×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Data Security Data Analyst Information Security

Director Data Risk & Protection

Job in Princeton, Mercer County, New Jersey, 08544, USA
Listing for: Bristol Myers Squibb
Full Time position
Listed on 2026-06-11
Job specializations:
  • IT/Tech
    Cybersecurity, Data Security, Data Analyst, Information Security
Job Description & How to Apply Below
Working with Us

Challenging. Meaningful. Life-changing. Those aren't words that are usually associated with a job. But working at Bristol Myers Squibb is anything but usual. Here, uniquely interesting work happens every day, in every department. From optimizing a production line to the latest breakthroughs in cell therapy, this is work that transforms the lives of patients, and the careers of those who do it.

You'll get the chance to grow and thrive through opportunities uncommon in scale and scope, alongside high-achieving teams. Take your career farther than you thought possible.

Bristol Myers Squibb recognizes the importance of balance and flexibility in our work environment. We offer a wide variety of competitive benefits, services and programs that provide our employees with the resources to pursue their goals, both at work and in their personal lives. Read more:

Key Responsibilities:

* Define and lead BMS's enterprise Data Risk and Protection strategy, aligned to the company's risk appetite, regulatory requirements, and broader cybersecurity strategy.

* Design and implement the Data Risk and Protection operating model & engagement, including team structure, roles and responsibilities, process workflows, tooling stack, and an integrated engagement model with Cybersecurity Fusion Center, Legal, HR, Compliance, Audit, and key Business Units.

* Establish, maintain, and continuously evolve a comprehensive Data Risk & Protection program, encompassing policy governance, use-case development, monitoring, detection, response, and remediation.

* Develop and execute a multi-year capability roadmap with clear priorities, milestones, measurable KPIs, and outcome-based risk reduction metrics.

* Lead the scaling and maturation of the Data Risk & Protection function, building specialist capabilities and fostering a high-performing team.

* Provide regular program status reporting and risk posture updates to senior leadership, governance bodies.

Inside Risk & Threat Analysis:

* Establish and operationalize insider threat monitoring and behavioral analytics capabilities to improve visibility and enable timely response.

* Define and maintain insider threat personas, use cases, and detection scenarios (e.g., intellectual property theft, clinical trial data exfiltration, fraud, sabotage, negligent data leakage, Generative AI misuse), informed by threat intelligence, business context, and prior incident trends.

* Collaborate with technical teams to design, operate, and continuously refine monitoring and analytics capabilities, including UEBA, DLP, CASB, endpoint and identity telemetry, cloud security monitoring, and privileged access monitoring, with a focus on improving detection coverage and reducing false positives.

* Oversee the end-to-end insider risk case lifecycle, from alert generation through triage, investigation, response, closure, and lessons learned, coordinating across Cybersecurity Fusion Center, HR, Legal, Compliance, Corporate Security, and Business Units.

* Ensure timely and proportionate incident responses, applying a risk-based methodology that distinguishes between malicious, negligent, and compromised actors, and driving root-cause analysis to strengthen controls and processes.

* Assess and mitigate data risks associated with Generative AI and emerging technologies, including data leakage via AI tools, model misuse, shadow AI adoption, and unapproved application usage.

Data Loss Prevention (DLP) & Information Protection

* Lead the strategy, design, and operational management of BMS's enterprise DLP program across endpoints, email, cloud, and collaboration platforms (e.g., Microsoft 365, Teams, SharePoint, Copilot, AWS, Google Cloud etc).

* Define and govern data classification policies and standards, ensuring sensitive BMS data - including clinical trial data, intellectual property, PII, and regulated data - is appropriately labelled, handled, and protected.

* Drive continuous tuning, optimization, and lifecycle management of DLP rules, policies, and controls to improve accuracy, reduce operational burden, and align with evolving business needs.

* Partner with IT Security Architecture and Engineering teams to ensure data protection controls are embedded into infrastructure, application development, and cloud adoption workflows.

* Establish metrics and dashboards to track DLP program effectiveness, data exposure trends, policy violations, and remediation outcomes, and report regularly to senior leadership.

Policy, Governance, Assurance & Culture

* Develop, review, and maintain data risk and protection policies, standards, and guidelines (e.g., acceptable use, data handling, monitoring, GenAI usage) in close collaboration with Legal, HR, Compliance, and Privacy teams.

* Establish clear escalation paths, decision rights, and documentation standards for data-related incidents and insider risk cases, ensuring all activities comply with applicable laws, regulations, and internal policies - particularly around privacy, data…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search