Johnson & Johnson Careers

Lead, ISRM Shared Services – DARM

Beerse, Belgium
Information Security

Job Description

Requisition ID: 1805644992W

The Lead, Shared Services DARM (ISCA) is responsible assessing digital assets ensuring they are developed and managed according to the J&J internal security & compliance standards (IAPPs), government regulations and industry standards. 

To accomplish this, she/he will:
  • Serve as the primary ISRM DARM - point of contact for digital assets for specific EMEA-countries/clusters.
  • Conduct pre-launch and ongoing security assessments & reviews for digital assets and/or approving digital assets prior to launch.
  • Perform web application security testing for J&J web and mobile applications on a regular basis.  
  • Assist with the development of a comprehensive screening process to ensure new web sites and mobile applications meet or exceed ISRM security and compliance standards.
  • Replicate the actual techniques and tools used by malicious attackers to model potential external threats.
  • Analyze test results, draw conclusions from results, and develop targeted exploit examples.
  • Have a working understanding security risks and impact when exploited.
  • Prepare test plans and test results & present the results to development teams.
  • Consult with operations and software development teams to ensure potential weaknesses are addressed.
  • Review application vulnerability reports and work with the development teams on remediation efforts.
  • Provide guidance and give input to web and mobile application development teams in identification and implementation of applicable security requirements. Partner with development teams to build security into the development of digital assets.
  • Collaborate with other security team members as well as web and mobile application developers to provide guidance in the remediation of security findings
  • Act as a consultant on issues related to security and compliance to development teams during the full product lifecycle. 
  • Collaborate with technical leaders in DARM and ISRM to improve the overall security of J&J web and mobile applications.
  • Remain current on security best practices and vulnerabilities.
  • Collect and report key metrics for identified vulnerabilities in web and mobile applications. 
  • Partner with the Security Operations Response Teams to manage incidents that occur in the digital space.

Performing security assessment & security validation testing: 
  • Performing security assessments & validation testing of J&J mobile and web applications.
  • Reviewing and/or approving digital assets prior to launch.
  • Creating test plans and assessment reports.
  • Verifying digital assets are developed and managed according to the Information Asset Protection Policies (IAPP’s).
  • Provide guidance and give input to web and mobile application development teams in identification and implementation of applicable security requirements, to reduce risk and to build security into the development of a digital asset.
  • Assessing impact of regional regulations and industry requirements based on established DARM policies & procedures. 
  • Evaluate, recommend and configure testing tools used for web security testing and validation activities and maintain security testing tools environment.
Business partnering, Awareness & Education (Training), Audit Support
  • Serve as the primary ISRM point of contact for digital assets.
  • Collaborate with various stakeholders, including: Privacy, Legal, Trademark, Application Services etc., to serve as a partner and/or consultant where web application security expertise is required in the development or maintenance of key IT or business initiatives 
  • Continually educating business partners on J&J internal guidelines & policies and on the threat landscape, by providing appropriate guidance, education, awareness training and regular communication to all relevant stakeholders
  • Provide feedback and updates to developer training; shape future versions of the training based on common trends in the testing results
  • Partner with internal software development and participate in activities on how cybersecurity can be built into the development process.
  • Support audit requests (country specific Regulatory/PV Audits related to Digital assets)

  • Bachelor’s degree in Computer Science (or related field) or equivalent experience
  • 2+ years of IT experience
  • 1+ years of hands-on web application security testing / ethical hacking experience
  • Preferred - CISSP, CEH, LPT, OSCP, GPEN or other industry security certification
  • Working understanding of OWASP Top 10
  • Understanding of application security mechanisms such as authentication and authorization techniques, data validation, and the proper use of encryption
  • Understanding of, and the ability to recognize, various types of application security vulnerabilities
  • Familiarity with common penetration testing and vulnerability assessment tools such as nmap, Wireshark, Nessus, NeXpose, BackTrack, Metasploit, AppScan, WebInspect, Burp Suite Professional, Acunetix, Arachni, w3af, NTOSpider
  • Knowledge of Drupal
  • Knowledge of PHP, Python, Java, JavaScript, SQL, HTML5, and CSS3
  • Knowledge of Web Services technologies such as XML, JSON, SOAP, REST, and AJAX
  • Experience with Enterprise Java or .NET web application frameworks
  • Proven analytical and problem-solving skills, as well as the desire to assist others in solving issues
  • Excellent interpersonal skills with a strong interest in the application security domain
  • Excellent communication and presentation skills and a proven ability to communicate threats and facilitate progress towards long-term remediation
  • Highly motivated with the willingness to take ownership / responsibility for their work and the ability to work as part of a team.
  • Excellent communication skill, able to network, interface and influence beyond his/her level of the organization, cross sector, cross-functionality and regionally
  • Result Orientation/Sense of Urgency – ability to drive to tight timelines
  • Customer Focus (Internal/External)
  • Team player

What’s in it for you…?
“Caring for the world, one person at a time…”
As an employee we consider you as our most valuable asset.  We take your career seriously. 
As part of a global team in an innovative environment your development is key and our day-to-day responsibility.
Through e-university, on the job training, various projects and programs, we ensure your personal growth.
Our benefits make sure we care for you and your family now and in the future.

Primary Location
Janssen Pharmaceutica N.V. (7555)
Job Function
Information Security
Requisition ID