Principal, Cybersecurity & Controls

Johnson & Johnson's Information Security & Risk Management (ISRM) organization is recruiting for a Cybersecurity Manager based in Raritan, New Jersey. Candidates located near other J&J facilities in the US or Canada may also be considered.
Johnson & Johnson strives to deliver high quality products and services to improve access and affordability of healthcare to everyone, everywhere. We are the world's most comprehensive and broadly-based manufacturer of health care products across the Innovative Medicine and MedTech markets. Johnson & Johnson has been caring for the world one person at a time for over 125 years. The people of the Johnson & Johnson family of companies are inspired and united working with partners in healthcare touching the lives of over a billion people throughout the world. Johnson & Johnson embraces research and science bringing innovative ideas, products and services forward to advance the health and well-being of people everywhere.
Johnson & Johnson recognizes that information is a critical business asset and our ability to lead, control and protect this asset will have a direct and significant impact on our success as a business. In the world of growing cybersecurity risks, highly proficient Cybersecurity specialists with an established deep technical background in the corporate IT ecosystem are paramount in protecting J&J's information and information assets.
The Cybersecurity Manager will join a team with Cybersecurity responsibilities for our shared services Corporate and IT infrastructure organizations. The successful candidate will partner with Business and IT Owners from a variety of functional areas spread across the J&J Corporate Business Technology (CBT) and Technology Services (TS) portfolios. They will support secure design and engineering for new services and technologies as well as assume security ownership for a number of existing platforms and vendors.
Key Responsibilities:

• Serve as ISRM owner and cybersecurity point of contact for assigned portfolio of assets, ensuring appropriate security and controls are built into the tools, vendors, platforms, applications, and services by providing technical expertise, evaluation, assessment, and consultation.
• Collaborate with IT teams and business owners to craft solutions that mitigate risk.
• Evaluate and ensure resolution of technically sophisticated security issues, internal control issues, critical incidents and/or crisis resolution management.
• Maintain up to date and accurate security posture by proactively assessing and documenting impact of regulatory and other security and internal control changes as well as advising management on associated implications.
• Proactively addresses partner expectations at the manager level and above, providing technical expertise on efficient approaches and balances internal controls, information security requirements, compliance, and project/business requirements.
• Support internal and external SOX and/or other audits as needed.

Qualifications

• Undergraduate degree Computer Science, Technology or related required. Advanced degrees preferred.
• 8+ years of dynamic experience in Security, Technology or other relevant subject area.
• Experience in identifying key security risks, and security controls, and providing guidance to partners throughout the application implementation process.
• Superb communication and collaboration skills, with ability to translate sophisticated technical security risks to non-technical audiences.
• Firm grasp of current security threats, mitigation measures, and security vendors/technologies.
• Experience working in fast-paced environments.
• Previous experience developing effective and strong partnerships is required.

Preferred:

• Solid understanding of databases, database activity monitoring, data analytics platforms, intelligent automation and/or additional related data science infrastructure components a plus (technologies such as Snowflake, Teradata, Tableau, Denodo)
• Experience with SOX or GxP compliance controls, auditing and/or testing.
• Understanding of global Privacy regulations such as GDPR.
• Security certifications such as CISSP, CCSP, ISSAP, CISM, CISA etc.
• Prior experience with Pharmaceutical or other regulated environment.

Other:

• Travel requirements for this role will be minimal.

Expected Base Salary: $99,000 - $170,000
Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.
For more information on how we support the whole health of our employees throughout their wellness, career and life journey, please visit www.careers.jnj.com.]