Johnson & Johnson Careers

Manager, Digital, Information Security & Risk Management, ASPAC

Beijing, China; Beijing, China
Information Security


Job Description

Requisition ID: 1805680180W

Ensure security controls for digital assets by:
• Performing security validation testing of J&J mobile and web applications.
• Creating test plans and assessment reports.
• Verifying digital assets are developed and managed accordance to the Information Asset Protection Policies (IAPP’s).
• Give input to development of new digital security processes needed to manage risk.
• Overseeing digital initiatives for assigned portfolio of projects and processes.
• Reviewing and/or approving digital assets to launch.
• Assessing impact of ASPAC and China regulations (e.g. China Cyber Security Law) and industry requirements. Partner with compliance teams (legal, privacy, trademark etc.) to understand regional and shape ISRM review and launch requirement based on those requirements.

Business partnering and strategy:
• Serve as primary ISRM point of contact for ASPAC and China digital assets.
• Devise risk management solutions and processes to enable business strategies.
• Interpret IT Strategy to operationalize risk management.
• Proactively identify solutions to resolve conflicts between security requirements and business needs or constraints.
• Collaborate with various stakeholders, including: Privacy, Legal, Trademark, Application Services, Sector Risk Assurance teams, etc., to serve as a partner and/or consultant where web application security expertise is required in the development or maintenance of key IT or business initiatives.

 Awareness & education:
• Regularly collecting and reporting metrics.
• Reviewing metrics and dashboards with IT & Business leadership audiences.
• Continually educating business partner leadership on threat landscape.
• Provide feedback and updates to developer training. Shape future versions of the training based on common trends in the testing results. Partner with internal software development teams to enhance their CI/ CD process to build cyber security into development process. 

 Incident support:
• Identify and Investigate emerging trends in technologies and digital media and serve as subject matter expert in the areas of digital compliance and risk management.
• Assist the security response team in incident investigations where a web application vulnerability has been exploited. Act as the focal point for DARM and ISRM for investigations and remediation associated with an exploited web site.

Qualifications
• Bachelor’s degree or equivalent.
• 5+ years of IT experience
• 1+ years of hands-on web application security testing / ethical hacking experience
• Preferred - CISSP, CEH, LPT, OSCP, GPEN or other industry security certification
• Ability to demonstrate manual testing experience including all OWASP Top 10
• Intermediate knowledge of application security mechanisms such as authentication and authorization techniques, data validation, and the proper use of encryption
• Experience with Enterprise Java or .NET web application frameworks
• Experience with PHP, Python, Java, JavaScript, SQL, HTML5, or CSS3
• Working knowledge of, and the ability to recognize, various types of application security vulnerabilities
• Experience in vulnerability scanning, and application security testing.
• Strong people management and development skills in a medium sized, diverse organization.
• Regional experience (with multiple countries) and associated cultural awareness.
• Strategic thinking – perspective on how organizational change will impact regional business models.
• Attention to Detail – align strategic and tactical.
• Results Orientation/Sense of Urgency – ability to drive to tight timelines.
• Excellent interpersonal skills with a strong interest in the application security domain
• Strong analytical skills.
• Creative problem-solving skills.
• Customer focus (internal and external).
• Excellent communication skills, able to network, interface and influence beyond his/her level of the organization, cross sector, cross-functionally and regionally.
• Proven ability to influence/collaborate to get to desired result.
• Strong leadership skills.
• Knowledge of key business processes preferred.
• Chinese and English language preferred.
• China Cyber Security Law project / privacy related project experience preferred.
Primary Location
China-Beijing-Beijing
Other Locations
China-Beijing-Beijing
Organization
Xian-Janssen Pharmaceutical Ltd. (7043)
Job Function
Information Security
Requisition ID
1805680180W