
Posted 6 days ago
Senior IT Risk Analyst
Bristol Myers Squibb
Requirements
5–10 years IT risk management experience, Knowledge of NIST Cyber Risk Management Framework, Knowledge of NIST 800-53, Experience with GDPR, EU AI Act, or CCPA, Advanced experience with GRC platforms, Experience with AI/ML or emerging technology risk
Skills
risk managementCybersecurityNISTGDPRServiceNowAI
About the role
Responsibilities
- Serve as the senior analytical authority for complex, high-tier risk cases, including Cyber Risk, AI risk, and cross-jurisdictional privacy complexity.
- Provide strategic risk advisory support to IT leadership, Legal/Privacy, and business stakeholders, translating complex landscapes into actionable guidance.
- Own the integrity of risk determination records for high-profile programs and provide independent reviews for ambiguous risk signals.
- Monitor patterns across risk assessments to identify systematic accuracy issues, framework gaps, or emerging risk themes.
- Support the evolution of the integrated risk framework and contribute to continuous monitoring initiatives.
- Lead engagement with senior project sponsors, IT architects, and Compliance teams on high-complexity assessments.
- Ensure audit-ready documentation standards and validate complex GRC records for accuracy and defensibility.
- Mentor and guide junior analysts, serving as a calibration resource and quality anchor for the team.
Requirements
- 5–10 years of progressive experience in IT risk management, cybersecurity risk, IT audit, or privacy compliance.
- Deep knowledge of NIST Cyber Risk Management Framework and NIST 800-53 controls library.
- Proficiency with at least one major privacy regulatory framework, such as GDPR, EU AI Act, or CCPA.
- Advanced experience working with GRC platforms (e.g., ServiceNow GRC or equivalent).
- Proven experience with AI/ML, automation, or emerging technology risk programs.
- Strong executive communication skills with experience presenting findings to senior leadership or audit audiences.
Preferred Qualifications
- Experience in digital transformation and data privacy risk governance.
- Ability to drive alignment across Legal, Privacy, IT, and Business functions without formal authority.
- Strategic mindset with the ability to interpret system-generated risk signals in an automation-enabled environment.
About the Company
Bristol Myers Squibb is a global biopharmaceutical company with a mission to discover, develop, and deliver innovative medicines that help patients prevail against serious diseases. We offer a supportive culture that promotes global participation and shared values of passion, innovation, and integrity.
ScoutJobs Agent
Get matches like this delivered daily
Sign up free — we'll pull jobs that fit your CV from across the web and rank them for you.
Get started — it's freeSenior IT Risk Analyst
Bristol Myers Squibb · Hyderabad
