Head of Cyber Advisory

Profile

Bristol-Myers Squibb is a global Biopharma company committed to a single mission: to discover, develop, and deliver innovative medicines focused on helping millions of patients around the world in disease areas such as oncology, cardiovascular, immunoscience and fibrosis.

Join us and make a difference. We hire the best people and provide them with a work environment that places a premium on diversity, integrity, collaboration and personal development. Through a culture of inclusion, we create a better, more productive work environment. We believe that the diverse experiences and perspectives of all our employees help to drive innovation and transformative business results.

Bristol-Myers Squibb is a global Biopharma company committed to a single mission: to discover, develop, and deliver innovative medicines focused on helping millions of patients around the world in disease areas such as oncology, cardiovascular, immunoscience and fibrosis.

Join us and make a difference. We hire the best people and provide them with a work environment that places a premium on diversity, integrity, collaboration and personal development. Through a culture of inclusion, we create a better, more productive work environment. We believe that the diverse experiences and perspectives of all our employees help to drive innovation and transformative business results.

The Head of Cyber Advisory is accountable for the Cyber Third Party Risk Management (TPRM) Program, Acquisition/Divestiture/Integration Cyber support, and Cyber Special Projects. The Head,Cyber Advisory is a member of the Cybersecurity Leadership Team and reports to the Chief Information Security Officer.

Cyber TPRM:

This leader will oversee the design, delivery, execution, and continuous improvement of BMS’s Cybersecurity TPRM Program aligning both to the objectives of the BMS Cybersecurity organization and the BMS Enterprise TPRM Program. They will:

Provide leadership, strategic direction, oversight and management of BMS’s Cyber TPRM Program to lead the successful execution of the program framework elements in accordance with BMS’s guiding principles and enterprise risk appetite.

Enhance and maintain a sustainable Cyber TPRM framework (including procedures and playbooks) that drives ongoing identification and management of security and privacy risks within the BMS supply chain and compliance with regulatory requirements.

Lead a team in the overall management of the Cyber TPRM Program to identify, monitor, and mitigate risks of new and existing third-party vendors through risk assessments, contractual considerations, remediation, and continuous intelligence based monitoring

Actively engage and collaborate with internal stakeholders and subject matter specialists across various business units, corporate functions and risk groups to contribute to the effective management of third party relationships and ensure the program is functioning in a consistent “fit for purpose” manner

Identify emerging supply chain security and privacy risks and continuously adapt the Cyber TPRM program to proactively address emerging threats

Partner with Cybersecurity, Procurement, Legal, and the Business Lines to ensure compliance of Cyber TPRM policies, procedures, processes and escalation of issues

Bring strategic and innovative thought leadership to Cyber TPRM key stakeholders to drive continuous collaboration, adoption and performance improvement opportunities

Partner with Cyber Governance to develop standardized reporting, key metrics and risk indicators, to provide intelligence based risk information to Cyber Leadership, Procurement and Business partners

Develop reports to present to program steering committees, cross-functional management committees and BMS Leadership Committees, as required

Partner with Enterprise TPRM to promote and deliver continuous training and awareness on Cyber TPRM

Cyber Acquisition, Divestiture, Integration:

This leader is responsible for defining the playbooks for acquisition, divestiture and integration. As BMS is executing a large scale integration, the leader will be responsible for executing the program plan defined during acquisition phase. In addition they will:

Oversee implementation of cyber integration ensuring on-time, on-budget, and results within enterprise risk appetite.

Oversee transition of responsibilities as defined in new operating model.

Develop a playbook, in cooperation with Cybersecurity peers, with which to assess future acquisition/divestiture work

Enable cyber resilience through acquisition and divestiture work

Special projects as assigned

Qualifications:

Bachelor's degree or 15 years relevant experience

Minimum 10 years' experience in relevant cybersecurity domains

Proven understanding of cybersecurity risk assessment and risk management procedures and methodologies. Experience leading and promoting risk discussions based on qualitative and quantitative data.

Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.

Demonstrated ability to successfully manage projects, people and resources in a global business environment.

Strategic ability to develop highly effective risk management strategies.

Exhibits thought leadership, insource/outsource analysis and understanding of key value drivers.

Strong analytical skills.

Strong negotiating skills.

Ability to develop actionable recommendations and implementation plans.

Excellent communication skills (written and verbal).

Strong management skills, with emphasis on people development.

Outstanding cross-functional leadership skills; viewed as credible by business unit/functional leaders.

Willingness to “constructively dissent” and challenge senior management thinking on key cybersecurity and privacy supply chain issues

Visionary leader with a global business perspective.

Able to get buy-in and commitment from both internal and external stakeholders.

Bristol-Myers Squibb recognizes the importance of balance and flexibility in our work environment. We offer a wide variety of competitive benefits, services and programs that provide our employees the resources to pursue their goals, both at work and in their personal lives.

Bristol-Myers Squibb recognizes the importance of balance and flexibility in our work environment. We offer a wide variety of competitive benefits, services and programs that provide our employees the resources to pursue their goals, both at work and in their personal lives.

Bristol-Myers Squibb is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

Company info

Bristol-Myers Squibb Company
Website : http://www.bms.com