Manager, Business Information Security

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at

Job Function:

Job Sub Function:

Job Category:

All Job Posting Locations:

Job Description:

We are seeking the best talent for Manager, Business Information Security supporting our Corporate Business Technology (CBT) within the Information Security and Risk Management (ISRM) organization to be located in Sao Jose dos Campos or Sao Paulo, Brazil or additional locations below.

Please note that this role is available across multiple countries and may be posted under different requisition numbers to comply with local requirements. While you are welcome to apply to any or all of the postings, we recommend focusing on the specific country(s) that align with your preferred location(s):

• Raritan or New Brunswick, NJ - Requisition Number: R-041438
• Belgium - Requisition Number: R-041977
• Brazil - Requisition Number: R-041981

Remember, whether you apply to one or all of these requisition numbers, your applications will be considered as a single submission.

The Manager, Business Information Security will provide assurance over the cybersecurity of the Corporate Business Technology scope of work on a global scale. This critical role will partner closely with our CBT team to help ensure the secure design, configuration and operation of Customer Experience, Transportation, Contracting, Pricing and other Corporate functions supporting and enabling our community of J&J employees, contractors and business partners.

Key Responsibilities:

• Champion a Secure-by-Design approach with stakeholders to embed security capabilities and services within business initiatives.
• Drive the adoption of security industry best-practices with a focus on J&J's Corporate functions and CBT organization to ensure critical information and assets are protected from cyber threats.
• Partner with security, business, and technology teams to identify, assist with the creation of mitigation and remediation plans, and track the closure of cybersecurity risks.
• Plan and prioritize the integration of security measures in business projects during the design, development and deployment phases.
• Provide tailored security guidance (based on risk and complexity) by interpreting and applying the internal cybersecurity policy requirements and standards for innovative IT initiatives.
• Promote the importance of cybersecurity across business and IT teams.
• Support the global deployment of security initiatives with awareness sessions, identify alternative ways of working to avoid business disruptions, and review exception requests.
• Provide audit support as the liaison between corporate audit functions from pre-work to consulting on remediation plans.
• Interpret gaps identified by the Third-Party Risk Management team and collaborate with business and technology stakeholders to ensure vendors remediate the gaps identified.
• Enhance Application Security used within the portfolio by interpreting internal security and regulatory requirements such as Sarbanes–Oxley (SOX), Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), etc.
• Stay abreast of the latest trends in AI, machine learning, and automation in cybersecurity. Promote a culture of innovation by training team members on AI security tools and methodologies.

Qualifications

Required:

• Bachelor's degree required, preferably in Technology, Cybersecurity or other rigorous discipline.
• At least 8 years of experience in technology or cybersecurity
• 5+ years of hands-on experience in delivering technology; and cybersecurity design and capabilities required
• Experience in managing cybersecurity in life sciences environments or other regulated environments
• Strategic approach to develop capability roadmaps that will enable proactive reliability through data & automation.
• Solid grasp of current security threats, mitigation measures and security vendors/technologies.
• Experience working in fast-paced environments.
• Experience with agile framework and process
• Creative problem-solving skills and understanding of complex environments (data, application, middleware, network).
• Previous experience developing effective and strong partnerships.
• Superb communication and collaboration skills, ability to network and influence all levels - connecting with technical and non-technical audiences.
• Experience working as part of a high-performing multi-region team
• Ability to independently complete tasks accurately and thoroughly is required.

Preferred:

• Security certifications such as CRISC, CISSP, CCSP, ISSAP, CISM, GCIH, etc.
• Experience in securing Customer Experience, Contracting, Pricing, Transportation, or other Corporate platforms and environments.

#JNJTECH