Working with Us Challenging. Meaningful. Life-changing. Those aren’t words that are usually associated with a job. But working at Bristol Myers Squibb is anything but usual. Here, uniquely interesting work happens every day, in every department. From optimizing a production line to the latest breakthroughs in cell therapy, this is work that transforms the lives of patients, and the careers of those who do it. You’ll get the chance to grow and thrive through opportunities uncommon in scale and scope, alongside high-achieving teams. Take your career farther than you thought possible.
Bristol Myers Squibb recognizes the importance of balance and flexibility in our work environment. We offer a wide variety of competitive benefits, services and programs that provide our employees with the resources to pursue their goals, both at work and in their personal lives. Read more: careers.bms.com/working-with-us.
The Cyber Resiliency Manager for the manufacturing site is responsible for protecting and strengthening the resilience of site-specific IT and OT systems that support pharmaceutical production. This role ensures that the site can anticipate, withstand, respond to, and recover quickly from cyber incidents without compromising product quality, patient safety, or regulatory compliance. The manager acts as the site focal point for cyber risk management, incident response, and recovery planning, working closely with both site IT leadership and cybersecurity functions. This role is critical to ensuring uninterrupted pharmaceutical production and protecting patient safety in an increasingly complex threat environment.
Major Responsibilities and Accountabilities: Cyber Risk Resiliency Strategy & Governance
• Develop and execute a site-level cyber resiliency program, aligned with BMS policies and standards.
• Identify and assess cyber risks across IT, OT, automation, and manufacturing execution systems (MES, SCADA, PLCs, Laboratory Instruments).
• Define and validate site-specific recovery time objectives (RTOs) and recovery point objectives (RPOs) for critical digital systems.
• Maintain and report site cyber resiliency KPIs and KRIs to site leadership and the enterprise cybersecurity function on a regular cadence.
• Align with the Site General Manager, Quality, and EHS functions on resiliency priorities and risk tolerance.
Incident Response & Recovery
• Lead or co-lead the site cyber incident response process, coordinating with the CFC, IT, and OT teams.
• Oversee and test disaster recovery (DR) and backup strategies for site systems (e.g., MES, LIMS, ERP, automation).
• Support cyber crisis simulations, ransomware drills, and tabletop exercises with site leadership and operators.
• Ensure lessons learned from incidents are embedded into site resiliency practices.
Operational Technology (OT) & Manufacturing Systems Resilience
• Partner with Engineering and Automation to secure ICS/OT environments, including patching, network segmentation, and secure remote access.
• Ensure redundancy and contingency measures for critical control systems and data flows.
• Collaborate with vendors and system integrators to strengthen the resilience of third-party technology supporting production.
Compliance & Regulatory Readiness
• Ensure cybersecurity controls comply with GxP requirements and 21 CFR Part 11 as applicable to digital manufacturing systems.
• Support FDA, EMA, and other regulatory audit readiness, providing evidence of cyber resiliency controls and incident response capability.
• Collaborate with Quality and Validation teams on computer system validation (CSV/CSA) activities that intersect with cybersecurity.
• Maintain documentation and records to support regulatory inspections and internal audits.
Awareness & Training
• Deliver cyber resiliency awareness training for site employees, with tailored sessions for operators, engineers, and leadership.
• Act as the resilience advocate at the site, embedding cyber recovery readiness into daily operations.
Qualifications Minimum Requirements
• Minimum education of a bachelor’s degree in Cybersecurity, Computer Science, Engineering, or a related field is required.
• Minimum of five (5) years of experience in cybersecurity, OT security, or cyber resiliency, with at least three (3) years in a manufacturing or critical infrastructure setting is required.
• Strong understanding of OT/ICS environments, pharmaceutical manufacturing systems, and automation technologies.
• Demonstrated experience operating within a GxP-regulated environment (required).
• Familiarity with regulatory frameworks and expectations for cybersecurity in pharma (FDA, EMA).
• Familiarity with NIST CSF, IEC 62443 frameworks.
• Understanding of the Purdue Model or ISA/IEC OT network architecture.
• Hands-on experience with pharma manufacturing systems such as MES, LIMS, and ERP platforms (e.g., SAP).
• Strong stakeholder management and communication skills; ability to influence site leadership and cross-functional teams without direct authority.
• Experience developing and presenting risk reports, KPIs, and executive summaries.
Preferred Qualifications
• GICSP (Global Industrial Cyber Security Professional) – highly relevant to OT/ICS context
• CISSP, CISM, or CRISC
• ISA/IEC 62443 certifications or ICS-CERT training
#LI-Hybrid If you come across a role that intrigues you but doesn’t perfectly line up with your resume, we encourage you to apply anyway. You could be one step away from work that will transform your life and career.
