The Senior Counsel, Cybersecurity, will support and provide legal advice for compliance with existing and emerging cybersecurity-related privacy and data security matters to relevant business functions within the Johnson & Johnson organization. The position will be responsible for global cross-team collaboration, including coordination with business clients such as IT and Information Security Risk Management, among others. This role can be based in New Brunswick, NJ or Washington, DC.
Caring for the world, one person at a time, inspires and unites the people of Johnson & Johnson. We embrace research and science – bringing innovative ideas, products and services to advance the health and well-being of people. Employees of the Johnson & Johnson Family of Companies work with partners in health care to touch the lives of over a billion people every day, throughout the world. We have more than 260 operating companies in more than 60 countries, with more than 135,000 employees. Our worldwide headquarters is located in New Brunswick, New Jersey, USA.
- Legal support on cybersecurity-related matters to Johnson & Johnson Technology and the Information Security and Risk Management group. This role will also support other business and functional stakeholders on legal aspects of cyber risks and controls, including assessing and escalating legal risks under relevant cybersecurity regulations and standards, providing guidance on industry practices, and coordinating with related functional groups and colleagues, such as Global Privacy, Corporate Internal Audit, and other legal practice groups.
- Collaborating with J&J Technology colleagues on the development and maintenance of enterprise policies and procedures to ensure that adequate technical and administrative controls are implemented in conformance with applicable cybersecurity and privacy laws and regulations, including issues of security incidents, hacking, geofencing, data localization, cookies deployment.
- Working with cross-functional teams to develop and/or enhance compliant business strategies, including creative and novel proposals and arrangements that support our patient- and healthcare centric objectives in challenging and rapidly evolving or undefined legal environment.
- Supporting and collaborating with contract functions, like procurement and Law Department attorneys on complex transactions across J&J’s global enterprise by providing guidance on cybersecurity laws and regulations, J&J’s established policies and position(s), and implications for cybersecurity and privacy data safeguards/controls, including training and assisting with creation and updates of contract templates.
- Maintaining up-to-date knowledge of cybersecurity and related data security and privacy laws and standards, monitor governmental policy developments, legal enforcement trends, and industry practice trends.
• A Juris Doctorate or equivalent is required
• Must be a licensed attorney in good standing in at least one US state or another jurisdiction
• A minimum of 7 years’ experience with technology industry, health industry, and general cyber security and privacy regulations (including, but not limited to, NIST, ISO, SEC Cybersecurity Guidance, U.S. Department of Health and Human Services “Health Industry Cybersecurity Practices,” US HIPAA, HITECH, and EU GDPR).
• Familiarity with health care and/or technology regulations preferred.
• Knowledge of US and EU privacy rules and regulations and the interplay between those rules and regulations, data security and cybersecurity compliance best practices are required.
• Ability to draft, analyze, and interpret complex data privacy and cyber security proposals and arrangements, and to demonstrate attention to detail for advising for conformity to policies is required.
• Understanding of technical concepts and familiarity with innovative tools and resources that may impact cybersecurity, data protection, and privacy, such as controls within big data lakes, AI / machine learning, and IoT is preferred.
• Ability to communicate and discuss technical concepts at many levels, from IT professionals to those without a background in technology. Experience counseling clients on cybersecurity compliance and data security and privacy risk management. Ability to manage multiple tasks concurrently, continuously prioritize and reprioritize multiple competing critical actions and projects to ensure maximum value to the business.
• Ability to manage multi-jurisdictional assignments is required.
• Must be detail-oriented, organized, and self-motivated, and able to work independently under time pressures in a fast-paced and evolving legal climate.
• Must be committed to demonstrating the highest ethical standards in all interactions, including with colleagues, peers, stakeholders, business partners, and external parties.
• Certifications preferred: CISSP or CEH.
• Ability to travel up to 15-20% both domestically and internationally or as otherwise may be required.
Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.
United States-New Jersey-New Brunswick-
North America-United States-District of Columbia-Washington
Johnson & Johnson (6067)