Senior Manager, Emerging Technology Risk
Listed on 2026-07-17
-
IT/Tech
AI Engineer (Applied/Software), Information Security, Cybersecurity, Data Security
Working with Us
Challenging. Meaningful. Life-changing. Those aren’t words that are usually associated with a job. But working at Bristol Myers Squibb is anything but usual. Here, uniquely interesting work happens every day, in every department. From optimizing a production line to the latest breakthroughs in cell therapy, this is work that transforms the lives of patients, and the careers of those who do it.
You’ll get the chance to grow and thrive through opportunities uncommon in scale and scope, alongside high-achieving teams. Take your career farther than you thought possible.
Bristol Myers Squibb is seeking a Senior Manager, Emerging Technology Risk to join our Security & IT Risk organization. This leader will own the governance, risk, and compliance (GRC) strategy for emerging and disruptive technologies with a primary emphasis on Artificial Intelligence (AI), Generative AI (GenAI), and Large Language Models (LLMs). As AI rapidly embeds itself into BMS's clinical, commercial, and operational functions, this role is critical to ensuring that AI deployments are safe, compliant, and operationally resilient.
The Senior Manager will lead BMS's Secure AI GRC program, partnering closely with business technology leaders, Legal, Privacy, Enterprise Architecture, and external advisors to operationalize AI risk frameworks, archetype-based control models, and regulatory compliance programs across a global, highly regulated pharmaceutical environment. This is a high-visibility, cross-functional leadership role that requires both deep technical GRC expertise and the executive presence to influence senior stakeholders and translate complex risk topics into clear, actionable guidance.
- Lead the design, implementation, and continuous improvement of BMS’s AI governance framework, including archetype-based control models covering risk classification, control objectives, implementation patterns, and acceptable evidence standards.
- Conduct structured reviews of emerging AI technologies and tools being considered for enterprise adoption, evaluating each against BMS’s risk appetite, security standards, and regulatory obligations before deployment approval.
- Lead AI risk and conformity assessments aligned to the EU AI Act, NIST AI RMF, ISO/IEC 42001, and applicable global privacy regulations (GDPR, EDPB, state-level AI laws), including risk classification for high-risk use cases across Clinical, Commercial, and R&D domains.
- Assess GenAI tools and LLM deployments including Claude (via AWS Bedrock), ChatGPT, and other third-party services for data privacy, contractual, and data residency implications; navigate legal and licensing constraints including third-party data ingestion restrictions and BMS-controlled vs. SaaS deployment considerations.
- Partner with business, technology, Legal, and Privacy stakeholders to define and implement controls for approved AI technologies, ensuring controls are practical, embedded in workflows, and aligned to identified risks.
- Design and execute control testing programs for AI-specific controls, including pre-deployment validation, post-deployment effectiveness testing, and periodic re-assessment as AI capabilities and risk profiles evolve; document results, gaps, and remediation plans and track findings through to closure.
- Collaborate with Cloud and security engineering to embed foundational GRC controls at the AI gateway and control plane levels prior to production deployment, incorporating model traceability, privacy-by-design, and audit trail requirements.
- Serve as GRC subject matter expert on BMS’s Secure AI, translating complex risk assessments and control testing outcomes into executive-ready presentations, actionable guidance, and governance reporting for senior leadership.
- Provide practical guidance to business units on compliant AI tool usage, risk-appetite alignment, and governance requirements; serve as a trusted advisor to product and technology teams navigating the AI review and approval process.
- Monitor and assess risks from next-generation AI capabilities including agentic AI, multi-modal GenAI, synthetic data pipelines, and…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).