Jobs · Engineering · New Jersey

Senior Manager, Emerging Technology Risk

Bristol Myers Squibb · Princeton, NJ · 1 wk ago
Engineering$143k–$174k/yrFull-time

About the role

Bristol Myers Squibb is seeking a Senior Manager, Emerging Technology Risk to join our Security & IT Risk organization. This leader will own the governance, risk, and compliance (GRC) strategy for emerging and disruptive technologies with a primary emphasis on Artificial Intelligence (AI), Generative AI (GenAI), and Large Language Models (LLMs).

Responsibilities

  • Lead the design, implementation, and continuous improvement of BMS’s AI governance framework, including archetype-based control models covering risk classification, control objectives, implementation patterns, and acceptable evidence standards.
  • Conduct structured reviews of emerging AI technologies and tools being considered for enterprise adoption, evaluating each against BMS’s risk appetite, security standards, and regulatory obligations before deployment approval.
  • Lead AI risk and conformity assessments aligned to the EU AI Act, NIST AI RMF, ISO/IEC 42001, and applicable global privacy regulations (GDPR, EDPB, state-level AI laws), including risk classification for high-risk use cases across Clinical, Commercial, and R&D domains.
  • Assess GenAI tools and LLM deployments including Claude (via AWS Bedrock), ChatGPT, and other third-party services for data privacy, contractual, and data residency implications; navigate legal and licensing constraints including third-party data ingestion restrictions and BMS-controlled vs. SaaS deployment considerations.
  • Partner with business, technology, Legal, and Privacy stakeholders to define and implement controls for approved AI technologies, ensuring controls are practical, embedded in workflows, and aligned to identified risks.
  • Design and execute control testing programs for AI-specific controls, including pre-deployment validation, post-deployment effectiveness testing, and periodic re-assessment as AI capabilities and risk profiles evolve; document results, gaps, and remediation plans and track findings through to closure.
  • Collaborate with Cloud and security engineering to embed foundational GRC controls at the AI gateway and control plane levels prior to production deployment, incorporating model traceability, privacy-by-design, and audit trail requirements.
  • Serve as GRC subject matter expert on BMS’s Secure AI, translating complex risk assessments and control testing outcomes into executive-ready presentations, actionable guidance, and governance reporting for senior leadership.
  • Provide practical guidance to business units on compliant AI tool usage, risk-appetite alignment, and governance requirements; serve as a trusted advisor to product and technology teams navigating the AI review and approval process.
  • Monitor and assess risks from next-generation AI capabilities including agentic AI, multi-modal GenAI, synthetic data pipelines, and quantum-accelerated inference.

Qualifications

  • Bachelor's degree required in Information Security, Computer Science, Risk Management, Data Science, or a related field.
  • 8+ years of progressive experience in GRC, information security, or technology risk, with at least 2–3 years directly focused on AI, emerging technology, or data governance.
  • Demonstrated success designing and operationalizing GRC control frameworks for AI or advanced technology platforms in a large, complex enterprise.
  • Hands-on experience with AI governance frameworks: NIST AI RMF, EU AI Act compliance, and/or ISO/IEC 42001 or 23894.
  • Experience assessing LLM/GenAI tools for enterprise deployment risk including prompt injection, hallucination risk, IP leakage, and training data privacy.
  • Strong understanding of cloud-based AI deployment architectures and the data residency/privacy implications of BMS-controlled vs. third-party SaaS environments.
  • Proven ability to influence and communicate with senior executives and external advisors.

Preferred Qualifications

  • Experience in Life Sciences, Pharma, or a highly regulated industry (FDA oversight, GxP, clinical data governance).
  • Experience with AI gateway architecture, API security controls, and control plane governance.
  • Exposure to agentic AI systems, model cards, data lineage frameworks, and model lifecycle governance.

Skills

  • Technical GRC Skills: AI/ML risk assessment & model governance, EU AI Act, NIST AI RMF, ISO 42001, GenAI & LLM risk (hallucination, prompt injection, IP), Cloud architecture & AI gateway controls (AWS/Azure), Data lineage, model traceability, audit readiness, GRC platform tooling (ServiceNow, OneTrust).
  • Leadership & Business Skills: Executive presence & risk communication, Cross-functional stakeholder influence, Program management & workstream coordination, Vendor & consultant management, Training & change management.

Benefits

Our benefits include: Health Coverage, wellbeing support, financial well-being and protection, paid time off, and more. Visit careers.bms.com/life-at-bms/ for details.

Similar jobs