Senior Manager, Emerging Technology Risk
Bristol Myers Squibb · Princeton, NJ · 1 wk ago
Engineering$143k–$174k/yrFull-time
About the role
Bristol Myers Squibb is seeking a Senior Manager, Emerging Technology Risk to join our Security & IT Risk organization. This leader will own the governance, risk, and compliance (GRC) strategy for emerging and disruptive technologies with a primary emphasis on Artificial Intelligence (AI), Generative AI (GenAI), and Large Language Models (LLMs).
Responsibilities
- Lead the design, implementation, and continuous improvement of BMS’s AI governance framework, including archetype-based control models covering risk classification, control objectives, implementation patterns, and acceptable evidence standards.
- Conduct structured reviews of emerging AI technologies and tools being considered for enterprise adoption, evaluating each against BMS’s risk appetite, security standards, and regulatory obligations before deployment approval.
- Lead AI risk and conformity assessments aligned to the EU AI Act, NIST AI RMF, ISO/IEC 42001, and applicable global privacy regulations (GDPR, EDPB, state-level AI laws), including risk classification for high-risk use cases across Clinical, Commercial, and R&D domains.
- Assess GenAI tools and LLM deployments including Claude (via AWS Bedrock), ChatGPT, and other third-party services for data privacy, contractual, and data residency implications; navigate legal and licensing constraints including third-party data ingestion restrictions and BMS-controlled vs. SaaS deployment considerations.
- Partner with business, technology, Legal, and Privacy stakeholders to define and implement controls for approved AI technologies, ensuring controls are practical, embedded in workflows, and aligned to identified risks.
- Design and execute control testing programs for AI-specific controls, including pre-deployment validation, post-deployment effectiveness testing, and periodic re-assessment as AI capabilities and risk profiles evolve; document results, gaps, and remediation plans and track findings through to closure.
- Collaborate with Cloud and security engineering to embed foundational GRC controls at the AI gateway and control plane levels prior to production deployment, incorporating model traceability, privacy-by-design, and audit trail requirements.
- Serve as GRC subject matter expert on BMS’s Secure AI, translating complex risk assessments and control testing outcomes into executive-ready presentations, actionable guidance, and governance reporting for senior leadership.
- Provide practical guidance to business units on compliant AI tool usage, risk-appetite alignment, and governance requirements; serve as a trusted advisor to product and technology teams navigating the AI review and approval process.
- Monitor and assess risks from next-generation AI capabilities including agentic AI, multi-modal GenAI, synthetic data pipelines, and quantum-accelerated inference.
Qualifications
- Bachelor's degree required in Information Security, Computer Science, Risk Management, Data Science, or a related field.
- 8+ years of progressive experience in GRC, information security, or technology risk, with at least 2–3 years directly focused on AI, emerging technology, or data governance.
- Demonstrated success designing and operationalizing GRC control frameworks for AI or advanced technology platforms in a large, complex enterprise.
- Hands-on experience with AI governance frameworks: NIST AI RMF, EU AI Act compliance, and/or ISO/IEC 42001 or 23894.
- Experience assessing LLM/GenAI tools for enterprise deployment risk including prompt injection, hallucination risk, IP leakage, and training data privacy.
- Strong understanding of cloud-based AI deployment architectures and the data residency/privacy implications of BMS-controlled vs. third-party SaaS environments.
- Proven ability to influence and communicate with senior executives and external advisors.
Preferred Qualifications
- Experience in Life Sciences, Pharma, or a highly regulated industry (FDA oversight, GxP, clinical data governance).
- Experience with AI gateway architecture, API security controls, and control plane governance.
- Exposure to agentic AI systems, model cards, data lineage frameworks, and model lifecycle governance.
Skills
- Technical GRC Skills: AI/ML risk assessment & model governance, EU AI Act, NIST AI RMF, ISO 42001, GenAI & LLM risk (hallucination, prompt injection, IP), Cloud architecture & AI gateway controls (AWS/Azure), Data lineage, model traceability, audit readiness, GRC platform tooling (ServiceNow, OneTrust).
- Leadership & Business Skills: Executive presence & risk communication, Cross-functional stakeholder influence, Program management & workstream coordination, Vendor & consultant management, Training & change management.
Benefits
Our benefits include: Health Coverage, wellbeing support, financial well-being and protection, paid time off, and more. Visit careers.bms.com/life-at-bms/ for details.