Director, Information Protection Management

About The Position

Requirements

• 10+ years of experience in Information Security or Risk Management, with at least 4 years in a leadership role.
• Bachelor’s degree in Computer Science, Information Systems, Business Administration, or a related field or equivalent and relevant experience and certifications
• Deep understanding of Data Loss Prevention (DLP) tools (e.g. Microsoft Purview, Netskope, structured and unstructured data) and Data Security, Data Governance, and Data Classification methodologies.
• Strong familiarity with global privacy laws and frameworks (NIST CSF, ISO 27001, GDPR, CCPA, CSL/MLPS/DSL/PIPL, EO14117)

Responsibilities

• Define and execute the roadmap for the Information Protection program, aligning security initiatives with business objectives and regulatory requirements (e.g., SOX, GDPR, CSL/MLPS/DSL/PIPL, EO14117)
• Author, collaborate, maintain policies regarding data security, data classification, handling, retention, and destruction ensuring policies are practical and enforceable
• Participate as core member to lead the effort to discover, classify, and tag unstructured and structured data across on-premise, cloud, and third-party environments
• Define and enforce enterprise standards for data encryption (at-rest, in-transit, and in-use) and Key Management (KMS/HSM)
• Oversee the implementation of advanced data security techniques, including tokenization and data masking controls for sensitive/regulatory environments
• Partner with Data Strategy team to implement database activity monitoring (DAM) and ensure robust access controls for structured data repositories (SQL, NoSQL, Data Lakes)
• Lead the deployment of DSPM tools to automatically discover shadow data, identify misconfigurations, and map data lineage across cloud environments
• Oversee the deployment and tuning of DLP technologies (Endpoint, Network, Email, and Cloud/CASB, etc.). Manage the workflow for incident triage and investigation
• Collaborate with HR, Legal, and Compliance to establish an Insider Risk program that identifies and mitigates risks from malicious or negligent internal actors
• Partner with Cloud Architecture teams to ensure information protection standards are applied to IaaS/PaaS/SaaS environments (e.g., AWS S3 buckets, Azure Blob Storage, Microsoft 365, Salesforce, etc.)
• Develop executive-level dashboards that demonstrate the effectiveness of the Information Protection program (e.g., risk reduction metrics, incident response times, coverage ratios)
• Serve as the primary point of contact for internal and external audits regarding data privacy and protection controls
• Assist in evaluating the data security posture of third-party vendors and partners

Benefits

• All Company employees have the opportunity to own shares of BeOne Medicines Ltd. stock because all employees are eligible for discretionary equity awards and to voluntarily participate in the Employee Stock Purchase Plan.
• The Company has a comprehensive benefits package that includes Medical, Dental, Vision, 401(k), FSA/HSA, Life Insurance, Paid Time Off, and Wellness.