ROLE SUMMARY
Our Global Cyber Defense team is responsible for safeguarding Pfizer’s digital assets and infrastructure through proactive threat detection, response, and risk mitigation across on-premises, cloud and hybrid environments.
We are seeking a Senior Manager, Data Protection Engineering, to lead and evolve our data protection capabilities within the Cyber Defense organization. This role is critical to safeguarding sensitive scientific, clinical, patient, and business data across Pfizer’s global enterprise.
The role will lead a team of highly skilled engineers and work closely with Cyber Defense, Privacy, Legal, Compliance, R&D, Infrastructure, and Cloud Services partners to design, implement, and operate scalable data protection solutions aligned to regulatory requirements and business priorities.
ROLE RESPONSIBILITIES
Data Protection Strategy & Architecture
- Lead the definition of enterprise data protection strategy, reference architectures, and control frameworks, including DLP, data discovery and classification, and encryption requirements.
- Establish and maintain data protection standards, guardrails, and design patterns that guide implementation across endpoints, cloud platforms, applications, and collaboration tools.
- Define policy and control requirements for encryption, key management, and secrets management in partnership with Cloud, Infrastructure, and Identity teams, ensuring alignment with data protection objectives.
Engineering Oversight & Technology Enablement
- Oversee the implementation, configuration, and lifecycle governance of data protection technologies such as DLP, data classification, and data discovery solutions.
- Provide architectural guidance and design review for data protection integrations within platforms, applications, and business solutions.
- Influence tooling decisions through risk‑based requirements, not operational ownership of underlying cloud or infrastructure services.
Security‑by‑Design & Platform Integration
- Embed security‑by‑design principles for data protection into the application and platform lifecycle, including requirements for data handling, classification, retention, and policy enforcement.
- Partner with Digital, Cloud Services, Infrastructure, and IT teams to ensure data protection controls are designed into platforms, not bolted on post‑deployment.
Incident Support & Risk Management
- Partner with Security Operations and Incident Response teams to support detection, investigation, and response to data protection incidents and policy violations.
- Ensure data protection capabilities align with enterprise risk management frameworks, internal security standards, and audit expectations.
Regulatory & Cross‑Functional Partnership
- Collaborate with Privacy, Legal, Compliance, and Cyber Defense teams to ensure data protection controls support global regulatory and industry requirements (e.g., GDPR, HIPAA, SOX, GxP).
- Translate regulatory and privacy requirements into clear, implementable data protection controls and guidance.
Metrics, Reporting, & Continuous Improvement
- Define and report metrics that demonstrate data protection effectiveness, risk trends, and maturity improvement to Cyber Defense and senior leadership.
- Use insights to drive continuous improvement of data protection capabilities and operating models.
People Leadership
- Lead, mentor, and develop a team of engineers and analysts focused on data protection engineering and architectural enablement.
- Establish clear role boundaries between data protection control ownership and platform operational ownership to enable scale and clarity.
BASIC QUALIFICATIONS
- Bachelor’s degree in Information Security, Computer Science, Engineering, or a related field, or equivalent experience.
- Strong experience in cybersecurity or data protection–related roles, with responsibility for enterprise‑scale data protection controls.
- Demonstrated experience designing, implementing, and operating data loss prevention (DLP) controls across endpoints, email, cloud platforms, and collaboration tools.
- Strong technical experience with data classification, labeling, and policy‑based enforcement across structured and unstructured data.
- Hands‑on experience implementing and managing encryption technologies (data at rest and in transit), key management, and secure data handling controls.
- Experience integrating data protection controls into cloud platforms, SaaS applications, and enterprise collaboration environments.
- Experience operating security controls in large, complex, and regulated enterprise environments.
- Proven ability to collaborate across engineering, digital, and operations teams to deliver practical and effective data protection outcomes.
- Demonstrated experience in an agile work environment possessing qualities such as a collaborative mindset, adaptability to change, and a proactive problem-solving approach.
PREFERRED QUALIFICATIONS
- Familiarity with cybersecurity frameworks, regulatory requirements, and risk management practices relevant to pharmaceutical or life sciences organizations.
- Professional certifications such as CISSP, CISM, CCSP, or data protection–focused certifications.
- Prior leadership experience managing or mentoring data protection engineers or security engineering teams.
- Strong understanding of data lifecycle management, including data creation, access, sharing, retention, and secure disposal.
- Strong analytical and communication skills, with the ability to clearly articulate data protection risks and design decisions to senior stakeholders.
- undefined
PHYSICAL/MENTAL REQUIREMENTS
- No special physical requirements.
- Applicants should be capable of working through a personal laptop computer or mobile device for extended periods.
Work Location Assignment: Hybrid (some office presence is required)
Purpose
Breakthroughs that change patients' lives... At Pfizer we are a patient centric company, guided by our four values: courage, joy, equity and excellence. Our breakthrough culture lends itself to our dedication to transforming millions of lives.
Digital Transformation Strategy
One bold way we are achieving our purpose is through our company wide digital transformation strategy. We are leading the way in adopting new data, modelling and automated solutions to further digitize and accelerate drug discovery and development with the aim of enhancing health outcomes and the patient experience.
Flexibility
We aim to create a trusting, flexible workplace culture which encourages employees to achieve work life harmony, attracts talent and enables everyone to be their best working self. Let’s start the conversation!
Equal Employment Opportunity
We believe that a diverse and inclusive workforce is crucial to building a successful business. As an employer, Pfizer is committed to celebrating this, in all its forms – allowing for us to be as diverse as the patients and communities we serve. Together, we continue to build a culture that encourages, supports and empowers our employees.
DisAbility Confident
We are proud to be a Disability Confident Employer and we encourage you to put your best self forward with the knowledge and trust that we will make any reasonable adjustments necessary to support your application and future career. Our mission is unleashing the power of our people, especially those with unique superpowers. Your journey with Pfizer starts here!
Information & Business Tech