Bristol Myers Squibb logo

Director Data Risk & Protection

Bristol Myers Squibb
July 01, 2026
Remote friendly (Princeton, NJ)
United States
IT
Key Responsibilities
- Define and lead BMS’s enterprise Data Risk and Protection strategy aligned to risk appetite, regulatory requirements, and cybersecurity strategy.
- Design and implement the Data Risk & Protection operating model and integrated engagement with Cybersecurity Fusion Center, Legal, HR, Compliance, Audit, and business units.
- Establish and evolve the Data Risk & Protection program (policy governance, use-case development, monitoring, detection, response, remediation).
- Build and execute a multi-year capability roadmap with KPIs and risk-reduction metrics.
- Scale and mature the function; build specialist capabilities and a high-performing team.
- Provide program status and risk posture updates to senior leadership.

Inside Risk & Threat Analysis
- Operate insider threat monitoring/behavioral analytics; define personas, use cases, detection scenarios.
- Refine monitoring across UEBA, DLP, CASB, telemetry, cloud monitoring, and privileged access; reduce false positives.
- Manage insider risk case lifecycle (triage→investigation→response→closure/lessons learned).
- Assess/mitigate GenAI and emerging tech data risks.

Data Loss Prevention (DLP) & Information Protection
- Lead enterprise DLP across endpoints, email, cloud, and collaboration (e.g., Microsoft 365/Teams/SharePoint/Copilot; AWS; Google Cloud).
- Govern data classification; tune DLP rules and controls; embed controls into workflows.
- Track effectiveness via metrics/dashboards.

Qualifications
- BS required in CS/IS/Cybersecurity/Risk Management/Law/Business Admin or related; MS preferred.
- Certifications strongly preferred: CISSP, CISM, CISA, CRISC, CDPSE, CFE (or equivalent).
- 10+ years cybersecurity/data risk/insider risk/information protection/security operations; enterprise-scale program leadership.
- Hands-on DLP/insider threat/U(E)BA/security investigations; fluency with SIEM/UEBA/DLP/EDR-XDR/CASB, IAM/PAM, cloud/collaboration security.
- Working knowledge of GDPR/CCPA/HIPAA; close work with Legal/HR/Compliance required.

Benefits (explicitly stated)
- Health coverage; wellbeing support; 401(k); disability/life insurance; other listed financial protections.
- Paid time off (site/location specific).