Sr. Manager, Cyber Risk Management

ROLE SUMMARY

Our Global Cybersecurity Governance Risk and Compliance team provides comprehensive blueprints for cybersecurity excellence by embedding governance risk management and compliance into every layer. The team is responsible for ensuring risk-based decision-making is used and that security privacy and regulatory compliance is integrated seamlessly with Pfizers organization.

We are seeking an experienced Senior Manager of Cyber Risk Management to support and lead critical components of the enterprise cyber risk program within the GRC organization. The ideal candidate will be responsible for assessing enhancing and operationalizing the companys cyber risk management framework to ensure that technology data and business processes meet internal control expectations security requirements and global regulatory obligations.

The Sr. Manager Cyber Risk Management is accountable for setting Cybersecurity Risk strategy for the enterprise operating environment is responsible for developing policies processes and procedures for cyber risk tolerance and remediation of both internal Pfizer teams and external parties and for leading and mentoring a team of analysts and managers to achieve Cyber Risk Management goals. The Sr. Manager will work with cross-functional teams both across the CISO organization as well as across the broader Pfizer Digital organization and various Pfizer business units to achieve shared goals developing and implementing strategy to drive outcomes in the areas of Cyber Risk assessments NIST CSF adherence risk identification regulatory compliance.

The Senior Manager Cyber Risk Management will provide strategic leadership in identifying analyzing and mitigating digital and cyber risks across the enterprise ensuring risks are properly quantified prioritized and addressed through effective controls and governance practices. This role collaborates closely with business units technology teams and senior stakeholders to drive risk transparency improve riskbased decision making and embed cybersecurity considerations into enterprise operations. The Senior Manager Cyber Risk Management will leverage industry frameworks datadriven insights and governance mechanisms to safeguard the organizations resilience protect critical assets and strengthen the overall cyber risk posture.

ROLE RESPONSIBILITIES

• Design implement and continuously enhance the enterprise cyber and digital risk management framework associated policies and risk assessment methodologies.

• Integrate cyber and digital risk management processes into enterprise risk management (ERM) governance structures and strategic planning activities.

• Lead a highperforming team that drives a strong risk culture aligned with regulatory expectations industry standards and internal controls.

• Partner with R&D Manufacturing Commercial Digital and Corporate business units to align cyber risk practices and ensure consistent risk identification evaluation and mitigation.

• Advise executives and stakeholders on cyber and IT risk posture emerging risks compliance obligations and governance expectations.

• Promote a culture of accountability and cyber risk awareness across business and technical stakeholders reinforcing ownership and informed decisionmaking.

• Provide strategic oversight of the cyber risk lifecycle including risk identification assessment scoring mitigation tracking issue management and continuous monitoring.

• Lead coach and mentor a geographically distributed team of cyber risk professionals to ensure operational excellence and consistent execution.

• Identify implement and optimize cyber risk management technologies and automation ensuring accuracy and completeness of risk data across systems of record.

• Define maintain and report on key risk metrics and dashboards (KRIs/KPIs) to monitor risk posture highlight emerging trends and inform senior leadership and governance committees.

BASIC QUALIFICATIONS

• Bachelors degree in information security Computer Science Business or related field.

• 7 years of experience in cybersecurity enterprise risk management cyber risk analysis or or a Masters degree with 6 years of experience in cybersecurity enterprise risk management cyber risk analysis or GRC-related roles.

• Proven ability to lead complex cyber risk programs involving multiple stakeholders competing priorities and cross-functional collaboration.

• Strong understanding of Information Security principles and application.

• CISSP CISM or CRISC certification.

• ICS/OT cybersecurity application in an enterprise setting.

• Strong understanding of business contracts cloud solutions network and enterprise cybersecurity concepts cyber assessment techniques industry cybersecurity trends risks and remediation techniques.

• Strong understanding of Regulatory Risk Management and application of Cybersecurity Risk management principles including but not limited to: HIPAA CCPA PCI Cyber Insurance China PIPL Vietnam PDPD NIS2 DOJ.

• This role requires the individual to demonstrate experience as a Product/Service owner in an agile work environment possessing qualities such as a collaborative mindset adaptability to change and a proactive problem-solving approach.

• Strong strategic thinking analytical capability and problem-solving skills ability to translate technical risk insights into recommendations.

• Demonstrated ability to prioritize risks and mitigation activities using a risk-based approach.

• Excellent communication and interpersonal skills; ability to influence across levels and functions.

• Proficiency in project management tools (e.g. Smartsheet MS Project) data analysis platforms and MS Office Suite.

• Experience with GRC tools like Archer or similar technologies.

PREFERRED QUALIFICATIONS

• Excellent strategic thinking.

• Deeply analytical and credible.

• Fact-based decision-making.

• Ability to challenge influence and support senior leadership.

• Excellent communication and presentation skills.

• Ability to bring structure to vaguely defined problems and solve them with creative yet pragmatic approaches.

• Resourceful self-motivated and proactive strong drive for excellence.

NON-STANDARD WORK SCHEDULE TRAVEL OR ENVIRONMENT REQUIREMENTS

• Travel as required by the business (less than 5% domestic and/or international)

Please apply by sending your CV in English.

Work Location Assignment:Hybrid