Johnson & Johnson Careers
Information Security & Risk Management - Sr Analyst
São José dos Campos, Brazil
Requisition ID: 7608190213
• Perform the role of end-to-end (E2E) Application Security subject matter expert (SME) for Systems and Projects in areas of ISRM such as Information Security, Vulnerability Management, Project Risk Management and SOX. Coordinate any necessary supporting activities within the ISRM towers as per the requirements of the project;
• Advise business on how to implement, operate, and optimize internal and/or3rd party operational processes and value-creating services that are secure and compliant E2E and designed to protect the company’s data and intellectual property;
• Advise and support IT and the business unit in implementing, operationalizing and optimizing secure development standards as well as post-deployment vulnerability management and process improvements;
• Support the efforts to apply risk management processes in the business critical projects to identify and track risks, recommend solutions, validate remediation plans and facilitate implementation. Provides guidance to project teams and colleagues on security issues and gaps;
• Provide written and verbal communication such as status reports, progress reports and documentation to Business Unit IT, ISRM Management and other stakeholders;
• Support local ISRM trainings, awareness activities and monitor improvement, coordinating with ISRM Governance to improve effectiveness;
• Act as the point person for BU and the business for the security incidents and interactions with the Security Operations Center;
• Host and manage audits (ICR, CCR, PwC, Pre-Imps) for non-TS-managed applications, including support of the business on regulatory audits;
• Partner with other risk teams (Privacy, Legal, etc.) to deliver support in alignment with local laws and internal policies.
• Bachelor’s degree (Computer Science, Computer Engineering, Information System, or equivalent);
• 4+ years of Information security, risk management or IT experience.
• Working knowledge in Information Security including technical aspects, and general understanding of risk management and IT development processes;
• Strong written and verbal communication skills.
• Knowledge of Project Risk Management, PCI and SOX.
• Knowledge of company, business and regulatory trends.
• Knowledge in the design, implementation and maintenance of information security systems in the IT environment.
• Security certifications (e.g. CISM, CISSP, PCI);
• Knowledge of ITIL and/or CobiT.
Brazil-São Paulo-São José dos Campos-Rod.Presidente Dutra, Km 154
J&J Brazil (7680)