Johnson & Johnson Careers
Director, Information Security & Risk Management ASPAC
Requisition ID: 1805676122W
This job position will play an integral role in security and risk management related activities in the business services provided by the organization. He/she will:
- Act as Information Security & Risk Management (ISRM) lead for ASPAC to Commercial, Corporate and R&D business owners to coordinate and manage security and risk management activities as required.
- Secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
- Ensure that security is integrated into projects managed by the business and help integrate security and risk management activities during the design, development and deployment phases.
- Lead and drive changes to the security services based on changing Cyber risks and business needs.
- Apply risk management and application security processes in the business projects to identify and track risks, recommend solutions, validate remediation plans and facilitate implementation and remediation.
- Assess and monitor compliance with applicable security standards and practices.
- Provide expert guidance to business owners in identification of security requirements for critical business projects.
- Identify and define key metrics for integrating security in business projects and operations.
Major Duties and Responsibilities
- 25% - Act as a liaison to business owners to drive and manage security and risk management activities. Conduct security awareness and training programs for the technical and business teams. Drive security and data protection awareness for the ASPAC region.
- 25% - Lead the ASPAC ISRM team supporting the Commercial/Corporate/R&D organization ensuring security capabilities / processes are implemented appropriately. Plan and prioritize the integration of application security measures in business projects during the design, development and deployment phases. Lead the efforts to apply risk management processes in the business projects to identify and track risks, recommend solutions, validate remediation plans and facilitate implementation.
- 20% - Drive ISRM strategy and capability implementation for the business units. Identify and report key metrics to stakeholders to proactively manage risk.
- 15% - Assess compliance with applicable security standards and practices. Keep well-informed of security incidents and act as primary point of contact for the region and business team during information security incidents
- 15% - Participate and lead where applicable in industry / sector organizations helping to shape industry standards, assess and adopt changing cyber security regulations and best practices as they relate to security and risk management.
- - Perform other work-related duties as assigned.
- Provides periodic updates to senior information technology and business leadership on security and risk management related metrics and program in business projects.
- Conduct training and awareness campaigns related to security and risk management for all business leads across J&J.
- Serves as a thought leader in identification and integration of security requirements and provide advice to executive management including Chief Information Officer (CIO) and business leads.
- Develops effective working partnership with senior management.
- Mentors talent and help them grow in their careers.
- Collaborates with other leaders and staff within security and risk management to help ensure each function is executed in an efficient manner.
Key Working Relationships
- Internal - Business, Technology, Procurement, Legal, Human Resources, Finance, Internal Audit
- External - Life Sciences Industry Working Groups expected, External Audit
Required Knowledge, Skills and Abilities
- Bachelor’s degree or equivalent.
- A minimum of 10 years of progressive experience in leadership roles with a focus on security and risk management.
- Track record in managing security and risk management activities in complex projects to deliver results.
- Experience in integrating security requirements in large and complex projects.
- Experience working with multiple corporate risk leaders as well as the sectors within Life Sciences.
- Experience managing organizational budget and portfolio.
- Strong people management and development skills in a large, globally diverse organization.
- Global experience (with multiple countries, regions) and associated cultural awareness.
- Strategic thinking – perspective on how organizational change will impact business models.
- Attention to Detail – align strategic and tactical.
- Results Orientation/Sense of Urgency – ability to drive to tight timelines.
- Excellent interpersonal skills.
- Strong analytical skills.
- Creative problem-solving skills.
- Customer focus (internal and external).
- Excellent communication skills, able to network, interface and influence at all levels of the organization, cross sector, cross-functionally and globally.
- Proven ability to influence/collaborate to get to desired result.
- Strong leadership skills.
- Knowledge of key business processes preferred.
Travel on the Job
- Percentage: 10%-15%
Preferred Knowledge, Skills and Abilities
- Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar.
Johnson & Johnson Pte. Ltd. (8435)