Cybersecurity Lead MedTech R&D

Johnson & Johnson Innovative Medicine•Paris, NV

3d•$94,000 - $151,800•Remote

About The Position

We are searching for top talent for Cybersecurity Lead. You will be the Business Information Security partner for MedTech R&D. This position can be based in Raritan, NJ or Irvine, CA, or remotely in the US. This candidate will have a diverse background with strong business acumen, technology, and security expertise. He/she will be a strategic thinker who will partner closely with Technology and Business to lead with impact, drive security culture changes and stay updated with industry trends in cybersecurity. The role is part of the Information Security & Risk Management (ISRM) organization supporting Electrophysiology business within the Medical Technologies sector. In this role the individual will be the cybersecurity partner to support the secure development and implementation of innovative technology solutions, secure assets and protect IP across the R&D labs and workspaces. The individual will work across ISRM demonstrating authentic leadership, driving results, and showing dedication to our Credo.

Requirements

Bachelor’s degree in computer science, information technology, cybersecurity, business administration, or another rigorous discipline is required.
5+ years of working in IT, OT, and/or Engineering with a security focus is required, including hands-on implementation level understanding of key security technologies and controls (e.g., access control, IDP/IDR, anti-malware, patch management, encryption technologies, forensics etc.)
Direct working and/or supporting experience for Research and Development functions is required.
Experience in leading/performing security assessments and providing security assurance across various levels of the enterprise architecture (data, application, host, middleware, network, Infrastructure) to ensure data protection
Solid understanding of current security threats, mitigation measures, and security vendors/technologies.
Experience with cloud security (e.g., AWS, Azure, Salesforce)
Experience with security standards (e.g., ISO27001, HiTrust, NIST, etc.) is required.

Nice To Haves

Certifications in cybersecurity (CISM, CISSP, ISA-62443), audit (CISA), or risk management (CRISC) are preferred.
Awareness of security trends in process, tooling, and threats
Good understanding and exposure to data visualization tools such as PowerBI, Tableau etc.
Big picture perspective and attention to detail focus to align strategic and tactical security aspects.
Ability to collaborate, network and influence all levels of the organization, cross sector, cross-function and global and establish oneself as an inspiring leader with expertise in space.
Excellent communication and collaboration skills, able to network, interface and influence at all levels of the organization, cross sector, cross-functionally and globally.
Experience leading and influencing security audits (e.g., SOC Type 2 reporting, PCI, ISO 27001) is preferred.

Responsibilities

Provide early/proactive engagement with project teams to drive business understanding and execution of the security capabilities and services needed for innovative technology solutions; End to end support for large programs.
Provide tailored security guidance (based on risk and complexity) - Interpret & apply the IAPP requirements and standards for unique technology and business initiatives.
Drive cybersecurity adoption across R&D labs and sites (Electrophysiology) to secure IT/OT assets and enable safe & secure innovation.
Lead the cyber operational portfolio from identification > consulting remediation plan > completion partnering across ISRM, business, and technology teams.
Establish data analytics to provide security posture across the business units, functions, and sites.
Assist the Security Operations Center (SOC) with security incident investigation activities; work closely with business teams to support affected users and provide liaison with central investigation team.
Drive business understanding of critical cybersecurity regulations and ensuring solutions are compliant (NIST, NIS2, Safe Data, etc.).
Support the global deployment of security initiatives with awareness sessions, identify alternative ways of working to avoid business disruptions, and review exception requests.
Drive and manage security gap assessments/remediation efforts and support integration activities for the R&D portfolio for key acquisitions.

Benefits

Vacation –120 hours per calendar year
Sick time - 40 hours per calendar year; for employees who reside in the State of Colorado –48 hours per calendar year; for employees who reside in the State of Washington –56 hours per calendar year
Holiday pay, including Floating Holidays –13 days per calendar year
Work, Personal and Family Time - up to 40 hours per calendar year
Parental Leave – 480 hours within one year of the birth/adoption/foster care of a child
Bereavement Leave – 240 hours for an immediate family member: 40 hours for an extended family member per calendar year
Caregiver Leave – 80 hours in a 52-week rolling period
Volunteer Leave – 32 hours per calendar year
Military Spouse Time-Off – 80 hours per calendar year
Consolidated retirement plan (pension)
Savings plan (401(k))