ROLE SUMMARY
Our Global Cyber Defense team is responsible for safeguarding Pfizer’s digital assets and infrastructure through proactive threat detection, response, and risk mitigation across on-premises, cloud and hybrid environments.
We are seeking a Senior Manager, Data Protection Engineering, to lead and evolve our data protection capabilities within the Cyber Defense organization. This role is critical to safeguarding sensitive scientific, clinical, patient, and business data across Pfizer’s global enterprise.
The role will lead a team of highly skilled engineers and work closely with Cyber Defense, Privacy, Legal, Compliance, R&D, Infrastructure, and Cloud Services partners to design, implement, and operate scalable data protection solutions aligned to regulatory requirements and business priorities.
ROLE RESPONSIBILITIES
Data Protection Strategy & Architecture
* Lead the definition of enterprise data protection strategy, reference architectures, and control frameworks, including DLP, data discovery and classification, and encryption requirements.
* Establish and maintain data protection standards, guardrails, and design patterns that guide implementation across endpoints, cloud platforms, applications, and collaboration tools.
* Define policy and control requirements for encryption, key management, and secrets management in partnership with Cloud, Infrastructure, and Identity teams, ensuring alignment with data protection objectives.
Engineering Oversight & Technology Enablement
* Oversee the implementation, configuration, and lifecycle governance of data protection technologies such as DLP, data classification, and data discovery solutions.
* Provide architectural guidance and design review for data protection integrations within platforms, applications, and business solutions.
* Influence tooling decisions through risk‑based requirements, not operational ownership of underlying cloud or infrastructure services.
Security‑by‑Design & Platform Integration
* Embed security‑by‑design principles for data protection into the application and platform lifecycle, including requirements for data handling, classification, retention, and policy enforcement.
* Partner with Digital, Cloud Services, Infrastructure, and IT teams to ensure data protection controls are designed into platforms, not bolted on post‑deployment.
Incident Support & Risk Management
* Partner with Security Operations and Incident Response teams to support detection, investigation, and response to data protection incidents and policy violations.
* Ensure data protection capabilities align with enterprise risk management frameworks, internal security standards, and audit expectations.
Regulatory & Cross‑Functional Partnership
* Collaborate with Privacy, Legal, Compliance, and Cyber Defense teams to ensure data protection controls support global regulatory and industry requirements (e.g., GDPR, HIPAA, SOX, GxP).
* Translate regulatory and privacy requirements into clear, implementable data protection controls and guidance.
Metrics, Reporting, & Continuous Improvement
* Define and report metrics that demonstrate data protection effectiveness, risk trends, and maturity improvement to Cyber Defense and senior leadership.
* Use insights to drive continuous improvement of data protection capabilities and operating models.
People Leadership
* Lead, mentor, and develop a team of engineers and analysts focused on data protection engineering and architectural enablement.
* Establish clear role boundaries between data protection control ownership and platform operational ownership to enable scale and clarity.
BASIC QUALIFICATIONS
* Bachelor’s degree in Information Security, Computer Science, Engineering, or a related field, or equivalent experience.
* Strong experience in cybersecurity or data protection–related roles, with responsibility for enterprise‑scale data protection controls.
* Demonstrated experience designing, implementing, and operating data loss prevention (DLP) controls across endpoints, email, cloud platforms, and collaboration tools.
* Strong technical experience with data classification, labeling, and policy‑based enforcement across structured and unstructured data.
* Hands‑on experience implementing and managing encryption technologies (data at rest and in transit), key management, and secure data handling controls.
* Experience integrating data protection controls into cloud platforms, SaaS applications, and enterprise collaboration environments.
* Experience operating security controls in large, complex, and regulated enterprise environments.
* Proven ability to collaborate across engineering, digital, and operations teams to deliver practical and effective data protection outcomes.
* Demonstrated experience in an agile work environment possessing qualities such as a collaborative mindset, adaptability to change, and a proactive problem‑solving approach.
PREFERRED QUALIFICATIONS
* Familiarity with cybersecurity frameworks, regulatory requirements, and risk management practices relevant to pharmaceutical or life sciences organizations.
* Professional certifications such as CISSP, CISM, CCSP, or data protection–focused certifications.
* Prior leadership experience managing or mentoring data protection engineers or security engineering teams.
* Strong understanding of data lifecycle management, including data creation, access, sharing, retention, and secure disposal.
* Strong analytical and communication skills, with the ability to clearly articulate data protection risks and design decisions to senior stakeholders.
Equal Employment Opportunity: We believe that a diverse and inclusive workforce is crucial to building a successful business. As an employer, Pfizer iscommitted to celebratingthis,in all itsforms – allowing for us to be as diverse as the patients and communities we serve. Together, we continue to build a culture that encourages, supports and empowers our employees.
#J-18808-Ljbffr