At agilon health, we are reimagining health care by empowering primary-care physicians to focus on the total health of their senior patients. agilon’s mission is rooted in better outcomes, stronger physician satisfaction, and healthier communities.
We are seeking a Senior Associate General Counsel, Data Privacy & Security to play a critical enterprise leadership role at the intersection of healthcare, technology, compliance, and innovation. This is a senior individual contributor role with broad visibility across the organization and meaningful influence on how agilon governs data privacy, data security, data use, and emerging technologies.
This role is ideal for a strategic, business-minded attorney who brings deep healthcare privacy expertise and enjoys building practical, scalable legal frameworks that enable innovation. You will help shape the company’s privacy program, advise on complex data and technology issues, support AI governance efforts, lead privacy incident response, and partner with stakeholders across Legal, IT, Security, Product, Clinical, HR, Finance, and Commercial teams.
What You’ll Do
In this role, you will serve as a trusted advisor across the enterprise and help build the legal guardrails that support responsible data use in a fast-moving, highly regulated environment. Key responsibilities include:
Lead and evolve agilon’s privacy legal governance framework, including policies, standards, and operational guardrails aligned with U.S. and India requirements
Advise on healthcare privacy, data security, governance, retention, defensible deletion, and compliant data use across products, analytics, operations, and enterprise initiatives
Build scalable privacy programs, playbooks, implementation guides, and self‑service tools that enable teams to move quickly within clear legal boundaries
Serve as a primary legal advisor on high‑risk or novel data uses, privacy and security risk assessments, digital tracking, website governance, and member outreach
Embed practical privacy review into core business workflows, including product development, vendor procurement, marketing, and data‑sharing activities
Draft, negotiate, and close a wide range of commercial agreements, including BAAs, SaaS, services, licensing, NDAs, SOWs, grant, consultant, and information security terms
Own legal standards for data protection terms and advise on third‑party risk, vendor diligence, and vendor‑related incidents
Lead legal response to privacy and data security incidents, including breach analysis, notification strategy, regulatory engagement, and stakeholder coordination
Support regulatory audits, examinations, and inquiries involving privacy and data security
Advise on AI governance and emerging technologies, including acceptable use, legal risk, transparency, accountability, and evolving regulatory expectations
Monitor developments in privacy, healthcare, and technology law and translate them into clear, actionable business guidance
Support privacy integration and remediation in acquisitions, new partnerships, and periods of organizational growth
Why This Role Matters
This is more than a traditional privacy counsel role. It is an opportunity to help shape how a growth-oriented healthcare company responsibly uses data to support better care delivery, operational excellence, and innovation. You will have the chance to influence enterprise strategy, partner directly with senior stakeholders, and help strengthen a privacy and governance foundation that scales with the business.
Minimum Qualifications
Active license to practice law
6-8+ years of privacy and data security experience in-house and/or at a law firm, with preference for candidates who have supported healthcare or technology companies
Strong knowledge of U.S. privacy and data security laws, including HIPAA/HITECH, CCPA/CPRA, and evolving state privacy laws
Proven ability to develop and operationalize privacy governance frameworks, policies, playbooks, and scalable processes
Experience managing a high volume of diverse contract types (services agreements, BAAs, SaaS, NDAs, EULAs, licensing agreements, and similar)
Experience leading or supporting privacy and data security incident response, including breach analysis, regulatory notification, and vendor investigations
Experience participating in or supporting regulatory audits or examinations by state or federal regulators
Preferred Qualifications
Prior healthcare regulatory experience, with particular familiarity with Medicare Advantage, CMS requirements, value-based care models, or primary care-oriented healthcare delivery
Experience supporting technology-enabled healthcare products, data platforms, or digital health initiatives
Familiarity with AI/ML governance frameworks, algorithmic accountability, and legal considerations related to emerging technologies
Experience leading privacy program integration following a merger, acquisition, or significant organizational change
Experience advising on the use of protected health information (PHI) in clinical, operational, analytics, or value-based care contexts
What Will Set You Apart
The strongest candidates will bring excellent judgment, a practical and collaborative style, and the ability to translate complex legal and regulatory requirements into business-friendly guidance. You should be comfortable operating in a fast-paced environment, managing multiple priorities, and partnering across technical and non-technical teams alike. Success in this role requires strong communication skills, high integrity, sound reasoning, and the ability to build trust with stakeholders at every level of the organization.
Join agilon health
If you are energized by the opportunity to build modern privacy and data governance frameworks in a mission-driven healthcare company, this is a chance to make a meaningful impact.
Protect yourself: agilon health will never send unsolicited job offers or request payments or financial information. Such communications are fraudulent. Learn how to spot them
Salary range shown is a guideline. Individual compensation packages can vary based on factors unique to each candidate, such as skill set, experience, and qualifications.
agilonhealth