Job Description

Working with Us
Challenging. Meaningful. Life-changing. Those aren't words that are usually associated with a job. But working at Bristol Myers Squibb is anything but usual. Here, uniquely interesting work happens every day, in every department. From optimizing a production line to the latest breakthroughs in cell therapy, this is work that transforms the lives of patients, and the careers of those who do it. You'll get the chance to grow and thrive through opportunities uncommon in scale and scope, alongside high-achieving teams. Take your career farther than you thought possible.
Bristol Myers Squibb recognizes the importance of balance and flexibility in our work environment. We offer a wide variety of competitive benefits, services and programs that provide our employees with the resources to pursue their goals, both at work and in their personal lives. Read more: .
Data Analyst I , IT Risk Operations

At Bristol Myers Squibb, we are inspired by a single vision - transforming patients' lives through science. In oncology, haematology, immunology, and cardiovascular disease - and one of the most diverse and promising pipelines in the industry - each of our passionate colleagues contribute to innovations that drive meaningful change. We bring a human touch to every treatment we pioneer. Join us and make a difference.
Position Summary
The IT Risk Strategy and Operations team focuses on simplifying risk operations, enhancing efficiency and effectiveness, and embedding a culture of continuous improvement within the IT Risk organization. This team also manages various exception processes related to risk reduction, acceptance, and remediation activities in partnership with other cyber and infrastructure teams. This team owns and manages various risk reporting, metrics and score cards that provide visibility into risk posture across different business units.
The IT Risk Data Analyst works closely with IT risk towers in supporting risk reduction, reporting and other operational activities. The analyst is responsible for managing issues and policy exceptions related to Vulnerability deferrals, patch opt-outs, End-of-Life (EOL) assets, USB write access etc. They will also be providing support to the IT Risk Operations lead on ad hoc projects, participating in ServiceNow GRC enhancements and related user acceptance testing.
Key Responsibilities

• Participate in developing key risk indicators, provide inputs to the development of key control indicators, and key performance indicators for various programs
• participate and support quantified risk assessments and understand the value of qualitative data for improvements to quality and engineering processes
• Prepare and communicate operational metrics and trend analysis for the IT Risk Leadership Team
• Manage data uploads for various dashboards and generate reports using Microsoft Excel, Microsoft Power BI etc.
• Manage and publish monthly risk metrics on PowerBI
• Manage, track and report on Policy Exception requests for accuracy and completeness in ServiceNow GRC
• Understand relevant data collection, data cleaning, and data analysis techniques
• Provide data visualization to decision-makers to reduce uncertainty
• Input, track, manage and report on Cyber Issues in ServiceNow GRC and ensure issues are tracked to completion within agreed upon timelines
• Engage and partner with other Cyber Engineering teams when needed to identify areas of risk associated to deferred vulnerabilities without appropriate business justifications
• Author and own knowledge articles, runbooks related to IT Risk Operations and related to GRC where applicable to be used by our stakeholders
• Work with IT and business stakeholders to provide security guidance and promote a positive security mindset
• Identify new opportunities for improvement to processes and automation opportunities
• Utilize information security risk expertise to develop loss event scenarios across operating companies, business units, projects, and products
• Interpret internal or external cyber security risk analyses in business terms and recommend a responsible course of action

Qualifications & Experience

• 1-3 years of information technology industry experience
• Experience with leveraging tools for data analytics (e.g. SQL, python), visualization (e.g. Tableau, PowerBI) to conduct analysis and produce dashboards
• Experience with AWS Redshift, PostgreSQL, Microsoft BI Publisher, Microsoft Excel and Office suite
• Hands-on with SQL, data modelling, Microsoft PowerBI Publisher, Microsoft Excel and Office suite and at least one programming language (e.g., Python)
• Familiarity with NIST Cyber Risk Management Framework, common vulnerabilities and attack vectors are considered a plus
• Strong written and oral communication skills
• Collaborates and works with stakeholders to fulfil requests.
• Explains own work clearly and explains any independent judgement well.
• Demonstrates openness to learning and developing. Takes responsibility for their own development and growth.
• Understands the team's performance and how their work may impact the team goal.
• Collects and reviews data sources and tries to apply potential recommendations. Able to compile data in reviewing for data integrity/audits.
• Perform exploratory data analysis (EDA) to identify patterns and anomalies within data and propose data-driven solutions.
• Monitor and identify opportunities to improve the effectiveness of risk management processes

Nice to Have:

• Design, develop, and deploy data-driven solutions focused on risk analytics and anomaly detection.
• Familiarity with Data Science Concepts including statistical analysis, machine learning algorithms, and predictive modelling techniques to uncover insights and develop robust risk models.

Core value skills - must-have

• Inclusivity
• Attention to detail
• Broad knowledge of how to operate the management of risk as a part of regular workflow
• Autonomously drives work delivery (bias to action)
• Strong communication (technical, status/blockers, cross-functional)

• Cross-functional Collaboration

If you come across a role that intrigues you but doesn't perfectly line up with your resume, we encourage you to apply anyway. You could be one step away from work that will transform your life and career.
Uniquely Interesting Work, Life-changing Careers
With a single vision as inspiring as "Transforming patients' lives through science(TM) ", every BMS employee plays an integral role in work that goes far beyond ordinary. Each of us is empowered to apply our individual talents and unique perspectives in a supportive culture, promoting global participation in clinical trials, while our shared values of passion, innovation, urgency, accountability, inclusion and integrity bring out the highest potential of each of our colleagues.
On-site Protocol
BMS has an occupancy structure that determines where an employee is required to conduct their work. This structure includes site-essential, site-by-design, field-based and remote-by-design jobs. The occupancy type that you are assigned is determined by the nature and responsibilities of your role:
Site-essential roles require 100% of shifts onsite at your assigned facility. Site-by-design roles may be eligible for a hybrid work model with at least 50% onsite at your assigned facility. For these roles, onsite presence is considered an essential job function and is critical to collaboration, innovation, productivity, and a positive Company culture. For field-based and remote-by-design roles the ability to physically travel to visit customers, patients or business partners and to attend meetings on behalf of BMS as directed is an essential job function.
Supporting People with Disabilities
BMS is dedicated to ensuring that people with disabilities can excel through a transparent recruitment process, reasonable workplace accommodations/adjustments and ongoing support in their roles. Applicants can request a reasonable workplace accommodation/adjustment prior to accepting a job offer. If you require reasonable accommodations/adjustments in completing this application, or in any part of the recruitment process, direct your inquiries to . Visit to access our complete Equal Employment Opportunity statement.
Candidate Rights
BMS will consider for employment qualified applicants with arrest and conviction records, pursuant to applicable laws in your area.
If you live in or expect to work from Los Angeles County if hired for this position, please visit this page for important additional information:
Data Protection
We will never request payments, financial information, or social security numbers during our application or recruitment process. Learn more about protecting yourself at .
Any data processed in connection with role applications will be treated in accordance with applicable data privacy policies and regulations.

Skills Required