Executive Director, Privacy Law & Compliance

About The Position

Requirements

• Advanced degree in Law, Compliance, or related field.
• 15+ years of experience in privacy, data protection, or compliance, with global leadership exposure.
• Expertise in GDPR, CCPA, PIPL, and other international privacy regulations.
• Strong leadership, communication, and stakeholder engagement skills.
• Experience leveraging AI‑enabled tools to enhance efficiency and impact.

Responsibilities

• Strategic Leadership: Leads global privacy team. Define and execute the global privacy strategy aligned with corporate objectives and regulatory requirements. Serve as the primary advisor to senior leadership on privacy risks and emerging regulations.
• Governance & Compliance: Oversee implementation of global privacy frameworks, including Binding Corporate Rules (BCRs) and GDPR compliance programs. Ensure harmonization of global privacy notices and standards across jurisdictions. Monitor changes in global privacy laws and assess their impact on pharmaceutical operations, ensuring timely updates to compliance strategies. Drive market-level privacy compliance by shaping strategies that align global frameworks with local regulatory landscapes, enabling operational agility and business continuity. In partnership with Data Governance Law and Compliance and BI&T, establish a global data transfer strategy that ensures compliance with evolving cross-border regulations while enabling secure, lawful, and efficient data flows to support business operations and innovation.
• Policy Development: In partnership with BI&T, establish and maintain privacy policies, SOPs, and directives for personal data processing, sensitive data handling, and employee data protection.
• Risk Management & Audits: Direct privacy impact assessments (DPIAs), audits, and remediation plans for high-risk data processing activities. Collaborate with internal audit, compliance, and Cybersecurity teams to monitor adherence to privacy obligations. Advise BI&T on notice obligations attendant to data breaches.
• Technology & Innovation: In partnership with BI&T, advise on and develop technology platforms to aid the automation of privacy operations.
• Cross-Functional Collaboration: Partner with AI Law & Compliance, Data Governance Law & Compliance, Digital Health Law & Compliance, BI&T, and business teams to integrate privacy into technology and product development. Act as liaison with regulators and industry bodies on privacy matters.
• Training & Awareness: Partner with BI&T to develop and deliver global privacy training programs and awareness campaigns for employees and third parties. Promote a culture of accountability and ethical data use across the enterprise.

Benefits

• Health Coverage: Medical, pharmacy, dental, and vision care.
• Wellbeing Support: Programs such as BMS Well-Being Account, BMS Living Life Better, and Employee Assistance Programs (EAP).
• Financial Well-being and Protection: 401(k) plan, short- and long-term disability, life insurance, accident insurance, supplemental health insurance, business travel protection, personal liability protection, identity theft benefit, legal support, and survivor support.
• Work-life benefits include: Paid Time Off US Exempt Employees: flexible time off (unlimited, with manager approval, 11 paid national holidays (not applicable to employees in Phoenix, AZ, Puerto Rico or Rayzebio employees) Phoenix, AZ, Puerto Rico and Rayzebio Exempt, Non-Exempt, Hourly Employees: 160 hours annual paid vacation for new hires with manager approval, 11 national holidays, and 3 optional holidays Based on eligibility, additional time off for employees may include unlimited paid sick time, up to 2 paid volunteer days per year, summer hours flexibility, leaves of absence for medical, personal, parental, caregiver, bereavement, and military needs and an annual Global Shutdown between Christmas and New Years Day. All global employees full and part-time who are actively employed at and paid directly by BMS at the end of the calendar year are eligible to take advantage of the Global Shutdown.
• Eligibility Disclosure: The summer hours program is for United States (U.S.) office-based employees due to the unique nature of their work. Summer hours are generally not available for field sales and manufacturing operations and may also be limited for the capability centers. Employees in remote-by-design or lab-based roles may be eligible for summer hours, depending on the nature of their work, and should discuss eligibility with their manager. Employees covered under a collective bargaining agreement should consult that document to determine if they are eligible. Contractors, leased workers and other service providers are not eligible to participate in the program.