnership with Information Security, Privacy, Compliance and Communications, and colleagues in other legal areas.
 * Leads legal readiness for enterprise incident response (tabletops, playbooks, training) and advises on third-party breach response, client ransomware events, and client-facing communications.
 * Owns legal strategy for regulator and law enforcement engagement related to cyber and privacy events; supports examinations, inquiries, and investigations and drives defensible, timely responses. Partners closely with Government Affairs colleagues on regulatory engagement. 
 
 Privacy-by-design, product/technology enablement and data protection: 
 * Provides strategic legal advice on global privacy and data protection requirements (e.g., GDPR, CCPA, HIPAA/HITECH and other applicable regimes) across products, services, marketing, HR, and operations.
 * Advises on privacy-by-design and cybersecurity-by-design for new and existing technologies, including cloud, digital channels, data sharing, cross-border transfers, analytics, and AI/ML use cases; partners on governance, controls, and documentation to enable compliant innovation.

Business Knowledge/Technical Skills: 
 * 15+ years legal experience with deep cybersecurity and privacy/data protection expertise; financial services and in-house experience preferred.
 * Significant cyber and privacy incident response experience (investigations, privilege strategy, remediation, breach notification and regulator engagement).
 * Strong knowledge of global privacy/data protection and cybersecurity requirements applicable to the role (e.g., GDPR, CCPA/CPRA, HIPAA/HITECH; NYDFS/NAIC-related requirements as applicable) and ability to translate them into practical guidance.
 * Ability to support complex technology and data-enabled initiatives (cloud, digital channels, data sharing, analytics and AI/ML), including privacy-by-design and security-by-design.
 * Familiarity with security frameworks and control environments (e.g., NIST, ISO 27001/27002) and enterprise policy/program development (standards, playbooks, training).
 * Experience negotiating cybersecurity and privacy terms in complex commercial/vendor agreements; supporting third-party risk and strategic sourcing; and leading cyber/privacy diligence for strategic transactions (including M&A).
 
Demonstrates baseline AI fluency, including the ability to effectively and responsibly use approved AI tools to enhance productivity, decision‑making, and work quality. Understands AI capabilities, limitations, and ethical considerations, and applies AI in alignment with company policies, data privacy standards, and business objectives. 
 
 Leadership/Management Competencies: 
 * Proven people leadership (including leading senior professionals and/or managers): sets strategy and priorities, allocates resources, develops talent and succession.
 * Trusted advisor with executive presence; influences outcomes in a matrixed, global environment through sound, risk-based judgment.
 * Excellent communication and negotiation skills; able to simplify complex cyber/privacy issues and drive timely decisions on high-risk matters.
 * Solution-oriented and operationally disciplined; leads through change while maintaining strong governance.

The expected salary range for this position is $238,800 - $318,300. This role may also be eligible for annual short-term incentive compensation and stock-based long-term incentives. All incentives and benefits are subject to the applicable plan terms.