Job was saved successfully.
Job was removed from Saved Jobs.

Job Details


Bristol Myers Squibb

Sr. Manager, Cybersecurity, Risk Assessments

Technology

Development Manager

No

Princeton, New Jersey, United States

At Bristol Myers Squibb, we are inspired by a single vision – transforming patients’ lives through science. In oncology, hematology, immunology and cardiovascular disease – and one of the most diverse and promising pipelines in the industry – each of our passionate colleagues contribute to innovations that drive meaningful change. We bring a human touch to every treatment we pioneer. Join us and make a difference.

At Bristol Myers Squibb, we are inspired by a single vision – transforming patients’ lives through science. In oncology, hematology, immunology and cardiovascular disease – and one of the most diverse and promising pipelines in the industry – each of our passionate colleagues contribute to innovations that drive meaningful change. We bring a human touch to every treatment we pioneer. Join us and make a difference.

Summary:

The Sr. Manager, Risk Assessments in Cybersecurity will work in a team environment to plan and execute dynamic cyber, privacy and supplier risk assessments and identify value-added recommendations to strengthen Company processes and controls. The Sr. Manager is responsible for providing guidance, ensuring quality, and timeliness of the assessment. They are accountable for managing a team of Cybersecurity Risk Assessment Analysts assigned by providing guidance, reviewing work for all assessment sections, and proactively providing timely performance feedback to their team.

Major Responsibilities and Accountabilities:

  • Work collaboratively with Business, IT and Cybersecurity teams to execute risk assessments covering technical, organizational, and privacy controls
  • Lead planning activities to identify significant risks and design appropriate risk-based assessment procedures for processes, systems, infrastructure and cloud environments based on regulations, business criticality and cyber threat landscape
  • Lead meetings involving various levels of management to effectively communicate assessment status and recommendations, manage relationships, and help build partnership
  • Demonstrate strong project management skills to drive all phases of the risk assessment process
  • Demonstrate strong business process and biopharma industry knowledge
  • Review assessment documentation prepared by analysts to ensure they are clear, concise, high quality, and include details to support the conclusion of effectiveness of the implemented controls
  • Prepare assessment summary and clearly written, concise control attestation that effectively communicate any identified issues and their related value add corrective actions
  • Provide on-the-job coaching and feedback to analysts to foster an environment of continuous development

Minimum Qualifications:

  • 4 - 6 years of prior Cybersecurity/ Risk management / IT audit and/or IT related experience (e.g., Business Analysis, Project Management, Operations, Privacy and Compliance)
  • Bachelor’s degree is required
  • Strong knowledge of the NIST Cyber Risk Management Framework and NIST 800-53 controls library.
  • Strong learning agility and ability to influence senior leaders
  • Creative thinking balanced with a pragmatic approach
  • Exhibit a positive work approach, with high productivity and a collaborative spirit
  • Strong written and verbal skills and the ability to work well with a diverse population
  • Strong organizational skills, the ability to multi-task, and attention to detail are required for this position
  • Proven skills in balancing competing demands and requests by taking initiative to adjust or change priorities
  • Ability to work independently with minimal supervision while using discretion and judgment to know when to escalate concerns or issues
  • Ability to analyze and solve complex problems with good judgement, often using creative solutions

Following skills and/or experiences are an advantage:

  • MBA or other advanced degree a plus
  • Professional certification (i.e., CISSP, CIPP, CISA or equivalent)
  • Experience in assessing system pre/post implementations, cybersecurity, data privacy, digital transformation, and other emerging technologies
  • Experience with a GRC tool

Around the world, we are passionate about making an impact on the lives of patients with serious diseases. Empowered to apply our individual talents and diverse perspectives in an inclusive culture, our shared values of passion, innovation, urgency, accountability, inclusion and integrity bring out the highest potential of each of our colleagues.

Bristol Myers Squibb recognizes the importance of balance and flexibility in our work environment. We offer a wide variety of competitive benefits, services and programs that provide our employees with the resources to pursue their goals, both at work and in their personal lives.

Physical presence at the BMS worksite or physical presence in the field is an essential job function of this role which the Company deems critical to collaboration, innovation, productivity, employee well-being and engagement, and enhances the Company culture.

To protect the safety of our workforce, customers, patients and communities, the policy of the Company requires all employees and workers in the U.S. and Puerto Rico to be fully vaccinated against COVID-19, unless they have received an exception based on an approved request for a medical or religious reasonable accommodation. Therefore, all BMS applicants seeking a role located in the U.S. and Puerto Rico must confirm that they have already received or are willing to receive the full COVID-19 vaccination by their start date as a qualification of the role and condition of employment. This requirement is subject to state and local law restrictions and may not be applicable to employees working in certain jurisdictions such as Montana. This requirement is also subject to discussions with collective bargaining representatives in the U.S.

Our company is committed to ensuring that people with disabilities can excel through a transparent recruitment process, reasonable workplace adjustments and ongoing support in their roles. Applicants can request an approval of accommodation prior to accepting a job offer. If you require reasonable accommodation in completing this application or if you are applying to a role based in the U.S. or Puerto Rico and you believe that you are unable to receive a COVID-19 vaccine due to a medical condition or sincerely held religious belief, during or any part of the recruitment process, please direct your inquiries to adastaffingsupport@bms.com. Visit careers.bms.com/eeo-accessibility to access our complete Equal Employment Opportunity statement.

BMS will consider for employment qualified applicants with arrest and conviction records, pursuant to applicable laws in your area.

Any data processed in connection with role applications will be treated in accordance with applicable data privacy policies and regulations.