Johnson & Johnson Careers
Senior Analyst Digital Asset Risk Management (DARM)
Requisition ID: 1805644992W
The Senior Analyst Digital Asset Risk Management (DARM) is responsible assessing digital assets ensuring they are developed and managed according to the J&J internal security & compliance standards (IAPPs), government regulations and industry standards.
To accomplish this, she/he will:
- Serve as the primary Information Security Risk Management (ISRM) - point of contact for digital assets for specific EMEA-countries/clusters.
- Conduct pre-launch and ongoing security assessments & reviews for digital assets and/or approving digital assets prior to launch.
- Perform web application security testing for J&J web and mobile applications on a regular basis.
- Assist with the development of a comprehensive screening process to ensure new web sites and mobile applications meet or exceed ISRM security and compliance standards.
- Review application vulnerability reports and work with the development teams on remediation efforts.
- Provide guidance and give input to web and mobile application development teams in identification and implementation of applicable security requirements.
- Partner with development teams to build security into the development of digital assets.
- Collaborate with technical leaders to improve the overall security of J&J web and mobile applications.
- Remain current on security best practices and vulnerabilities.
- Partner with the Security Operations Response Teams to manage incidents that occur in the digital space.
Performing security assessment & security validation testing:
- Performing security assessments & validation testing of J&J mobile and web applications.
- Reviewing and/or approving digital assets prior to launch.
- Verifying digital assets are developed and managed according to the J&J Information Asset Protection Policies (IAPP’s).
- Provide guidance and give input to web and mobile application development teams in identification and implementation of applicable security requirements, to reduce risk and to build security into the development of a digital asset.
Business partnering, Awareness & Education (Training), Audit Support
- Serve as the primary ISRM point of contact for digital assets.
- Collaborate with various stakeholders, including: Privacy, Legal, Trademark, J&J developers, to serve as a partner and/or consultant where web application security expertise is required in the development or maintenance of key IT or business initiatives
- Continually educating business partners on J&J internal guidelines & policies and on the threat landscape, by providing appropriate guidance, education, awareness training and regular communication to all relevant stakeholders
- Partner with internal software development and participate in activities on how cybersecurity can be built into the development process.
- Support audit requests (country specific Regulatory/Audits related to Digital assets)
- Bachelor’s degree in Computer Science (or related field) or equivalent experience
- 2+ years of IT experience
- 1+ years of hands-on web application security testing / ethical hacking experience
- Preferred - CISSP, CEH, LPT, OSCP, GPEN or other industry security certification
- Working understanding of OWASP Top 10
- Understanding of application security mechanisms such as authentication and authorization techniques, data validation, and the proper use of encryption
- Understanding of, and the ability to recognize, various types of application security vulnerabilities
- Familiarity with common penetration testing and vulnerability assessment tools such as nmap, Wireshark, Nessus, NeXpose, BackTrack, Metasploit, AppScan, WebInspect, Burp Suite Professional, Acunetix, Arachni, w3af, NTOSpider
- Familiarity with Drupal
- Familiarity with Web Services technologies such as XML, JSON, SOAP, REST, and AJAX
- Familiarity with Enterprise Java or .NET web application frameworks
- Proven analytical and problem-solving skills, as well as the desire to assist others in solving issues
- Good interpersonal skills with a strong interest in the application security domain
- Solid communication and presentation skills and a proven ability to communicate threats and facilitate progress towards long-term remediation
- Motivated with the willingness to take ownership / responsibility for their work and the ability to work as part of a team.
- Strong communication skills, able to network, interface and influence beyond his/her level of the organization, cross sector, cross-functionality and regionally
- Result Orientation/Sense of Urgency – ability to drive to tight timelines
- Customer Focus
- Team player
What’s in it for you…?
“Caring for the world, one person at a time…”
As an employee we consider you as our most valuable asset. We take your career seriously.
As part of a global team in an innovative environment your development is key and our day-to-day responsibility.
Through e-university, on the job training, various projects and programs, we ensure your personal growth.
Our benefits make sure we care for you and your family now and in the future.
Europe/Middle East/Africa-Switzerland-Zug-Zug, Europe/Middle East/Africa-Germany-North Rhine Westphalia-Rhein-Kreis Neuss, Europe/Middle East/Africa-Netherlands-South Holland-Leiden, Europe/Middle East/Africa-Netherlands-North Brabant-Breda, Europe/Middle East/Africa-Austria-Vienna-Vienna
Janssen Pharmaceutica N.V. (7555)