Sr. Manager, Information Protection

ROLE SUMMARY

Our Global Cybersecurity Governance Risk and Compliance team provides comprehensive blueprints for cybersecurity excellence by embedding governance risk management and compliance into every layer. The team is responsible for ensuring risk-based decision-making is used and that security privacy and regulatory compliance is integrated seamlessly with Pfizers organization.

We are seeking an experienced Senior Manager Data Protection to serve in a strategic leadership role within the Cyber GRC organization responsible for establishing governing and operationalizing Pfizers enterprise data protection program across a global footprint spanning the United States Europe and Asia. This role ensures that sensitive data is identified classified protected and governed in alignment with regional and global privacy regulations internal security policies and enterprise risk management expectations.

The Senior Manager Data Protection provides global oversight of data protection governance policy risk assessment and control assurance across structured and unstructured data environments. Working across regions and time zones this role partners closely with Privacy Legal Compliance Digital Infrastructure and Business stakeholders to embed consistent information protection requirements into technology platforms business processes and enterprise risk decisions. Through scalable governance measurable controls and clear accountability this role enables riskbased decisions and protects sensitive regulated data worldwide.

ROLE RESPONSIBILITIES

• Define maintain and evolve Pfizers enterprise information protection policies standards control objectives and oversight mechanisms ensuring consistent application across the United States Europe and Asia.

• Lead the Cyber GRC information protection program across regions ensuring risks related to sensitive regulated and critical data are identified assessed prioritized and tracked in alignment with regional and global requirements.

• Establish and oversee information protection control requirements aligned to global and regional privacy regulations (e.g. GDPR and applicable APAC regulations) internal security policies and enterprise risk tolerance.

• Partner with Privacy Legal Compliance Digital Infrastructure and business teams across the US Europe and Asia to embed information protection requirements into technology platforms solutions and business processes.

• Drive information protection control assurance activities globally including control design reviews operating effectiveness assessments issue management and remediation tracking.

• Define and report global and regional information protection risk metrics enabling leadership visibility into enterprise-wide risk posture.

• Support regulatory inquiries audits and assessments across jurisdictions by providing information protection governance evidence and risk posture insights.

• Lead coach and mentor a globally distributed team of information protection and GRC professionals fostering a strong culture of collaboration and continuous improvement.

• Influence enterprise initiatives by providing risk-based assessments of new technologies digital transformation and data-driven business models across regions.

BASIC QUALIFICATIONS

• Bachelors degree in information security Information Technology Cybersecurity or related field.

• 7 years of experience in information security risk compliance information protection or related disciplines.

• Demonstrated experience operating within regulated industries with an understanding of regulatory expectations audit requirements and compliance obligations related to information protection security controls and risk management.

• Practical knowledge of information protection concepts and controls including data classification/labeling access governance principles secure data handling audit evidence and incident coordination.

• Deep understanding of global data protection/privacy regulations (e.g. CCPA GDPR NIS2 etc.) and their application within large enterprises.

• Excellent verbal and written communication skills with the ability to clearly articulate complex technical and riskbased concepts to a wide range of audiences.

• Strong analytical strategic thinking and problemsolving skills with demonstrated ability to assess risk posture.

• Proficiency with GRC platforms and data governance or risk reporting tools (e.g. Archer Purview or similar).

PREFERRED QUALIFICATIONS

• Professional certifications in privacy data protection or information security (e.g. Certified Information Privacy Manager (CIPM) Certified Information Privacy Professional (CIPP/E or equivalent) or an academic equivalent).

• Excellent strategic thinking.

• Deeply analytical and credible.

• Fact-based decision-making.

• Deep understanding of data security objectives governance models and risk management considerations for complex enterprises operating in regulated industries.

• Experience supporting enterprise data classification data lifecycle or information governance programs.

• Strong executive communication and presentation skills.

• Experience leading globally distributed teams or matrixed resources.

NON-STANDARD WORK SCHEDULE TRAVEL OR ENVIRONMENT REQUIREMENTS

• Travel as required by the business (less than 5% domestic and/or international)

Please apply by sending your CV in English.

Work Location Assignment:Hybrid