Johnson & Johnson Careers
Manager IT Internal Audit & Assurance – Cybersecurity
New Brunswick, New Jersey
Internal Audit IT
Requisition ID: 4213180614
Johnson & Johnson Corporate Internal Audit is seeking an Manager IT Internal Audit & Assurance – Cybersecurity. This position is located in New Brunswick, NJ.
Caring for the world, one person at a time has inspired and united the people of Johnson & Johnson for over 125 years. We embrace research and science -- bringing innovative ideas, products and services to advance the health and well-being of people. Employees of the Johnson & Johnson Family of Companies work with partners in health care to touch the lives of over a billion people every day, throughout the world.
With $76.5 billion in 2017 sales, Johnson & Johnson is the world's most comprehensive and broadly-based manufacturer of health care products, as well as a provider of related services, for the consumer, pharmaceutical, and medical devices and diagnostics markets. There are more than 265 Johnson & Johnson operating companies employing approximately 126,500 people and with products touching the lives of over a billion people every day, throughout the world. If you have the talent and desire to touch the world, Johnson & Johnson has the career opportunities to help make it happen.
Thriving on a diverse company culture, celebrating the uniqueness of our employees and committed to inclusion. Proud to be an equal opportunity employer.
Corporate Internal Audit's primary mission is to provide independent, objective assurance and advisory services to assist management in maintaining compliance with government and industry regulations, mitigating risk and achieving operational excellence. To this end, the Manager IT Internal Audit & Assurance – Cybersecurity conducts audits of information resources across the Johnson & Johnson Family of Companies to evaluate the adequacy of internal controls and to develop recommendations for improvement. Information resources include business critical applications such as SAP, JD Edwards, and BPCS, as well as the related technology infrastructure, data, facilities, organizations, and processes.
• Manage IT Audit & Internal Controls Assurance engagements with broad focus on Information Security domain & capabilities e.g. Cyber Threat, Identity & Access Management, Data Protection. Cloud Security & Resilience.
• In addition to their audit management responsibilities, IT Internal Audit Managers work closely with-IT management, Internal Audit leadership, and External Audit to assess risk and facilitate information security requirements.
• Provide leadership and coaching to a subordinate staff of IT audit professionals and Corporate Internal Audit team members. They are also expected to lead internal capability and improvement projects using appropriate methodologies – e.g., System Development Life Cycle, Six Sigma.
• Lead and perform ongoing risks assessment of Information Security domains & capabilities throughout the enterprise.
• Advise and perform an ongoing risk assessment of IT security control design.
• Lead internal control reviews & audits of Information Security domains & capabilities.
• Lead development, documentation and maintenance of information security audit program consistent with enterprise policies, procedures, and established industry standards & methods.
• Initiate, facilitate, and promote activities to create information security audit approach, awareness and training throughout the department.
• Independently assess the design and operating effectiveness of internal controls over financial reporting.
• Develop and maintain adequate control and process documentation (i.e. control matrices, flowcharts, testing documentation) in accordance with engagement objectives.
• Perform root cause analysis and articulate control deficiencies and remediation techniques both internally and with client senior management.
• Support and monitor remediation activities, as and when necessary.
• Maintain ongoing awareness of significant changes related to new regulatory compliance pronouncements (would not expect this level to be monitoring compliance changes) that result in emerging technologies.
• Coordinate and manage interactions with multi-functional and cross-geographical teams both internally and externally, as necessary.
• Identify weaknesses in internal controls and identify opportunities to enhance operational efficiencies.
• Participate in the development and implementation of Cybersecurity initiatives including but not limited to policies, strategic projects, activities resulting from internal or external audits.
• A minimum of a Bachelor's degree (BA/BS) is required.
• A professional security, audit, or control-related certification, such as CISSP, CISA or CIA is strongly preferred.
• Minimum of 6 years of audit, assurance and advisory experience is required.
• Experience in a Big 4 or leading risk advisory/ public accounting firm is preferred.
• Good understanding of IT & Information Security Management Frameworks and standards such as ISO, SANS, COBIT, ITIL, CSA and regulations such as SOX, PCI Compliance, HIPAA is required.
• Comprehensive understanding of ISO and NIST frameworks is required.
• Deep, thorough understanding of technical functions & comprehensive understanding of cybersecurity trends and threats to the healthcare enterprise is required.
• Demonstrated experience and history of increasing responsibility in project management and supervision in a large, complex information systems environment is required.
• General knowledge of multiple IT industry best practice frameworks including but not limited to the Information Technology Infrastructure Library (ITIL) is preferred.
• Experience with the design, development and implementation of internal controls for IT is required.
• Analytical skills; specifically, the ability to assess and decompose processes utilizing a risk and control focus is required.
• Highly motivated team player who is willing to go the extra mile is required.
• Knowledge of current accounting, auditing principals and internal control concepts is required.
• Exposure or understanding of control concepts and processes with practical experience in regulatory compliance, internal audits, risk management, accounting / process advisory and finance transformation / improvement is required.
• High level of self-confidence, strong people and client management skills and demonstrated leadership ability is required.
• Excellent presentation and written communication skills are required.
• English fluency (written and verbal) is required; fluency in multiple languages is a plus.
• Must have the ability to work in a highly collaborative, team-oriented environment.
• Willingness to travel up to 30% domestically and internationally is required.
United States-New Jersey-New Brunswick
Johnson & Johnson (6067)
Internal Audit IT