At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at https: //www.jnj.com

Job Function:

Technology Enterprise Strategy & Security

Job Sub Function:

Security & Controls

Job Category:

People Leader

All Job Posting Locations:

US160 NJ Raritan - 1003 US Highway 202 N

Job Description:

Johnson & Johnson is recruiting for a Senior Manager, Cyber Risk Management to join the Information Security & Risk Management (ISRM) team. This role may be based at J& J locations in the United States with the Raritan, NJ location preferred.

Are you ready to use your technical knowledge to change the trajectory of health for humanity? We have a position for you!

Caring for the world, one person at a time has inspired and united the people of Johnson & Johnson for over 130 years. We embrace research and science -- bringing innovative ideas, products, and services to advance the health and well-being of people.

At Johnson & Johnson, we believe good health is the foundation of vibrant lives, thriving communities and forward progress. That’s why for more than 130 years, we have aimed to keep people well at every age and every stage of life. Today, as the world’s largest and most broadly-based healthcare company, we are committed to using our reach and size for good. We strive to improve access and affordability, create healthier communities, and put a healthy mind, body and environment within reach of everyone, everywhere. Every day, our more than 130, 000 employees across the world are blending heart, science and ingenuity to profoundly change the trajectory of health for humanity.

Thriving on a diverse company culture, celebrating the uniqueness of our employees, and committed to inclusion. Proud to be an equal opportunity employer!

As a member of the ISRM integrated Risk Management team, you will own the cybersecurity risk management framework, including definition and governance of security risk management processes for the identification, management, and reporting of cyber risks. You will also support the Enterprise Risk Management initiative, providing both cyber and strategic input to help shape various aspects of the program. In this role, you will work with multiple senior security team members as well as senior Information Technology leaders.

Key Responsibilities:

• Lead the company’s cybersecurity risk management strategy and develop an effective risk management framework.
• Implement an integrated approach to risk management by collaborating with the cybersecurity team and the Enterprise Risk Management team.
• Communicate cybersecurity risks to senior leaders and provide input on remediation plans.
• Enhance cyber risk management processes and evaluate proposed security issue remediation plans.
• Define metrics for issues and policy exceptions, including trend analysis and reporting.
• Offer consulting support to the security team on risk understanding and remediation.
• Drive the Governance, Risk and Compliance (GRC) tool strategy and collaborate on release plans.
• Lead and develop the team, ensuring ongoing learning and support special projects as needed.

Qualifications

Education:

• A bachelor’s degree in Computer Science, Engineering or Information Security/Cybersecurity or equivalent degree is required.
• An advanced degree is preferred.

Experience and Skills:

Required:

• 8+ years of Information Security/IT Risk Management experience with growing responsibilities.
• 4+ years of direct cybersecurity risk management experience, including application of risk management concepts and standards and managing and/or using a GRC tool to support security risk objectives.
• Demonstrated proficiency in information security, cybersecurity controls and industry frameworks, and both traditional and emerging cyber threats.
• Demonstrable record of effectively collaborating with virtual, global teams, including diverse groups of people with varied backgrounds and cultural experiences.
• Strong analytical and results-oriented problem-solving skills.
• Strong interpersonal skills to build and maintain relationships with internal stakeholders.
• Experience at a large multinational organization.

Preferred:

• Experience with security standards (e.g. ISO27001, NIST, etc.).
• Certifications in cybersecurity (CISM, CISSP), audit (CISA), or risk management (CRISC).

Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.

Johnson and Johnson is committed to providing an interview process that is inclusive of our applicants’ needs. If you are an individual with a disability and would like to request an accommodation, please email the Employee Health Support Center (ra-employeehealthsup@its.jnj.com) or contact AskGS to be directed to your accommodation resource.

The anticipated base pay range for this position is:

The anticipated base pay range for this position is $120, 000.00 - $207, 000.00

Additional Description for Pay Transparency:

The Company maintains highly competitive, performance-based compensation programs. Under current guidelines, this position is eligible for an annual performance bonus in accordance with the terms of the applicable plan. The annual performance bonus is a cash bonus intended to provide an incentive to achieve annual targeted results by rewarding for individual and the corporation’s performance over a calendar/performance year. Bonuses are awarded at the Company’s discretion on an individual basis. Employees and/or eligible dependents may be eligible to participate in the following Company sponsored employee benefit programs: medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance. Employees may be eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)). Employees are eligible for the following time off benefits: Vacation – up to 120 hours per calendar year Sick time - up to 40 hours per calendar year; for employees who reside in the State of Washington – up to 56 hours per calendar year Holiday pay, including Floating Holidays – up to 13 days per calendar year of Work, Personal and Family Time - up to 40 hours per calendar year Additional information can be found through the link below. http: //www.careers.jnj.com/employee-benefits