Sr. Director, eDiscovery, Data Protection and Insider Risk Management
At Bristol Myers Squibb, we are inspired by a single vision – transforming patients’ lives through science. In oncology, hematology, immunology and cardiovascular disease – and one of the most diverse and promising pipelines in the industry – each of our passionate colleagues contribute to innovations that drive meaningful change. We bring a human touch to every treatment we pioneer. Join us and make a difference.
The Senior Director of eDiscovery & Insider Risk Management is responsible for developing the overall strategy and execution of BMS’s Data Protection, Insider Threat, and eDiscovery Programs. This role will be the lead for insider threat investigation, data loss prevention, and user/entity behavior analytics programs. This leader will refine and execute the data protection, insider risk, and eDiscovery strategy, mature established governance and operating model, rationalize product toolsets, and influence the modification of business processes for enhanced data protection.
This position will serve on the Cyber & Data Risk Management leadership team while leading the Data Protection and eDiscovery teams, working with technology partners and business unit counterparts to onboard and optimize eDiscovery and data protection functions, while also developing cross-functional capabilities.
The candidate should have a deep technical understanding of general data security disciplines as well as extensive experience in enterprise-level data loss prevention, digital rights management, and user behavior analytics. The candidate should have a deep understanding of the technologies used to facilitate electronic discovery gathering, analysis, and the legal and regulatory requirements therein.
The candidate should be familiar with security industry standards and best practices and must be able to effectively work with development, engineering, and system counterparts across a broad, deeply technical environment in all digital and IT areas. This role will coordinate with application and system owners on all aspects of the data protection solution lifecycle through proof of concept, business analysis, financial modeling, and architecture design to solution deployment. The Senior Director will support their leadership by ensuring all eDiscovery and data protection solutions and technologies are properly supported, implemented, and sufficiently meet the needs for which they are deployed to protect BMS confidential and proprietary data.
Oversee the eDiscovery, Digital Forensics, and Data Protection teams, consisting of direct and indirect reports, including management of managed service provider staff.
Responsibilities include hiring, training, staff development, performance management, and crisis/incident support.
Develop and maintain strategy and policy documents based on sensitive legal discovery and data protection requests that map to BMS’ business requirements and regulatory/privacy requirements
Partner with internal and external stakeholders such as Corporate Security, IT, HR, Risk, Privacy, and Legal as part of execution and program enhancement
Participate in industry peer working groups to stay abreast of the latest technologies and emerging threats.
Ensure compliance with industry and regulatory standards including local laws at global locations.
Sustain high-availability service levels and ensure fulfillment of business-wide service levels and operational support objectives.
Skills and Qualifications
Strong expertise in building high-performing teams, engineering processes, and driving results preferably with global healthcare experience
Knowledge of data privacy regulations and guidelines such as GDPR, PCI, CCPA, etc.
Experience in building digital capabilities in an accelerated timeframe to support business needs
Ability to lead a technical staff working on very sensitive subject areas and with highly sensitive information
Experience with the change management lifecycle, development, and regular preparation of management status and metrics reports
Should have a strong focus on process and ability to support audit discussions
Ability to professionally handle confidential matters with appropriate judgment around escalation
Excellent verbal and written communication skills to translate the vision and strategy into clear priorities and direction, both internally and externally
Working knowledge or familiarity with Cloud security and CASB and how to apply Data Protection to SaaS and Cloud solutions.
Years of Experience: Generally, requires 10+ years related experience. Specifically, 10+ years in data engineering and/or data security (DLP, DRM, and data classification), with at least 5+ years of direct people management experience.
Certifications: Relevant cyber security certifications, such as CISSP, CISM, CEDS, and/or PMP are desired
Around the world, we are passionate about making an impact on the lives of patients with serious diseases. Empowered to apply our individual talents and diverse perspectives in an inclusive culture, our shared values of passion, innovation, urgency, accountability, inclusion and integrity bring out the highest potential of each of our colleagues.
Bristol Myers Squibb recognizes the importance of balance and flexibility in our work environment. We offer a wide variety of competitive benefits, services and programs that provide our employees with the resources to pursue their goals, both at work and in their personal lives.
Physical presence at the BMS worksite or physical presence in the field is an essential job function of this role which the Company deems critical to collaboration, innovation, productivity, employee well-being and engagement, and enhances the Company culture.
To protect the safety of our workforce, customers, patients and communities, the policy of the Company requires all employees and workers in the U.S. and Puerto Rico to be fully vaccinated against COVID-19, unless they have received an exception based on an approved request for a medical or religious reasonable accommodation. Therefore, all BMS applicants seeking a role located in the U.S. and Puerto Rico must confirm that they have already received or are willing to receive the full COVID-19 vaccination by their start date as a qualification of the role and condition of employment. This requirement is subject to state and local law restrictions and may not be applicable to employees working in certain jurisdictions such as Montana. This requirement is also subject to discussions with collective bargaining representatives in the U.S.
Our company is committed to ensuring that people with disabilities can excel through a transparent recruitment process, reasonable workplace adjustments and ongoing support in their roles. Applicants can request an approval of accommodation prior to accepting a job offer. If you require reasonable accommodation in completing this application or if you are applying to a role based in the U.S. or Puerto Rico and you believe that you are unable to receive a COVID-19 vaccine due to a medical condition or sincerely held religious belief, during or any part of the recruitment process, please direct your inquiries to email@example.com. Visit careers.bms.com/eeo-accessibility to access our complete Equal Employment Opportunity statement.
BMS will consider for employment qualified applicants with arrest and conviction records, pursuant to applicable laws in your area.
Any data processed in connection with role applications will be treated in accordance with applicable data privacy policies and regulations.