Risk analyst I

Working with Us
Challenging. Meaningful. Life-changing. Those aren't words that are usually associated with a job. But working at Bristol Myers Squibb is anything but usual. Here, uniquely interesting work happens every day, in every department. From optimizing a production line to the latest breakthroughs in cell therapy, this is work that transforms the lives of patients, and the careers of those who do it. You'll get the chance to grow and thrive through opportunities uncommon in scale and scope, alongside high-achieving teams. Take your career farther than you thought possible.

Bristol Myers Squibb recognizes the importance of balance and flexibility in our work environment. We offer a wide variety of competitive benefits, services and programs that provide our employees with the resources to pursue their goals, both at work and in their personal lives. Read more:

If you're seeking a meaningful and dynamic career with a diverse and passionate team, we encourage you to explore opportunities with us

Key Responsibilities

• The Risk Analyst I, IT Risk Operations will work in a team environment to plan and execute dynamic cyber, privacy and third-party risk assessments and identify value-added recommendations to strengthen Company processes and controls.

 
• Work collaboratively with Business, IT and Cybersecurity teams to execute risk assessments covering technical, organizational, and privacy controls.

 
• Participate in planning activities to identify significant risks and design appropriate risk-based assessment procedures for processes, systems, infrastructure, and cloud environments based on regulations, business criticality and cyber threat landscape.

 
• Lead meetings involving various levels of management to effectively communicate assessment status and recommendations, manage relationships, and help build partnership.

• Prepare assessment documentation to ensure they are clear, concise, high quality, and include details to support the conclusion of effectiveness of the implemented controls.

• Prepare assessment summaries and clearly written, concise control attestations that effectively communicate any identified issues and their related value add corrective actions.

 
• Collaborate within the team or outside the team when working on broader or complex topics in understanding environment.

Qualifications & Experience

• 1 to 2 years of prior Cybersecurity/ Risk management / IT audit and/or IT related experience (e.g., Business Analysis, Project Management, Operations, Privacy and Compliance).

• Familiarity of the NIST Cyber Risk Management Framework and NIST controls library.

• Familiarity with various data privacy regulations around the world.

• Experience in assessing system pre/post implementations, cybersecurity, data privacy, digital transformation, and other emerging technologies.

 
• Experience with a GRC tool.

 
• Identifies key influencers and builds a network of internal/external relationships. Persuades and negotiate effectively with peers and customers on own work outcomes.

• Identifies opportunities to improve and grow, balancing performance feedback and career development.

 
• Applies a continuous improvement mindset in enhancing efficiency, quality and effectiveness or their work outputs.

 
• Displays understanding of performance metrics for driving the team's goals and questions the external environment and its' implication on the goals and strategies.

 
• Able to review multiple factors of data and can effectively organize information to compare and assess short and long-term implications. Can create a well-developed recommendation and sound actions.

If you come across a role that intrigues you but doesn't perfectly line up with your resume, we encourage you to apply anyway. You could be one step away from work that will transform your life and career.

Uniquely Interesting Work, Life-changing Careers
With a single vision as inspiring as "Transforming patients' lives through science ", every BMS employee plays an integral role in work that goes far beyond ordinary. Each of us is empowered to apply our individual talents and unique perspectives in a supportive culture, promoting global participation in clinical trials, while our shared values of passion, innovation, urgency, accountability, inclusion and integrity bring out the highest potential of each of our colleagues.

On-site Protocol

BMS has an occupancy structure that determines where an employee is required to conduct their work. This structure includes site-essential, site-by-design, field-based and remote-by-design jobs. The occupancy type that you are assigned is determined by the nature and responsibilities of your role:

Site-essential roles require 100% of shifts onsite at your assigned facility. Site-by-design roles may be eligible for a hybrid work model with at least 50% onsite at your assigned facility. For these roles, onsite presence is considered an essential job function and is critical to collaboration, innovation, productivity, and a positive Company culture. For field-based and remote-by-design roles the ability to physically travel to visit customers, patients or business partners and to attend meetings on behalf of BMS as directed is an essential job function.

BMS is dedicated to ensuring that people with disabilities can excel through a transparent recruitment process, reasonable workplace accommodations/adjustments and ongoing support in their roles. Applicants can request a reasonable workplace accommodation/adjustment prior to accepting a job offer. If you require reasonable accommodations/adjustments in completing this application, or in any part of the recruitment process, direct your inquiries to Visit to access our complete Equal Employment Opportunity statement.

BMS cares about your well-being and the well-being of our staff, customers, patients, and communities. As a result, the Company strongly recommends that all employees be fully vaccinated for Covid-19 and keep up to date with Covid-19 boosters.

BMS will consider for employment qualified applicants with arrest and conviction records, pursuant to applicable laws in your area.

If you live in or expect to work from Los Angeles County if hired for this position, please visit this page for important additional information: 

Any data processed in connection with role applications will be treated in accordance with applicable data privacy policies and regulations.