Sr. Manager, Cyber Risk Management

Pfizer Pfizer · Pharma · Thessaloniki Chortiatis, Greece

Senior Manager of Cyber Risk Management responsible for assessing, enhancing, and operationalizing the enterprise cyber risk program. This role involves setting strategy, developing policies, leading a team, and partnering with cross-functional teams to ensure technology, data, and business processes meet internal control expectations, security requirements, and global regulatory obligations. The role requires a strong understanding of various regulatory frameworks and industry standards.

What you'd actually do

  1. Design, implement, and continuously enhance the enterprise cyber and digital risk management framework, associated policies, and risk assessment methodologies.
  2. Integrate cyber and digital risk management processes into enterprise risk management (ERM), governance structures, and strategic planning activities.
  3. Lead a high‑performing team that drives a strong risk culture aligned with regulatory expectations, industry standards, and internal controls.
  4. Partner with R&D, Manufacturing, Commercial, Digital, and Corporate business units to align cyber risk practices and ensure consistent risk identification, evaluation, and mitigation.
  5. Advise executives and stakeholders on cyber and IT risk posture, emerging risks, compliance obligations, and governance expectations.

Skills

Required

  • Bachelor’s degree in information security, Computer Science, Business, or related field.
  • 7+ years of experience in cybersecurity, enterprise risk management, cyber risk analysis or or a Master’s degree with 6+ years of experience in cybersecurity, enterprise risk management, cyber risk analysis, or GRC-related roles.
  • Proven ability to lead complex cyber risk programs involving multiple stakeholders, competing priorities, and cross-functional collaboration.
  • Strong understanding of Information Security principles and application.
  • CISSP, CISM or CRISC certification.
  • ICS/OT cybersecurity application in an enterprise setting.
  • Strong understanding of business contracts, cloud solutions, network and enterprise cybersecurity concepts, cyber assessment techniques, industry cybersecurity trends, risks and remediation techniques.
  • Strong understanding of Regulatory Risk Management and application of Cybersecurity Risk management principles including, but not limited to: HIPAA, CCPA, PCI, Cyber Insurance, China PIPL, Vietnam PDPD, NIS2, DOJ.
  • This role requires the individual to demonstrate experience as a Product/Service owner in an agile work environment possessing qualities such as a collaborative mindset, adaptability to change, and a proactive problem-solving approach.
  • Strong strategic thinking, analytical capability, and problem-solving skills, ability to translate technical risk insights into recommendations.
  • Demonstrated ability to prioritize risks and mitigation activities using a risk-based approach.
  • Excellent communication and interpersonal skills; ability to influence across levels and functions.
  • Proficiency in project management tools (e.g., Smartsheet, MS Project), data analysis platforms, and MS Office Suite.
  • Experience with GRC tools like Archer, or similar technologies.

Nice to have

  • Excellent strategic thinking.
  • Deeply analytical and credible.
  • Fact-based decision

What the JD emphasized

  • global regulatory obligations
  • Regulatory Risk Management
  • HIPAA
  • CCPA
  • PCI
  • Cyber Insurance
  • China PIPL
  • Vietnam PDPD
  • NIS2
  • DOJ