Compensation Overview:
Bothell - WA - US: $125,480 - $152,049
The starting compensation range(s) for this role are listed above for a full-time employee (FTE) basis. Additional incentive cash and stock opportunities (based on eligibility) may be available. The starting pay rate takes into account characteristics of the job, such as required skills, where the job is performed, the employee’s work schedule, job-related knowledge, and experience. Final, individual compensation will be decided based on demonstrated experience.
Eligibility for specific benefits listed on our careers site may vary based on the job and location. For more on benefits, please visit https://careers.bms.com/life-at-bms/.
Benefit offerings are subject to the terms and conditions of the applicable plans in effect at the time and may require enrollment. Our benefits include:
• Health Coverage: Medical, pharmacy, dental, and vision care.
• Wellbeing Support: Programs such as BMS Well-Being Account, BMS Living Life Better, and Employee Assistance Programs (EAP).
• Financial Well-being and Protection: 401(k) plan, short- and long-term disability, life insurance, accident insurance, supplemental health insurance, business travel protection, personal liability protection, identity theft benefit, legal support, and survivor support.
Work-life benefits include: Paid Time Off
• US Exempt Employees: flexible time off (unlimited, with manager approval, 11 paid national holidays (not applicable to employees in Phoenix, AZ, Puerto Rico or Rayzebio employees)
• Phoenix, AZ, Puerto Rico and Rayzebio Exempt, Non-Exempt, Hourly Employees: 160 hours annual paid vacation for new hires with manager approval, 11 national holidays, and 3 optional holidays
Based on eligibility*, additional time off for employees may include unlimited paid sick time, up to 2 paid volunteer days per year, summer hours flexibility, leaves of absence for medical, personal, parental, caregiver, bereavement, and military needs and an annual Global Shutdown between Christmas and New Years Day.
All global employees full and part-time who are actively employed at and paid directly by BMS at the end of the calendar year are eligible to take advantage of the Global Shutdown.
*Eligibility Disclosure: The summer hours program is for United States (U.S.) office-based employees due to the unique nature of their work. Summer hours are generally not available for field sales and manufacturing operations and may also be limited for the capability centers. Employees in remote-by-design or lab-based roles may be eligible for summer hours, depending on the nature of their work, and should discuss eligibility with their manager. Employees covered under a collective bargaining agreement should consult that document to determine if they are eligible. Contractors, leased workers and other service providers are not eligible to participate in the program.
Uniquely Interesting Work, Life-changing Careers With a single vision as inspiring as “Transforming patients’ lives through science™ ”, every BMS employee plays an integral role in work that goes far beyond ordinary. Each of us is empowered to apply our individual talents and unique perspectives in a supportive culture, promoting global participation in clinical trials, while our shared values of passion, innovation, urgency, accountability, inclusion and integrity bring out the highest potential of each of our colleagues.
On-site Protocol BMS has an occupancy structure that determines where an employee is required to conduct their work. This structure includes site-essential, site-by-design, field-based and remote-by-design jobs. The occupancy type that you are assigned is determined by the nature and responsibilities of your role:
Site-essential roles require 100% of shifts onsite at your assigned facility. Site-by-design roles may be eligible for a hybrid work model with at least 50% onsite at your assigned facility. For these roles, onsite presence is considered an essential job function and is critical to collaboration, innovation, productivity, and a positive Company culture. For field-based and remote-by-design roles the ability to physically travel to visit customers, patients or business partners and to attend meetings on behalf of BMS as directed is an essential job function.
Supporting People with Disabilities BMS is dedicated to ensuring that people with disabilities can excel through a transparent recruitment process, reasonable workplace accommodations/adjustments and ongoing support in their roles. Applicants can request a reasonable workplace accommodation/adjustment prior to accepting a job offer. If you require reasonable accommodations/adjustments in completing this application, or in any part of the recruitment process, direct your inquiries to adastaffingsupport@bms.com. Visit careers.bms.com/eeo-accessibility to access our complete Equal Employment Opportunity statement.
Candidate Rights BMS will consider for employment qualified applicants with arrest and conviction records, pursuant to applicable laws in your area.
If you live in or expect to work from Los Angeles County if hired for this position, please visit this page for important additional information: https://careers.bms.com/california-residents/
Data Protection We will never request payments, financial information, or social security numbers during our application or recruitment process. Learn more about protecting yourself at https://careers.bms.com/fraud-protection.
Any data processed in connection with role applications will be treated in accordance with applicable data privacy policies and regulations.
If you believe that the job posting is missing information required by local law or incorrect in any way, please contact BMS at TAEnablement@bms.com. Please provide the Job Title and Requisition number so we can review. Communications related to your application should not be sent to this email and you will not receive a response. Inquiries related to the status of your application should be directed to Chat with Ripley.
R1604425 : Cyber Resiliency Manager