Overview
Senior Counsel, Data Governance, Law & Compliance Jobs in Princeton, USA at Bristol-Myers Squibb
Working With Us
Working at Bristol Myers Squibb is anything but ordinary. Uniquely interesting work happens every day, from optimizing a production line to breakthroughs in cell therapy. These projects transform patients’ lives and the careers of those who do the work. We encourage growth through opportunities uncommon in scale and scope, alongside high-achieving teams. We value balance and flexibility, offering competitive benefits, services, and programs that support both professional and personal goals.
Position
Summary
The Senior Counsel, Data Governance, Law & Compliance provides legal and compliance leadership for enterprise data governance initiatives. Based in the AI, Data and Privacy Law & Compliance department, this role partners closely with Business Insights and Technology to advance the data governance framework across R&D, Commercial, Medical, Manufacturing, and other functions. The Senior Counsel translates global data and AI requirements into practical policies, controls, and guardrails that support responsible data use and AI adoption within our highly regulated life‑sciences environment.
Key Responsibilities
- Provide legal counsel on enterprise data governance initiatives across the data lifecycle, including classification, access, use, sharing, retention, and disposition.
- Partner with cross‑functional stakeholders to advance the data governance operating model, accountability framework, and supporting governance forums.
- Draft foundational data governance policies and standards, such as Data Classification, Acceptable Use & Handling, Records & Retention, Data Residency & Cross‑Border Transfer, Third‑Party Data Handling, Privilege Handling, Trade Secret Protection, and crown jewel data protection.
- Collaborate with AI Governance counsel to develop responsible AI standards and secondary use and reuse frameworks so that data flowing into AI pipelines is lawful and contractually permitted.
- Partner with Privacy Law & Compliance on personal data and privacy matters, ensuring alignment between data governance and the enterprise privacy program.
- Advise on non‑privacy domain‑specific obligations across clinical and real‑world data, GxP data integrity, commercial data, financial data (including MNPI and SOX), and HR and employee data.
- Track and interpret global data and AI laws and standards (e.g., EU AI Act, ISO/IEC 27001, 27701, 42001, SOC
2) and translate them into actionable policies, playbooks, and training materials. - Partner with external advisors on policy design, taxonomy, and operating model rollout, reviewing deliverables for legal soundness.
- Work with BI&T Information Security to ensure data controls are enforceable in enterprise systems and produce defensible evidence.
- Review and negotiate data‑related contractual provisions with vendors, partners, and third‑party data providers.
- Help design and deliver data governance training for legal, compliance, and business audiences.
- Maintain clear documentation to support audit readiness, regulatory inquiries, and governance maturity assessments.
Qualifications
- JD (or equivalent legal degree) and active bar membership in at least one U.S. jurisdiction.
- 7‑10 years of combined legal experience at a top law firm or in‑house.
- Minimum 2 years of substantive experience in data governance or information law, including direct experience building or implementing a data governance program.
- Working command of data governance frameworks, records management, cross‑border transfer, export control, trade secret protection, and AI and data regulatory frameworks.
- Familiarity with global privacy law (HIPAA, GDPR, U.S. state regimes).
- Practical experience translating legal requirements into technical or operational controls in partnership with information security, privacy, or data platform teams.
- Demonstrated ability to translate complex regulatory requirements into pragmatic, business‑aligned guidance.
- Strong drafting, analytical, and stakeholder management skills.
- Sound judgment and discretion in handling novel, ambiguous, and high‑visibility issues.
Preferred Skills
- Certification such as CIPP (US/EU), CIPM, IAPP AIGP, or CIPT.
- Experience in the pharmaceutical,…
Title: Senior Counsel, Data Governance, Law & Compliance
Company: Bristol-Myers Squibb
Location: Princeton, USA
Category: