Sr. Manager, Cyber Risk Management

ROLE SUMMARY

Our Global Cybersecurity Governance, Risk, and Compliance team provides comprehensive blueprints for cybersecurity excellence by embedding governance, risk management, and compliance into every layer. The team is responsible for ensuring risk-based decision-making is used and that security, privacy, and regulatory compliance is integrated seamlessly with Pfizer’s organization.

We are seeking an experienced Senior Manager of Cyber Risk Management to support and lead critical components of the enterprise cyber risk program within the GRC organization. The ideal candidate will be responsible for assessing, enhancing, and operationalizing the company’s cyber risk management framework to ensure that technology, data, and business processes meet internal control expectations, security requirements, and global regulatory obligations.

The Sr. Manager, Cyber Risk Management is accountable for setting Cybersecurity Risk strategy for the enterprise operating environment, is responsible for developing policies, processes and procedures for cyber risk tolerance and remediation of both internal Pfizer teams and external parties, and for leading and mentoring a team of analysts and managers to achieve Cyber Risk Management goals. The Sr. Manager will work with cross-functional teams both across the CISO organization as well as across the broader Pfizer Digital organization and various Pfizer business units to achieve shared goals, developing and implementing strategy to drive outcomes in the areas of Cyber Risk assessments, NIST CSF adherence, risk identification, regulatory compliance. 

The Senior Manager, Cyber Risk Management will provide strategic leadership in identifying, analyzing, and mitigating digital and cyber risks across the enterprise, ensuring risks are properly quantified, prioritized, and addressed through effective controls and governance practices. This role collaborates closely with business units, technology teams, and senior stakeholders to drive risk transparency, improve risk‑based decision making, and embed cybersecurity considerations into enterprise operations. The Senior Manager, Cyber Risk Management will leverage industry frameworks, data‑driven insights, and governance mechanisms to safeguard the organization’s resilience, protect critical assets, and strengthen the overall cyber risk posture.

ROLE RESPONSIBILITIES

• Design, implement, and continuously enhance the enterprise cyber and digital risk management framework, associated policies, and risk assessment methodologies.

• Integrate cyber and digital risk management processes into enterprise risk management (ERM), governance structures, and strategic planning activities.

• Lead a high‑performing team that drives a strong risk culture aligned with regulatory expectations, industry standards, and internal controls.

• Partner with R&D, Manufacturing, Commercial, Digital, and Corporate business units to align cyber risk practices and ensure consistent risk identification, evaluation, and mitigation.

• Advise executives and stakeholders on cyber and IT risk posture, emerging risks, compliance obligations, and governance expectations.

• Promote a culture of accountability and cyber risk awareness across business and technical stakeholders, reinforcing ownership and informed decision‑making.

• Provide strategic oversight of the cyber risk lifecycle, including risk identification, assessment, scoring, mitigation tracking, issue management, and continuous monitoring.

• Lead, coach, and mentor a geographically distributed team of cyber risk professionals to ensure operational excellence and consistent execution.

• Identify, implement, and optimize cyber risk management technologies and automation, ensuring accuracy and completeness of risk data across systems of record.

• Define, maintain, and report on key risk metrics and dashboards (KRIs/KPIs) to monitor risk posture, highlight emerging trends, and inform senior leadership and governance committees.

BASIC QUALIFICATIONS

• Bachelor’s degree in information security, Computer Science, Business, or related field.

• 7+ years of experience in cybersecurity, enterprise risk management, cyber risk analysis or or a Master’s degree with 6+ years of experience in cybersecurity, enterprise risk management, cyber risk analysis, or GRC-related roles.

• Proven ability to lead complex cyber risk programs involving multiple stakeholders, competing priorities, and cross-functional collaboration.

• Strong understanding of Information Security principles and application.

• CISSP, CISM or CRISC certification.

• ICS/OT cybersecurity application in an enterprise setting.

• Strong understanding of business contracts, cloud solutions, network and enterprise cybersecurity concepts, cyber assessment techniques, industry cybersecurity trends, risks and remediation techniques.

• Strong understanding of Regulatory Risk Management and application of Cybersecurity Risk management principles including, but not limited to: HIPAA, CCPA, PCI, Cyber Insurance, China PIPL, Vietnam PDPD, NIS2, DOJ.

• This role requires the individual to demonstrate experience as a Product/Service owner in an agile work environment possessing qualities such as a collaborative mindset, adaptability to change, and a proactive problem-solving approach.

• Strong strategic thinking, analytical capability, and problem-solving skills, ability to translate technical risk insights into recommendations.

• Demonstrated ability to prioritize risks and mitigation activities using a risk-based approach.

• Excellent communication and interpersonal skills; ability to influence across levels and functions.

• Proficiency in project management tools (e.g., Smartsheet, MS Project), data analysis platforms, and MS Office Suite.

• Experience with GRC tools like Archer, or similar technologies.

PREFERRED QUALIFICATIONS

• Excellent strategic thinking.

• Deeply analytical and credible.

• Fact-based decision-making.

• Ability to challenge, influence, and support senior leadership.

• Excellent communication and presentation skills.

• Ability to bring structure to vaguely defined problems and solve them with creative yet pragmatic approaches.

• Resourceful, self-motivated, and proactive – strong drive for excellence.

NON-STANDARD WORK SCHEDULE, TRAVEL OR ENVIRONMENT REQUIREMENTS

• Travel as required by the business (less than 5% domestic and/or international)

Please apply by sending your CV in English.

Work Location Assignment: Hybrid