United States onlyBeOne continues to grow at a rapid pace with challenging and exciting opportunities for experienced professionals. When considering candidates, we look for scientific and business professionals who are highly motivated, collaborative, and most importantly, share our passionate interest in fighting cancer.
General Description:
The Director, Information Protection Management is a global strategic leadership role responsible for designing, implementing, and spearhead the strategy and framework that secures the organization’s most critical data assets. In this role, you will build a resilient data security ecosystem that spans data loss prevention (DLP), encryption standards, and data assurance that empower our workforce to seamlessly and safely innovate and move beyond traditional compliance checklists to build a dynamic, data-centric program that adapts to AI adoption, cloud-first collaboration, and a global environment. This role is also a bridge between technology, security, and business velocity, ensuring our data remains our greatest asset.
This role will lead a global team for Data Loss Prevention (DLP), Insider Risk Management, and participate as a core member within the Data Governance and Information Governance Committees.
Essential Functions of the Job:
Strategy & Governance
- Program Leadership: Define and execute the roadmap for the Information Protection program, aligning security initiatives with business objectives and regulatory requirements (e.g., SOX, GDPR, CSL/MLPS/DSL/PIPL, EO14117)
- Policy Development: Author, collaborate, maintain policies regarding data security, data classification, handling, retention, and destruction ensuring policies are practical and enforceable
- Data Governance & Classification: Participate as core member to lead the effort to discover, classify, and tag unstructured and structured data across on-premise, cloud, and third-party environments
Data Security
- Encryption & Cryptography: Define and enforce enterprise standards for data encryption (at-rest, in-transit, and in-use) and Key Management (KMS/HSM)
- Technical Controls: Oversee the implementation of advanced data security techniques, including tokenization and data masking controls for sensitive/regulatory environments
- Database Security: Partner with Data Strategy team to implement database activity monitoring (DAM) and ensure robust access controls for structured data repositories (SQL, NoSQL, Data Lakes)
- Data Security Posture Management (DSPM): Lead the deployment of DSPM tools to automatically discover shadow data, identify misconfigurations, and map data lineage across cloud environments
Operational Execution
- Data Loss Prevention (DLP): Oversee the deployment and tuning of DLP technologies (Endpoint, Network, Email, and Cloud/CASB, etc.). Manage the workflow for incident triage and investigation
- Insider Risk Management: Collaborate with HR, Legal, and Compliance to establish an Insider Risk program that identifies and mitigates risks from malicious or negligent internal actors
- Cloud Data Security: Partner with Cloud Architecture teams to ensure information protection standards are applied to IaaS/PaaS/SaaS environments (e.g., AWS S3 buckets, Azure Blob Storage, Microsoft 365, Salesforce, etc.)
Risk Management & Reporting
- Metrics & KPIs: Develop executive-level dashboards that demonstrate the effectiveness of the Information Protection program (e.g., risk reduction metrics, incident response times, coverage ratios)
- Audit Support: Serve as the primary point of contact for internal and external audits regarding data privacy and protection controls
- Vendor Risk: Assist in evaluating the data security posture of third-party vendors and partners
Qualifications:
- Experience: 10+ years of experience in Information Security or Risk Management, with at least 4 years in a leadership role.
- Education: Bachelor’s degree in Computer Science, Information Systems, Business Administration, or a related field or equivalent and relevant experience and certifications
- Subject Matter Expertise: Deep understanding of Data Loss Prevention (DLP) tools (e.g. Microsoft Purview, Netskope, structured and unstructured data) and Data Security, Data Governance, and Data Classification methodologies.
- Regulatory Knowledge: Strong familiarity with global privacy laws and frameworks (NIST CSF, ISO 27001, GDPR, CCPA, CSL/MLPS/DSL/PIPL, EO14117)
Supervisory Responsibilities:
- Yes
Global Competencies
When we exhibit our values of Patients First, Driving Excellence, Bold Ingenuity and Collaborative Spirit, through our twelve global competencies below, we help get more affordable medicines to more patients around the world.
- Fosters Teamwork
- Provides and Solicits Honest and Actionable Feedback
- Self-Awareness
- Acts Inclusively
- Demonstrates Initiative
- Entrepreneurial Mindset
- Continuous Learning
- Embraces Change
- Results-Oriented
- Analytical Thinking/Data Analysis
- Financial Excellence
- Communicates with Clarity
BeOne is committed to fair and equitable compensation practices. Actual compensation packages are determined by several factors that are unique to each candidate, including but not limited to job-related skills, depth of experience, certifications, relevant education or training, and specific work location. Packages may vary by location due to differences in the cost of labor. The recruiter can share more about the specific salary range for a preferred location during the hiring process. Please note that the listed range reflects the base salary or hourly range only. Non-Commercial roles are eligible to participate in the annual bonus plan, and Commercial roles are eligible to participate in an incentive compensation plan. All Company employees have the opportunity to own shares of BeOne Medicines Ltd. stock because all employees are eligible for discretionary equity awards and to voluntarily participate in the Employee Stock Purchase Plan. The Company has a comprehensive benefits package that includes Medical, Dental, Vision, 401(k), FSA/HSA, Life Insurance, Paid Time Off, and Wellness.
We are proud to be an equal opportunity employer. BeOne does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, disability, national origin, veteran status or any other basis covered by appropriate law. All employment is decided on the basis of qualifications, merit, and business need. In order to ensure reasonable accommodation for individuals protected by Section 503 of the Rehabilitation Act of 1973, the Vietnam Era Veterans’ Readjustment Assistance Act of 1974, Title I of the Americans with Disabilities Act of 1990, and any other applicable federal, state or local laws, applicants who require reasonable accommodation in the job application process may contact accommodationsus@beonemed.com.
