Senior Counsel, Data Governance, Law & Compliance

Bristol Myers SquibbPrinceton, NJ
Hybrid

About The Position

The Senior Counsel, Data Governance, Law & Compliance provides legal and compliance leadership for enterprise data governance initiatives at Bristol Myers Squibb. Sitting within the AI, Data and Privacy Law and Compliance department and reporting to the Head of AI & Data Governance, Law and Compliance, this role partners closely with Business Insights and Technology (BI&T) to advance the company's data governance framework across R&D, Commercial, Medical, Manufacturing, and enabling functions. The Senior Counsel translates evolving global data and AI requirements into practical policies, controls, and guardrails that support responsible data use and AI adoption in a highly regulated life sciences environment, while relying on Privacy Law & Compliance as the enterprise owner of personal data and privacy compliance matters.

Requirements

  • JD (or equivalent legal degree) and active bar membership in at least one U.S. jurisdiction required.
  • 7-10 years of combined legal experience at a top law firm or in-house.
  • Minimum 2 years of substantive experience in data governance or information law, including direct experience building or implementing a data governance program.
  • Working command of data governance frameworks, records management, cross-border transfer, export control, trade secret protection, and AI and data regulatory frameworks (EU AI Act and analogous regimes), with sufficient familiarity with global privacy law (HIPAA, GDPR, U.S. state regimes) to partner effectively with Privacy Law & Compliance.
  • Practical experience translating legal requirements into technical or operational controls in partnership with information security, privacy, or data platform teams.
  • Demonstrated ability to translate complex regulatory requirements into pragmatic, business-aligned guidance.
  • Strong drafting, analytical, and stakeholder management skills, with the ability to operate independently in a fast-moving, cross-functional environment.
  • Sound judgment and discretion in handling novel, ambiguous, and high-visibility issues.

Nice To Haves

  • CIPP (e.g., CIPP/US, CIPP/E), CIPM, IAPP AIGP, and/or CIPT certification preferred.
  • Prior experience in the pharmaceutical, biotechnology, healthcare, or life sciences industry.
  • Familiarity with GxP data integrity, clinical and real world data, and FDA, EMA, or PMDA inspection support.
  • Experience advising on AI governance, including training data provenance, secondary use, and model lifecycle controls.
  • Exposure to enterprise data platforms and to attestation regimes including SOC 2, ISO 27001, ISO 27701, and ISO 42001.
  • Experience supporting third-party and vendor data risk reviews and contracting.
  • Comfort working alongside external advisors on enterprise program initiatives.
  • Engagement with industry working groups, standards bodies, or responsible data and AI forums.
  • Comfort using AI-enabled tools to enhance legal workflows and efficiency.

Responsibilities

  • Provide legal counsel on enterprise data governance initiatives across the data lifecycle, including classification, access, use, sharing, retention, and disposition.
  • Partner with cross-functional stakeholders to advance the data governance operating model, accountability framework, and supporting governance forums.
  • Draft foundational data governance policies and standards, including Data Classification, Acceptable Use & Handling, Records & Retention, Data Residency & Cross-Border Transfer, Third-Party Data Handling, Privilege Handling, Trade Secret Protection, and crown jewel data protection.
  • Collaborate with AI Governance counsel colleagues on responsible AI standards, and secondary use and reuse frameworks so that data flowing into AI pipelines is lawful, and contractually permitted.
  • Partner with Privacy Law & Compliance on personal data and privacy matters, ensuring data governance policies, classification taxonomy, and controls align with and support the enterprise privacy program rather than duplicate it; coordinate with Privacy on intersecting topics such as personal data classification and linkage, cross-border transfers, automated decision-making, and data subject rights.
  • Advise on non-privacy domain-specific obligations across clinical and real world data, GxP data integrity, commercial data, financial data (including MNPI and SOX), and HR and employee data, partnering with Privacy Law & Compliance where personal data is implicated.
  • Track and interpret global data and AI laws and standards (e.g., EU AI Act, ISO/IEC 27001, 27701, 42001, SOC 2) and translate them into actionable policies, playbooks, and training materials, drawing on Privacy Law & Compliance for privacy-specific regulatory interpretation.
  • Partner with external advisors as needed on policy design, taxonomy, and operating model rollout, and review deliverables for legal soundness and fit to BMS.
  • Work with BI&T Information Security so that data controls, including classification tags, linkage rules, and AI access controls, are enforceable in enterprise systems and produce defensible evidence.
  • Review and negotiate data-related contractual provisions with vendors, partners, and third-party data providers, including data use, residency, downstream restrictions, and audit rights, coordinating with Privacy Law & Compliance on personal data terms and working with technology contracting team on relevant contract templates.
  • Help design and deliver data governance training for legal, compliance, and business audiences.
  • Maintain clear documentation to support audit readiness, regulatory inquiries, and governance maturity assessments.

Benefits

  • Health Coverage: Medical, pharmacy, dental, and vision care.
  • Wellbeing Support: Programs such as BMS Well-Being Account, BMS Living Life Better, and Employee Assistance Programs (EAP).
  • Financial Well-being and Protection: 401(k) plan, short- and long-term disability, life insurance, accident insurance, supplemental health insurance, business travel protection, personal liability protection, identity theft benefit, legal support, and survivor support.
  • Work-life benefits include: Paid Time Off US Exempt Employees: flexible time off (unlimited, with manager approval, 11 paid national holidays (not applicable to employees in Phoenix, AZ, Puerto Rico or Rayzebio employees) Phoenix, AZ, Puerto Rico and Rayzebio Exempt, Non-Exempt, Hourly Employees: 160 hours annual paid vacation for new hires with manager approval, 11 national holidays, and 3 optional holidays Based on eligibility, additional time off for employees may include unlimited paid sick time, up to 2 paid volunteer days per year, summer hours flexibility, leaves of absence for medical, personal, parental, caregiver, bereavement, and military needs and an annual Global Shutdown between Christmas and New Years Day.
  • All global employees full and part-time who are actively employed at and paid directly by BMS at the end of the calendar year are eligible to take advantage of the Global Shutdown.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Senior

Education Level

Ph.D. or professional degree

© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service