Working with Us Challenging. Meaningful. Life-changing. Those aren't words that are usually associated with a job. But working at Bristol Myers Squibb is anything but usual. Here, uniquely interesting work happens every day, in every department. From optimizing a production line to the latest breakthroughs in cell therapy, this is work that transforms the lives of patients, and the careers of those who do it. You'll get the chance to grow and thrive through opportunities uncommon in scale and scope, alongside high-achieving teams rich in diversity. Take your career farther than you thought possible. Bristol Myers Squibb recognizes the importance of balance and flexibility in our work environment. We offer a wide variety of competitive benefits, services and programs that provide our employees with the resources to pursue their goals, both at work and in their personal lives. Read more: careers.bms.com/working-with-us. Position Summary This position, within the Privacy function of the Compliance and Ethics group at Bristol Myers Squibb (BMS), will conduct regulatory intelligence, draft and update privacy policies and procedures, lead the development of a privacy compliance risk assessment framework, and support the demonstration of accountability with BMS' Privacy Program, including its Binding Corporate Rules and any other transfer mechanisms, privacy standards codes of conduct and certifications. This role requires a blend of privacy knowledge and compliance expertise to provide timely, pragmatic, and solution-oriented advice while balancing the need to safeguard sensitive information and enable business innovation and growth. The ideal candidate will have experience in the pharmaceutical or healthcare industry and a passion for championing privacy principles throughout the organization. Key Responsibilities * Regulatory Intelligence: Monitor and analyze emerging global and U.S. privacy laws, significant case law, and new guidance from supervisory and data privacy authorities to identify impactful requirements on company operations. Develop a communication framework to effectively inform the organization of relevant legal developments. Participate in Training & Awareness activities by developing materials and conducting training to BMS employees. Provide support to the Data Risk Office and relevant stakeholders in the enhancement of Privacy Program related activities to address the new requirements. * Privacy Policies and Procedures: Draft and revise the BMS' Privacy Policies and Procedures. Identify non-privacy policies and procedures that include embedded privacy requirements, ensuring they comply with current privacy standards. Propose and implement necessary updates to privacy policies and procedures and facilitate alignment with regulatory expectations. * Privacy Compliance Risk Assessments: Identify key areas requiring assessment and establish criteria for evaluating privacy risks. Support the development of a privacy compliance risk assessment framework by outlining the methodology, timing, and focus areas. Create a privacy risk assessment template with clear criteria and measurement standards. Evaluate assessment responses and collaborate with the Compliance team to determine risk scores. Collaborate with the Data Risk Office and relevant stakeholders in identifying and enhancing program controls to increase effectiveness of the privacy program and to further mitigate privacy risks. * Privacy Standards, BCR Monitoring and Compliance Support: In close collaboration with the European Data Protection Officer, support evaluation and enhancement of internal compliance mechanisms to demonstrate adherence to BMS' Binding Corporate Rules (BCRs), GDPR and any other privacy related standard, code of conduct, transfer mechanism or certification that BMS adheres to. Monitor BCR compliance, recommend improvements, and maintain detailed documentation of data processing activities, risk assessments, impact assessments, and compliance measures. * Cross-Functional Collaboration: Collaborate with legal, compliance, IT, security, and other stakeholders to align privacy initiatives with broader business objectives and ensure a coordinated approach to privacy risk management. Serve as a trusted advisor on privacy compliance matters and provide regular updates on privacy-related developments and initiatives. * Other Duties and Responsibilities: Perform any other duties and responsibilities as assigned, including tasks that may arise to support the overall goals and objectives of the Privacy function and the Compliance and Ethics group. Key Competencies * Candidate should have a law degree and a minimum of 5 years of legal experience, preferably at another pharmaceutical company, a research institution, or with a law firm that advises pharmaceutical, biotech, or medical research institutions. * Candidate should have functional knowledge of emerging US privacy laws especially CCPA, WMHMDA, and GDPR with demonstrated experience in identifying and communicating impact of emerging legislation on business operations. * CIPP/CIPM/CIPT certification (or equivalent) preferred. * Candidate must have strong analytical skills to identify, assess, and mitigate privacy risks, ensuring the comprehensive development of a privacy compliance risk assessment framework. * Candidate should have experience working with the technology department to support and provide advice with respect to integrating privacy requirements into technological processes and systems. * Candidate must have excellent communication skills, convey privacy concepts to non-technical stakeholders, and influence decision-making. High integrity, strategic and creative thinking, and risk assessment abilities are essential. * The candidate should be a self-starter, work well independently and in teams, and collaborate effectively across functions, building strong relationships with legal and business colleagues. * Candidate must show commitment to Bristol Myers Squibb's mission and values. #LI-Hybrid If you come across a role that intrigues you but doesn't perfectly line up with your resume, we encourage you to apply anyway. You could be one step away from work that will transform your life and career. Uniquely Interesting Work, Life-changing Careers With a single vision as inspiring as "Transforming patients' lives through science ", every BMS employee plays an integral role in work that goes far beyond ordinary. Each of us is empowered to apply our individual talents and unique perspectives in an inclusive culture, promoting diversity in clinical trials, while our shared values of passion, innovation, urgency, accountability, inclusion and integrity bring out the highest potential of each of our colleagues. On-site Protocol BMS has a diverse occupancy structure that determines where an employee is required to conduct their work. This structure includes site-essential, site-by-design, field-based and remote-by-design jobs. The occupancy type that you are assigned is determined by the nature and responsibilities of your role: Site-essential roles require 100% of shifts onsite at your assigned facility. Site-by-design roles may be eligible for a hybrid work model with at least 50% onsite at your assigned facility. For these roles, onsite presence is considered an essential job function and is critical to collaboration, innovation, productivity, and a positive Company culture. For field-based and remote-by-design roles the ability to physically travel to visit customers, patients or business partners and to attend meetings on behalf of BMS as directed is an essential job function. BMS is dedicated to ensuring that people with disabilities can excel through a transparent recruitment process, reasonable workplace accommodations/adjustments and ongoing support in their roles. Applicants can request a reasonable workplace accommodation/adjustment prior to accepting a job offer. If you require reasonable accommodations/adjustments in completing this application, or in any part of the recruitment process, direct your inquiries to adastaffingsupport@bms.com. Visit careers.bms.com/eeo-accessibility to access our complete Equal Employment Opportunity statement. BMS cares about your well-being and the well-being of our staff, customers, patients, and communities. As a result, the Company strongly recommends that all employees be fully vaccinated for Covid-19 and keep up to date with Covid-19 boosters. BMS will consider for employment qualified applicants with arrest and conviction records, pursuant to applicable laws in your area. Any data processed in connection with role applications will be treated in accordance with applicable data privacy policies and regulations.