Sr. Manager, Information Protection

ROLE SUMMARY

Our Global Cybersecurity Governance, Risk, and Compliance team provides comprehensive blueprints for cybersecurity excellence by embedding governance, risk management, and compliance into every layer. The team is responsible for ensuring risk-based decision-making is used and that security, privacy, and regulatory compliance is integrated seamlessly with Pfizer’s organization.

We are seeking an experienced Senior Manager, Data Protection to serve in a strategic leadership role within the Cyber GRC organization, responsible for establishing, governing, and operationalizing Pfizer’s enterprise data protection program across a global footprint spanning the United States, Europe, and Asia. This role ensures that sensitive data is identified, classified, protected, and governed in alignment with regional and global privacy regulations, internal security policies, and enterprise risk management expectations.

The Senior Manager, Data Protection provides global oversight of data protection governance, policy, risk assessment, and control assurance across structured and unstructured data environments. Working across regions and time zones, this role partners closely with Privacy, Legal, Compliance, Digital, Infrastructure, and Business stakeholders to embed consistent information protection requirements into technology platforms, business processes, and enterprise risk decisions. Through scalable governance, measurable controls, and clear accountability, this role enables risk‑based decisions and protects sensitive, regulated data worldwide.

ROLE RESPONSIBILITIES

• Define, maintain, and evolve Pfizer’s enterprise information protection policies, standards, control objectives, and oversight mechanisms, ensuring consistent application across the United States, Europe, and Asia.

• Lead the Cyber GRC information protection program across regions, ensuring risks related to sensitive, regulated, and critical data are identified, assessed, prioritized, and tracked in alignment with regional and global requirements.

• Establish and oversee information protection control requirements aligned to global and regional privacy regulations (e.g., GDPR, and applicable APAC regulations), internal security policies, and enterprise risk tolerance.

• Partner with Privacy, Legal, Compliance, Digital, Infrastructure, and business teams across the US, Europe, and Asia to embed information protection requirements into technology platforms, solutions, and business processes.

• Drive information protection control assurance activities globally, including control design reviews, operating effectiveness assessments, issue management, and remediation tracking.

• Define and report global and regional information protection risk metrics, enabling leadership visibility into enterprise-wide risk posture.

• Support regulatory inquiries, audits, and assessments across jurisdictions by providing information protection governance evidence and risk posture insights.

• Lead, coach, and mentor a globally distributed team of information protection and GRC professionals, fostering a strong culture of collaboration and continuous improvement.

• Influence enterprise initiatives by providing risk-based assessments of new technologies, digital transformation, and data-driven business models across regions.

BASIC QUALIFICATIONS

• Bachelor’s degree in information security, Information Technology, Cybersecurity, or related field.

• 7+ years of experience in information security, risk, compliance, information protection, or related disciplines.

• Demonstrated experience operating within regulated industries, with an understanding of regulatory expectations, audit requirements, and compliance obligations related to information protection, security controls, and risk management.

• Practical knowledge of information protection concepts and controls, including data classification/labeling, access governance principles, secure data handling, audit evidence, and incident coordination.

• Deep understanding of global data protection/privacy regulations (e.g., CCPA, GDPR, NIS2, etc.) and their application within large enterprises.

• Excellent verbal and written communication skills, with the ability to clearly articulate complex technical and risk‑based concepts to a wide range of audiences.

• Strong analytical, strategic thinking, and problem‑solving skills, with demonstrated ability to assess risk posture.

• Proficiency with GRC platforms and data governance or risk reporting tools (e.g., Archer, Purview, or similar).

PREFERRED QUALIFICATIONS

• Professional certifications in privacy, data protection, or information security, (e.g., Certified Information Privacy Manager (CIPM), Certified Information Privacy Professional (CIPP/E or equivalent), or an academic equivalent).

• Excellent strategic thinking.

• Deeply analytical and credible.

• Fact-based decision-making.

• Deep understanding of data security objectives, governance models, and risk management considerations for complex enterprises operating in regulated industries.

• Experience supporting enterprise data classification, data lifecycle, or information governance programs.

• Strong executive communication and presentation skills.

• Experience leading globally distributed teams or matrixed resources.

NON-STANDARD WORK SCHEDULE, TRAVEL OR ENVIRONMENT REQUIREMENTS

• Travel as required by the business (less than 5% domestic and/or international)

Please apply by sending your CV in English.

Work Location Assignment: Hybrid