Director, Information Protection Management

BeOne continues to grow at a rapid pace with challenging and exciting opportunities for experienced professionals. When considering candidates, we look for scientific and business professionals who are highly motivated, collaborative, and most importantly, share our passionate interest in fighting cancer.General Description:The Director, Information Protection Management is a global strategic leadership role responsible for designing, implementing, and spearhead the strategy and framework that secures the organization’s most critical data assets. In this role, you will build a resilient data security ecosystem that spans data loss prevention (DLP), encryption standards, and data assurance that empower our workforce to seamlessly and safely innovate and move beyond traditional compliance checklists to build a dynamic, data-centric program that adapts to AI adoption, cloud-first collaboration, and a global environment. This role is also a bridge between technology, security, and business velocity, ensuring our data remains our greatest asset.This role will lead a global team for Data Loss Prevention (DLP), Insider Risk Management, and participate as a core member within the Data Governance and Information Governance Committees.Essential Functions of the Job: Strategy & GovernanceProgram Leadership: Define and execute the roadmap for the Information Protection program, aligning security initiatives with business objectives and regulatory requirements (e.g., SOX, GDPR, CSL/MLPS/DSL/PIPL, EO14117)Policy Development: Author, collaborate, maintain policies regarding data security, data classification, handling, retention, and destruction ensuring policies are practical and enforceableData Governance & Classification: Participate as core member to lead the effort to discover, classify, and tag unstructured and structured data across on-premise, cloud, and third-party environmentsData SecurityEncryption & Cryptography: Define and enforce enterprise standards for data encryption (at-rest, in-transit, and in-use) and Key Management (KMS/HSM)Technical Controls: Oversee the implementation of advanced data security techniques, including tokenization and data masking controls for sensitive/regulatory environmentsDatabase Security: Partner with Data Strategy team to implement database activity monitoring (DAM) and ensure robust access controls for structured data repositories (SQL, NoSQL, Data Lakes)Data Security Posture Management (DSPM): Lead the deployment of DSPM tools to automatically discover shadow data, identify misconfigurations, and map data lineage across cloud environmentsOperational ExecutionData Loss Prevention (DLP): Oversee the deployment and tuning of DLP technologies (Endpoint, Network, Email, and Cloud/CASB, etc.). Manage the workflow for incident triage and investigationInsider Risk Management: Collaborate with HR, Legal, and Compliance to establish an Insider Risk program that identifies and mitigates risks from malicious or negligent internal actorsCloud Data Security: Partner with Cloud Architecture teams to ensure information protection standards are applied to IaaS/PaaS/SaaS environments (e.g., AWS S3 buckets, Azure Blob Storage, Microsoft 365, Salesforce, etc.)Risk Management & ReportingMetrics & KPIs: Develop executive-level dashboards that demonstrate the effectiveness of the Information Protection program (e.g., risk reduction metrics, incident response times, coverage ratios)Audit Support: Serve as the primary point of contact for internal and external audits regarding data privacy and protection controlsVendor Risk: Assist in evaluating the data security posture of third-party vendors and partnersQualifications:Experience: 10+ years of experience in Information Security or Risk Management, with at least 4 years in a leadership role.Education: Bachelor’s degree in Computer Science, Information Systems, Business Administration, or a related field or equivalent and relevant experience and certificationsSubject Matter Expertise: Deep understanding of Data Loss Prevention (DLP) tools (e.g. Microsoft Purview, Netskope, structured and unstructured data) and Data Security, Data Governance, and Data Classification methodologies.Regulatory Knowledge: Strong familiarity with global privacy laws and frameworks (NIST CSF, ISO 27001, GDPR, CCPA, CSL/MLPS/DSL/PIPL, EO14117)Supervisory Responsibilities: YesGlobal CompetenciesWhen we exhibit our values of Patients First, Driving Excellence, Bold Ingenuity and Collaborative Spirit, through our twelve global competencies below, we help get more affordable medicines to more patients around the world.Fosters TeamworkProvides and Solicits Honest and Actionable FeedbackSelf-AwarenessActs InclusivelyDemonstrates InitiativeEntrepreneurial MindsetContinuous LearningEmbraces ChangeResults-OrientedAnalytical Thinking/Data AnalysisFinancial ExcellenceCommunicates with ClaritySalary Range: $170,400.00 - $230,400.00 annuallyBeOne is committed to fair and equitable compensa