Manager, Business Information Security

**Job Function**:
Technology Enterprise Strategy & Security
**Job Sub Function**:
Security & Controls
**Job Category**:
Scientific/Technology
**All Job Posting Locations**:
São José dos Campos, São Paulo, Brazil, São Paulo, Brazil

We are seeking the best talent for **Manager, Business Information Security**supporting our Corporate Business Technology (CBT) within the Information Security and Risk Management (ISRM) organization to be located in Sao Jose dos Campos or Sao Paulo, Brazil or additional locations below.

- Raritan or New Brunswick, NJ - Requisition Number: R-041438
- Belgium - Requisition Number: R-041977
- Brazil - Requisition Number: R-041981

The Manager, Business Information Security will provide assurance over the cybersecurity of the Corporate Business Technology scope of work on a global scale. This critical role will partner closely with our CBT team to help ensure the secure design, configuration and operation of Customer Experience, Transportation, Contracting, Pricing and other Corporate functions supporting and enabling our community of J&J employees, contractors and business partners.

**Key Responsibilities**:

- Champion a Secure-by-Design approach with stakeholders to embed security capabilities and services within business initiatives.
- Drive the adoption of security industry best-practices with a focus on J&J's Corporate functions and CBT organization to ensure critical information and assets are protected from cyber threats.
- Partner with security, business, and technology teams to identify, assist with the creation of mitigation and remediation plans, and track the closure of cybersecurity risks.
- Plan and prioritize the integration of security measures in business projects during the design, development and deployment phases.
- Promote the importance of cybersecurity across business and IT teams.
- Support the global deployment of security initiatives with awareness sessions, identify alternative ways of working to avoid business disruptions, and review exception requests.
- Provide audit support as the liaison between corporate audit functions from pre-work to consulting on remediation plans.
- Interpret gaps identified by the Third-Party Risk Management team and collaborate with business and technology stakeholders to ensure vendors remediate the gaps identified.
- Enhance Application Security used within the portfolio by interpreting internal security and regulatory requirements such as Sarbanes-Oxley (SOX), Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), etc.
- Stay abreast of the latest trends in AI, machine learning, and automation in cybersecurity. Promote a culture of innovation by training team members on AI security tools and methodologies.

**Qualifications**

**Required**:

- Bachelor’s degree required, preferably in Technology, Cybersecurity or other rigorous discipline.
- At least 8 years of experience in technology or cybersecurity
- 5+ years of hands-on experience in delivering technology; and cybersecurity design and capabilities required
- Experience in managing cybersecurity in life sciences environments or other regulated environments
- Strategic approach to develop capability roadmaps that will enable proactive reliability through data & automation.
- Solid grasp of current security threats, mitigation measures and security vendors/technologies.
- Experience working in fast-paced environments.
- Experience with agile framework and process
- Previous experience developing effective and strong partnerships.
- Superb communication and collaboration skills, ability to network and influence all levels - connecting with technical and non-technical audiences.
- Experience working as part of a high-performing multi-region team
- Ability to independently complete tasks accurately and thoroughly is required.

**Preferred**:

- Security certifications such as CRISC, CISSP, CCSP, ISSAP, CISM, GCIH, etc.
- Experience in securing Customer Experience, Contracting, Pricing, Transportation, or other Corporate platforms and environments.

JNJTECH