Sr. Manager, Cybersecurity, Risk Assessments
Working with Us
Challenging. Meaningful. Life-changing. Those aren’t words that are usually associated with a job. But working at Bristol Myers Squibb is anything but usual. Here, uniquely interesting work happens every day, in every department. From optimizing a production line to the latest breakthroughs in cell therapy, this is work that transforms the lives of patients, and the careers of those who do it. You’ll get the chance to grow and thrive through opportunities uncommon in scale and scope, alongside high-achieving teams rich in diversity. Take your career farther than you thought possible.
Bristol Myers Squibb recognizes the importance of balance and flexibility in our work environment. We offer a wide variety of competitive benefits, services and programs that provide our employees with the resources to pursue their goals, both at work and in their personal lives. Read more: careers.bms.com/working-with-us
The Sr. Manager, Risk Assessments in Cybersecurity will work in a team environment to plan and execute dynamic cyber, privacy and supplier risk assessments and identify value-added recommendations to strengthen Company processes and controls. The Sr. Manager is responsible for providing guidance, ensuring quality, and timeliness of the assessment. They are accountable for managing a team of Cybersecurity Risk Assessment Analysts assigned by providing guidance, reviewing work for all assessment sections, and proactively providing timely performance feedback to their team.
Major Responsibilities and Accountabilities:
- Work collaboratively with Business, IT and Cybersecurity teams to execute risk assessments covering technical, organizational, and privacy controls
- Lead planning activities to identify significant risks and design appropriate risk-based assessment procedures for processes, systems, infrastructure and cloud environments based on regulations, business criticality and cyber threat landscape
- Lead meetings involving various levels of management to effectively communicate assessment status and recommendations, manage relationships, and help build partnership
- Demonstrate strong project management skills to drive all phases of the risk assessment process
- Demonstrate strong business process and biopharma industry knowledge
- Review assessment documentation prepared by analysts to ensure they are clear, concise, high quality, and include details to support the conclusion of effectiveness of the implemented controls
- Prepare assessment summary and clearly written, concise control attestation that effectively communicate any identified issues and their related value add corrective actions
- Provide on-the-job coaching and feedback to analysts to foster an environment of continuous development
- 4 - 6 years of prior Cybersecurity/ Risk management / IT audit and/or IT related experience (e.g., Business Analysis, Project Management, Operations, Privacy and Compliance)
- Bachelor’s degree or equivalent experience is required
- Strong knowledge of the NIST Cyber Risk Management Framework and NIST 800-53 controls library.
- Strong learning agility and ability to influence senior leaders
- Creative thinking balanced with a pragmatic approach
- Exhibit a positive work approach, with high productivity and a collaborative spirit
- Strong written and verbal skills and the ability to work well with a diverse population
- Strong organizational skills, the ability to multi-task, and attention to detail are required for this position
- Proven skills in balancing competing demands and requests by taking initiative to adjust or change priorities
- Ability to work independently with minimal supervision while using discretion and judgment to know when to escalate concerns or issues
- Ability to analyze and solve complex problems with good judgement, often using creative solutions
Following skills and/or experiences are an advantage:
- MBA or other advanced degree a plus
- Professional certification (i.e., CISSP, CIPP, CISA or equivalent)
- Experience in assessing system pre/post implementations, cybersecurity, data privacy, digital transformation, and other emerging technologies
- Experience with a GRC tool
If you come across a role that intrigues you but doesn’t perfectly line up with your resume, we encourage you to apply anyway. You could be one step away from work that will transform your life and career.
Uniquely Interesting Work, Life-changing Careers
With a single vision as inspiring as “Transforming patients’ lives through science™ ”, every BMS employee plays an integral role in work that goes far beyond ordinary. Each of us is empowered to apply our individual talents and unique perspectives in an inclusive culture, promoting diversity in clinical trials, while our shared values of passion, innovation, urgency, accountability, inclusion and integrity bring out the highest potential of each of our colleagues.
Physical presence at the BMS worksite or physical presence in the field is a necessary job function of this role, which the Company deems critical to collaboration, innovation, productivity, employee well-being and engagement, and it enhances the Company culture.
To protect the safety of our workforce, customers, patients and communities, the policy of the Company requires all employees and workers in the U.S. and Puerto Rico to be fully vaccinated against COVID-19, unless they have received an exception based on an approved request for a medical or religious reasonable accommodation. Therefore, all BMS applicants seeking a role located in the U.S. and Puerto Rico must confirm that they have already received or are willing to receive the full COVID-19 vaccination by their start date as a qualification of the role and condition of employment. This requirement is subject to state and local law restrictions and may not be applicable to employees working in certain jurisdictions such as Montana. This requirement is also subject to discussions with collective bargaining representatives in the U.S.
BMS is dedicated to ensuring that people with disabilities can perform complex functions through a transparent recruitment process, reasonable workplace adjustments and ongoing support in their roles. Applicants can request an accommodation prior to accepting a job offer. If you require reasonable accommodation in completing this application, or in any part of the recruitment process, direct your inquiries to email@example.com. Visit careers.bms.com/eeo-accessibility to access our complete Equal Employment Opportunity statement.
BMS will consider for employment qualified applicants with arrest and conviction records, pursuant to applicable laws in your area.
Any data processed in connection with role applications will be treated in accordance with applicable data privacy policies and regulations.