Director, Data Protection and Insider Risk

Job Expired

Job Description

At Bristol Myers Squibb, we are inspired by a single vision – transforming patients’ lives through science. In oncology, hematology, immunology and cardiovascular disease – and one of the most diverse and promising pipelines in the industry – each of our passionate colleagues contribute to innovations that drive meaningful change. We bring a human touch to every treatment we pioneer. Join us and make a difference.

Director – Data Protection and Insider Risk

The Director of Data Protection and Insider Risk is responsible for developing the overall strategy and execution of BMS’s. Data Protection Program. This role will help refine and execute the data protection and insider risk strategy, mature an established governance and operating model, rationalize product toolsets, and influence the modification of business processes for enhanced data protection.

This position will lead the data protection team and work with technology partners and business unit partners to on-board data protection functions, while also developing cross-functional capabilities.

The candidate should have a deep technical understanding of general data security disciplines as well as extensive experiences in enterprise level data loss prevention, digital rights management and user behavior analytics.

The candidate must be familiar with security industry standards and best-practices, and must be able to effectively work with development, engineering and system counterparts, across a broad deeply technical environment in all security areas. This role will coordinate with application and system owners on all aspects of data protection solution lifecycle through proof of concept, business analysis and financial modeling, architecture design to solution deployment. The Director will support their leadership by ensuring all data protection solutions and technologies are properly supported, implemented and sufficiently meet the needs for which they are deployed to protect BMS confidential and proprietary data.

Core Responsibilities:

  • Oversee the Data Protection team, consisting of direct and indirect reports, including management of managed service provider staff. Responsibilities could include hiring, training, staff development, performance management, and crisis/incident support.
  • Develop and maintain strategy and policy documents based on sensitive data protection requests that map to BMS’ business requirements and regulatory/privacy requirements
  • Partner with internal and external stakeholders such as Cyber Forensics, Corporate Security and Enterprise Data, Privacy and Legal as part of execution and program enhancement
  • Participate in advisory bodies and industry peer working groups to stay abreast of latest technologies and emerging threats.
  • Ensure compliance with industry and regulatory standards including local laws at global locations.
  • Sustain high-availability service levels and ensure fulfillment of business-wide service levels and operational support objectives.

Skills and Qualifications

  • Strong expertise in building data protection programs, preferably with global healthcare experience
  • Strong knowledge of data privacy regulations and guidelines such as GDPR, PCI, CCPA etc.
  • Experience to build digital capabilities in an accelerated timeframe to support business needs
  • Ability to lead a technical staff working on very sensitive subject areas and with highly sensitive information
  • Experience with change management lifecycle, development and regular preparation of management status and metrics reports
  • Should have strong focus on process and to support audit discussions
  • Ability to professionally handle confidential matters with appropriate judgement around escalation
  • Excellent verbal and written communication skills to translate the vision and strategy into clear priorities and direction, both internally and externally

Years of Experience: 10+ years related experience. Specifically, 10+ years in data security (DLP, DRM and data classification), with at least 5 years of direct people management experience.

Working knowledge or familiarity with Cloud security and CASB and how to apply Data Protection to SaaS and Cloud solutions.

Bachelor’s degree or equivalent experience.

Certifications: Relevant cyber security certifications, such as CISSP, CISM and/or PMP are highly desired

Around the world, we are passionate about making an impact on the lives of patients with serious diseases. Empowered to apply our individual talents and diverse perspectives in an inclusive culture, our shared values of passion, innovation, urgency, accountability, inclusion and integrity bring out the highest potential of each of our colleagues.

Bristol Myers Squibb recognizes the importance of balance and flexibility in our work environment. We offer a wide variety of competitive benefits, services and programs that provide our employees with the resources to pursue their goals, both at work and in their personal lives.

Physical presence at the BMS worksite or physical presence in the field is an essential job function of this role which the Company deems critical to collaboration, innovation, productivity, employee well-being and engagement, and enhances the Company culture.

To protect the safety of our workforce, customers, patients and communities, the policy of the Company requires all employees and workers in the U.S. and Puerto Rico to be fully vaccinated against COVID-19, unless they have received an exception based on an approved request for a medical or religious reasonable accommodation. Therefore, all BMS applicants seeking a role located in the U.S. and Puerto Rico must confirm that they have already received or are willing to receive the full COVID-19 vaccination by their start date as a qualification of the role and condition of employment. This requirement is subject to state and local law restrictions and may not be applicable to employees working in certain jurisdictions such as Montana. This requirement is also subject to discussions with collective bargaining representatives in the U.S.

Our company is committed to ensuring that people with disabilities can excel through a transparent recruitment process, reasonable workplace adjustments and ongoing support in their roles. Applicants can request an approval of accommodation prior to accepting a job offer. If you require reasonable accommodation in completing this application or if you are applying to a role based in the U.S. or Puerto Rico and you believe that you are unable to receive a COVID-19 vaccine due to a medical condition or sincerely held religious belief, during or any part of the recruitment process, please direct your inquiries to [email protected]. Visit careers.bms.com/eeo-accessibility to access our complete Equal Employment Opportunity statement.

Any data processed in connection with role applications will be treated in accordance with applicable data privacy policies and regulations.

Req : R1551764

More Information

  • This job has expired!

13th Anniversary Global InfoSec Awards for 2025 now open for early bird packages! Winners Announced during RSAC 2025...

X