EU Data Protection and Governance Lead
Bristol Myers Squibb (BMS) has one of the richest biopharmaceutical pipelines in the industry. We discover, develop, and manufacture lifesaving and life altering drugs in cancer, hepatitis C, heart disease, and other therapeutic areas. BMS also has one of the most reliable supply networks and our clinical operations program is among the best and busiest anywhere. We are a company that is forward thinking, a company in which diversity and inclusion are at the forefront of how we view our talent and how we work. Our science is second to none and the transformation work underway will enable us to continue to lead our peer group.
Bristol-Myers Squibb is looking for a EU Data Protection and Governance Lead to support the GDPR compliance readiness and sustainability.
Reporting to the Head of Enterprise Data Governance and Policies, the EU Data Protection and Governance Lead will be a data protection and privacy subject matter expert (SME) with good understanding of the GDPR regulation and supporting legal requirements. This role is expected to promote and operationalize the Privacy and Data Protection policies and processes, established by the office of DPO, across BMS business functions and partners operating in EU member states
- Represent the BMS’s “Office of DPO” in building and sustaining effective working relationship and communication with the representatives of Lead Data Protection Authority
- Oversee, manage and drive adoption of GDPR Policies, Processes and Standards.
- Own and lead the GDPR focused initiatives and programs at country level in collaboration with in-country privacy leads
- Provide support, advice and guidance to the organization on their data protection obligations and responsibilities
- Support with the design, development and maintenance of an ongoing awareness program through broader communication and focused training for employees and partners
- Deal with queries from business areas on their ongoing activities and plans will be GDPR compliant and helping to identify the potential solutions
- Work under the direction of Data Protection Council to establish local procedures and data protection framework for the business functions that will embody GDPR requirements
- Coordinate with the enterprise Data Governance teams and country level work councils to sustain GDPR compliance.
- Support the management and coordination of periodic privacy reviews and remediation efforts
- Coordinate with compliance and info-security personnel as needed to support integration of privacy, compliance, and security activities and operations.
- Implement corporate privacy strategy through integrated roadmap and solutions
- Participate in privacy incident management and breach assessment/monitoring activities.
- Setting clear directions and objectives that align with established privacy practices & policies
- Work with EU business process owners and functional leads to define privacy requirements and controls for all business programs and projects impaction PII
This job might be for you if:
- You have prior experience in leading a Privacy and Data Protection function or a role with working in a matrixed organization construct involving interaction with external EU regulatory agencies, business operations teams and IT business partnering organizations
- You have extensive privacy review/impact assessment experience in business processes and technology.
- You have a deep understanding of effective management of Personally Identifiable Information (PII), protecting of the Data Subject Rights and enabling data processing for business outcomes
- You have awareness and working experience in information and data governance practices
- You have the ability to quickly ramp up on new technologies and identify and mitigate likely privacy risks.
- You have 7+ years implementing designed operational programs (focusing on people, process & technology) and 3+ years of experience in a lead role in the Governance Risk & Compliance arena
- You have the ability to lead cross-functional collaboration and facilitation for decision making
- You have program management experience (particularly in the area of privacy compliance programs)
- You have the ability to understand system and technical architecture to analyze data lineage and structures for performing data privacy impact assessment (DPIA)
- You have the ability to work independently in highly ambiguous environments
Bachelors degree or equivalent is also required
Why should you apply:
- This role will be a critical contributor in ensuring the Data Privacy and Protection accountability of the Enterprise Information and Data Management is met . For aspiring candidates, it offers a broader leadership role in data privacy and governance accountability beyond EU.
- You will help patients in their fight against serious diseases and you will increase the survival of more people with cancer
- You will be part of a company that encourages excellence and innovation, respects diversity, develops leaders and values its employees.
- You’ll get a competitive salary and a great benefits package including an annual bonus, pension contribution, family health insurance, 23.5 days annual leave plus 3 Company days, life assurance and gain-sharing bonus.
Apply now by clicking the Apply button, or email me at firstname.lastname@example.org for more information.