Senior Manager MedTech Cybersecurity

Johnson & Johnson Innovative Medicine

About The Position

Johnson and & Johnson, through its operating companies, is the world's most comprehensive and broadly-based manufacturer of health care products, as well as a provider of related services, for the consumer, pharmaceutical, and medical device markets. We strive to provide scientifically sound, high-quality products and services to help heal, cure disease and improve the quality of life. Do you want to be part of an organization that is thriving on a diverse company culture, celebrating the uniqueness of our employees and committed to inclusion? Then join us! We are proud to be an equal opportunity employer. The Sr. Manager, Cybersecurity Medtech Vision is a results-oriented self-starter who enjoys a fast-paced environment and is looking for opportunity to influence change in an established organization. They will have responsibility for all aspects of identifying and managing security risk and serve as the focal point for all information protection matters. This role will be part of the Johnson & Johnson Information Security and Risk Management (ISRM) team, focusing on the Vision Business Unit (BU) within the MedTech sector and will be located in EMEA – Dublin, Beerse or Warsaw , North America – Jacksonville (FL)

Requirements

A Bachelor's degree or equivalent. A major in Cybersecurity or Computer Science is highly preferred.
A minimum of 10 years of experience in Information Security & Risk Management and/or IT.
Previous experience developing effective and strong partnerships along with relationship building skills with business leaders and partners.
Solid understanding of current security threats, mitigation measures and security vendors/technologies.
Experience in design and implementation of enterprise security, cloud security and/or development of IT solutions or services to protect data, application, host, middleware, network, Infrastructure.
Experience working in complex, fast-paced environments.
Experience supporting, leading and influencing security assessments (e.g. SOC Type 2 reporting, PCI, ISO 27001).
Big Picture Thinking / Attention to Detail – align strategic and tactical
Passion for leading and influencing people
Results Orientation and ability to drive to short timelines.
Creative problem-solving skills.
Customer focus (internal & external).
Superb communication, social and collaboration skills, able to network and influence various levels of the organization, across sectors, functions and markets.
Demonstrable ability to influence/collaborate to get to desired result.
Fluency in English and preferably proficiency in another language.

Nice To Haves

Experience with implementation or review of compliance with international security standards or regulations.
Security certifications such as CISSP, CCSP, ISSAP, CISM, etc.

Responsibilities

Serve as the focal point for all information asset protection matters for the Vision MedTech BU Globally and/or cross-BU for a particular region for which they are responsible.
Be accountable for promoting information security within the BU and/or region, including ensuring processes, procedures, and other activities are defined and implemented to meet the requirements of the Information Asset Protection Policies (IAPPs).
Drive End-to-end Cyber Trust and Security by Design through consulting, engagement and assurance.
Support the strategy for embedding cyber security into business initiatives, improving risk posture, secure critical intellectual property, protect sensitive assets, improve site security and enhance business resiliency.
Serve as the ISRM liaison and have direct interaction with sector personnel, IT, and business leaders.
Provide expertise in Information Security & Risk Management to ensure that technology solutions meet all requirements and standards.
Consult with project teams to determine applicability of various global and local regulations, security standards and certifications, incl. but not limited to NIST, NIS2, SOX, ISO27001, etc.
Drive the adoption of security industry best-practices, J&J security standards and capabilities with a focus on MedTech Vision to ensure that critical information and assets are protected from cyber threats.
Drive risk remediation of identified cybersecurity issues.
Provide strong leadership in driving the cybersecurity risk posture of business capabilities, incl. security consulting, design reviews, risk prioritization, advice and assurance on remediation.
Support vulnerability management, third party risk remediation and cyber incidents investigations as needed.
Business Engagement to drive user acceptance and support of global ISRM initiatives and Business programs, providing overall consulting on security by design.
Enable ISRM capabilities for the business including awareness, business impact, exceptions handling
Coordinate with IT, Quality Assurance, Regulatory Affairs, Global Audit and Assurance and business partners to ensure audit readiness and to prepare for internal and external audits.
Support for cybersecurity, and internal control readiness for Internal and External audits.
Deliver training and awareness to business teams on key cybersecurity concepts
Provide metrics and reporting to ISRM and Business leadership on status of compliance to cybersecurity IAPP requirements and risks
Participate in BU planning to ensure the integration of security measures and remediations in business plans and projects during the design, development and deployment phases to ensure confidentiality, integrity and availability of applications and data are adequately protected against cybersecurity threats.
Provide expert guidance in Cybersecurity & Risk Management to ensure that technology solutions meet all requirements and standards.