• Senior Manager, Cyber Risk Assessment

    J&J Family of Companies (Raritan, NJ)


    At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at https://www.jnj.com

    Job Function:

    Technology Enterprise Strategy & Security

    Job Sub** **Function:

    Security & Controls

    Job Category:

    People Leader

    All Job Posting Locations:

    Raritan, New Jersey, United States of America

    Job Description:

    Johnson & Johnson is recruiting for a Senior Manager, Cyber Risk Assessment to join the Information Security & Risk Management (ISRM) team. This role will be based in Raritan, NJ.

     

    Are you ready to use your technical knowledge to change the trajectory of health for humanity? We have a position for you!

     

    Caring for the world, one person at a time inspired and united the people of Johnson & Johnson for over 130 years. We embrace research and science -- bringing innovative ideas, products, and services to advance the health and well-being of people.

     

    At Johnson & Johnson, we believe good health is the foundation of vibrant lives, thriving communities and forward progress. That’s why for more than 130 years, we have aimed to keep people well at every age and every stage of life. Today, as the world’s largest and most broadly-based healthcare company, we are committed to using our reach and size for good. We strive to improve access and affordability, create healthier communities, and put a healthy mind, body and environment within reach of everyone, everywhere. Every day, our more than 130,000 employees across the world are blending heart, science and ingenuity to profoundly change the trajectory of health for humanity.

     

    Thriving on a diverse company culture, celebrating the uniqueness of our employees, and committed to inclusion. Proud to be an equal opportunity employer!

     

    As an integral member of the ISRM Risk Assessment Center of Excellence team, you will own the identification and assessment of cyber risks within hosted solutions (e.g. SaaS) as well as mobile and web applications. In this role, you will work with multiple senior security team members as well as senior Information Technology leaders.

    Key Responsibilities:

    + Drive critical initiatives and lead a team of technical cyber risk assessment professionals.

    + Lead the company’s cybersecurity risk assessment strategy for hosted solutions (e.g. SaaS) as well as mobile and web applications.

    + Perform and lead application assessments, design reviews, risk rankings, and collaboration on remediation strategies as needed.

    + Implement a coordinated approach to risk assessment by collaborating with the risk management and cybersecurity teams.

    + Communicate cybersecurity risk assessment results to senior leaders and provide input on remediation plans.

    + Enhance cyber risk assessment processes and define metrics including KPIs, trend analysis, and reporting.

    + Offer consulting support to the larger cybersecurity team on risk assessment understanding and remediation.

    + Lead and develop the team, ensuring ongoing learning and support special projects as needed.

    Qualifications

    Education:

    + A bachelor’s degree in Computer Science, Engineering or Information Security/Cybersecurity or equivalent degree is required.

    + An advanced degree is preferred.

    + Security certifications such as CRISC, CISSP, CCSP, CSSLP, ISSAP, CISM, etc. are preferred.

    Experience and Skills:

    Required:

    + 8+ years of Information Security/IT risk assessment/management experience with growing responsibilities.

    + 5+ years of direct cybersecurity risk assessment/management experience, including application of risk assessment/management concepts and internal controls and running and/or using a GRC tool to support security risk objectives.

    + Proficiency in conducting and leading application-level risk assessments, including data classification, risk scoring, and mitigation planning.

    + Ability to translate technical findings into business impact for key partners.

    + Strong analytical and problem-solving skills.

    + Strong interpersonal skills to build and maintain relationships with internal partners.

    Preferred:

    + Foundational knowledge of regulatory requirements (e.g., SOX404, Privacy, HIPAA, GxP, cyber regulations) is preferred.

    + Experience securing SaaS platforms, working in a multi-cloud environment.

    + Understanding of secure software development life cycle (SSDLC), threat modeling, and vulnerability management.

    + Experience in identifying key security risks, security controls, and providing consulting services to customers throughout the application implementation process.

    + Experience with security standards and control frameworks (e.g. FAIR, ISO27001, NIST, SOC 2, OWASP Top 10, CSA STAR, etc.).

    + Demonstrable record of effectively collaborating with virtual, global teams, including diverse groups of people with varied backgrounds and cultural experiences.

    + Experience at a large multinational organization.

    The anticipated base pay range for this position is :

    $120,000-$207,000

    Additional Description for Pay Transparency:

    The Company maintains highly competitive, performance-based compensation programs. Under current guidelines, this position is eligible for an annual performance bonus in accordance with the terms of the applicable plan. The annual performance bonus is a cash bonus intended to provide an incentive to achieve annual targeted results by rewarding for individual and the corporation’s performance over a calendar/performance year. Bonuses are awarded at the Company’s discretion on an individual basis. Employees and/or eligible dependents may be eligible to participate in the following Company sponsored employee benefit programs: medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance. Employees may be eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)). Employees are eligible for the following time off benefits: Vacation – up to 120 hours per calendar year Sick time - up to 40 hours per calendar year; for employees who reside in the State of Washington – up to 56 hours per calendar year Holiday pay, including Floating Holidays – up to 13 days per calendar year of Work, Personal and Family Time - up to 40 hours per calendar year Additional information can be found through the link below. http://www.careers.jnj.com/employee-benefits The compensation and benefits information set forth in this posting applies to candidates hired in the United States. Candidates hired outside the United States will be eligible for compensation and benefits in accordance with their local market.