Johnson & Johnson Careers

Lead, Security & Risk Management Business Services

Somerville, New Jersey
Information Security


Job Description

Requisition ID: 1407180906

Johnson & Johnson Family of Companies, caring for the world, one person at a time has inspired and united the people of Johnson & Johnson for 125 years. We embrace research and science -- bringing innovative ideas, products and services to advance the health and well-being of people. Employees of the Johnson & Johnson Family of Companies work with partners in health care to touch the lives of over a billion people every day, throughout the world.

 

With $71.9 billion in 2016 sales, Johnson & Johnson is the world's most comprehensive and broadly- based manufacturer of health care products, as well as a provider of related services, for the consumer, pharmaceutical, and medical devices markets. There are more than 265 Johnson & Johnson operating companies employing approximately 126,500 people and with products touching the lives of over a billion people every day, throughout the world.

 

Thriving on a diverse company culture, celebrating the uniqueness of our employees and committed to inclusion.  Proud to be an equal opportunity employer.

 

The Lead, Security & Risk Management Business Services is accountable for all aspects of identifying and Managing risk for the Companies under his/her scope by:

  • Providing expertise in information security and risk management to ensure that technology solutions meet requirements and standards.
  • Working jointly with project teams to determine applicability of various regulations and performing the role of Compliance Lead for all projects within the assigned area of responsibility.
  • Provide subject matter expertise and training to Information Technology associates in areas of Information Security Risk Management such as IAPP, SOX, Information Security, Digital Asset Risk Management and Application Security.  Understand the impact of the compliance requirements on systems and data to determine risk and recommend appropriate mitigation.
  • Manage the Information Security Risk Management action plans. Provide written and verbal communication such as status reports, progress reports and documentation to Business Unit Information Technology, Information Security Risk Management and other stakeholders.
  • Lead activities for audit preparation, hosting SOX and internal controls design reviews, security consulting, and follow-up activities and to propose strategies to improve performance in audits.
  • Create awareness in the organization of Information Security principles and concepts, including development and delivery of training and ongoing educational opportunities.
  • Create awareness in the organization of Information Security principles and concepts, including development and delivery of training and ongoing educational opportunities.
  • Monitor, evaluate and ensure the resolution of moderately complex security incidents and/or crisis resolution management.
  • Supports deployment of Information Security Risk Management capabilities for assigned area of responsibility.  Perform other work-related duties as assigned.
  • Partner and support Information Technology / Business partners on Medical Devices North America acquisitions from an Information Security Risk Management perspective.


Qualifications
  • Bachelor’s degree or equivalent years experience required.
  • 4+ years of Information security, risk management or Information Technology experience required.
  • Working knowledge in Information Security, and general understanding of risk management and Information Technology development processes.
  • Strong written and verbal communication skills required
  • Tenacious, assertive with attention to detail, willing to instigate change.
  • Ability to negotiate, liaise with, advice and influence business partners and colleagues at all levels.
  • Knowledge of the Sarbanes-Oxley requirements is required.
  • Knowledge of company, business and regulatory trends.
  • Knowledge in the design, implementation and maintenance of information security systems in the Information Technology environment.
  • Knowledge of one or more Information Technology platforms such as SAP, JDE, Salesforce.com, etc.
  • Demonstrated experience with IAPP( preferred), SOX(required), Information Security ( Required), Digital Asset Risk Management (Preferred) , and Application Security ( preferred).
  • CISSP -CISM -CISA – CIPP Certifications are preferred.
  • This position is located in Somerville, NJ and requires up to 10% domestic/international travel. Are you willing and able to meet this requirement?

Primary Location
United States-New Jersey-Somerville
Organization
Johnson & Johnson Services Inc. (6090)
Job Function
Information Security
Requisition ID
1407180906