Location: Raritan, NJ 08869
What type of mark will you make?
Your unique talents and perspective can make a vital contribution to innovative products that improve the lives of people everywhere. Career opportunities within Johnson & Johnson companies can provide a setting to build your leadership experience, express your passion, and touch the world.
|  |
Position Description
Senior Manager, Information Security Risk Management-2583131107
Description
Johnson & Johnson is currently recruiting for a Senior Manager, Information Security Risk Management. The position is located in Raritan, NJ. This position requires up to 10% travel.
Johnson & Johnson, through its operating companies, is the world's most comprehensive and broadly based manufacturer of health care products, as well as a provider of related services, for the consumer, pharmaceutical, and medical devices and diagnostics markets. We strive to provide scientifically sound, high quality products and services to help heal, cure disease and improve the quality of life.
Thriving on a diverse company culture, celebrating the uniqueness of our employees and committed to inclusion. Proud to be an equal opportunity employer.
The Senior Manager, Information Security Risk Management will lead a staff in the creation and development of a global and comprehensive information security risk management framework for the continuous assessment and improvement of the JNJ IT risk posture.
Responsibilities of this position include: Leading the design, development and implementation of a strategy and framework for information security risk management; Identifying or developing tools for the quantitative and qualitative measurement of security risks and creating and establishing a risk register for Worldwide Information Security (WWIS); Partnering with Global Security Operations and the sector IT Risk Assurance (ITRA) staff, to monitor risks and develop / execute risk mitigation plans; Utilizing data from IT risk assessments as input to project prioritization and business decisions; providing input and recommendations to executive management on risk profile, emerging security trends (internal and external) and risk response strategies; Developing risk management processes in the area of Information Security, Harmonized Compliance Requirements, and Supplier Requirements.
Additional responsibilities include: Providing guidance and training on security risk management; Representing WWIS in Corporate enterprise risk management activities and initiatives; partnering across IT, Q&C, Privacy, and CIA to continuously improve the IT Compliance profile; maintaining awareness of industry best practices and regulatory trends; Acting as subject matter expert representing WWIS during internal audits and external regulatory inspections; be the subject matter expert for ITRM on the Payment Card Industry-Data Security Standard as well as the HIPAA Security Rule.
Qualifications
A bachelor’s degree is required. A graduate degree is preferred. CISSP or equivalent certification is preferred. A minimum of 8 years of information security experience is required. Experience within a global, regulated, healthcare industry is preferred. A minimum of 3 years of experience in Risk Management is required. Strong knowledge of Security Compliance areas such as PCI-DSS, HIPAA, Sarbanes Oxley, and/or state breach laws is required. Experience with external auditing bodies is required. Demonstrated experience in writing and managing compliance documentation including the ability to coach others for the quality of content is required. Demonstrated ability to manage complex projects, priorities and multiple tasks is required. Possessing the credibility and presence to act as subject matter expert during internal audits and external regulatory inspections is required. Strong communication, influencing, presentation skills, collaboration and teaming skills are required. Must have strong presence, leadership and presentation skills with the ability to articulate issues and outcomes at all levels. Must have the ability to influence others with limited direct authority.
Candidate will need an understanding of the J&J enterprise and a detailed understanding of the J&J Information Asset Protection Policies, and must be able to apply those policies to the J&J IT infrastructure and operating company information security requirements. Candidate will make decisions on information security strategic direction for J&J and present to management, recommend new policy requirements and recommend program management decisions on relevant information security programs. Candidate will report on status of information security and recommend changes to improve overall information security posture.
Candidate must be able to make independent and binding determinations of whether requirements are being met by Worldwide Information Security, identify and evaluate appropriate external service providers, recommend the establishment or revision of information security policies based on new technology or benchmarking input or other changes such as legal or regulatory and that information security programs are meeting stated objectives.
BE VITAL in your Career; be seen for the talent you bring to your work. Explore opportunities within the Johnson & Johnson Family of Companies.
J2W:LI NA
J2W:DICE
Primary Location:North America-United States-New Jersey-Raritan
Organization: Johnson & Johnson Services Inc. (6090)
Job: Information Security
Certain sites within the Johnson & Johnson family of companies participate in E-Verify as appropriate in accordance with Company guidelines and federal or state law. To learn more about the government sponsored program and to see a list of the sites that are currently enrolled, please click here.
Johnson & Johnson companies are equal opportunity employers.
Senior Manager, Information Security Risk Management-2583131107
Description
Johnson & Johnson is currently recruiting for a Senior Manager, Information Security Risk Management. The position is located in Raritan, NJ. This position requires up to 10% travel.
Johnson & Johnson, through its operating companies, is the world's most comprehensive and broadly based manufacturer of health care products, as well as a provider of related services, for the consumer, pharmaceutical, and medical devices and diagnostics markets. We strive to provide scientifically sound, high quality products and services to help heal, cure disease and improve the quality of life.
Thriving on a diverse company culture, celebrating the uniqueness of our employees and committed to inclusion. Proud to be an equal opportunity employer.
The Senior Manager, Information Security Risk Management will lead a staff in the creation and development of a global and comprehensive information security risk management framework for the continuous assessment and improvement of the JNJ IT risk posture.
Responsibilities of this position include: Leading the design, development and implementation of a strategy and framework for information security risk management; Identifying or developing tools for the quantitative and qualitative measurement of security risks and creating and establishing a risk register for Worldwide Information Security (WWIS); Partnering with Global Security Operations and the sector IT Risk Assurance (ITRA) staff, to monitor risks and develop / execute risk mitigation plans; Utilizing data from IT risk assessments as input to project prioritization and business decisions; providing input and recommendations to executive management on risk profile, emerging security trends (internal and external) and risk response strategies; Developing risk management processes in the area of Information Security, Harmonized Compliance Requirements, and Supplier Requirements.
Additional responsibilities include: Providing guidance and training on security risk management; Representing WWIS in Corporate enterprise risk management activities and initiatives; partnering across IT, Q&C, Privacy, and CIA to continuously improve the IT Compliance profile; maintaining awareness of industry best practices and regulatory trends; Acting as subject matter expert representing WWIS during internal audits and external regulatory inspections; be the subject matter expert for ITRM on the Payment Card Industry-Data Security Standard as well as the HIPAA Security Rule.
Qualifications
A bachelor’s degree is required. A graduate degree is preferred. CISSP or equivalent certification is preferred. A minimum of 8 years of information security experience is required. Experience within a global, regulated, healthcare industry is preferred. A minimum of 3 years of experience in Risk Management is required. Strong knowledge of Security Compliance areas such as PCI-DSS, HIPAA, Sarbanes Oxley, and/or state breach laws is required. Experience with external auditing bodies is required. Demonstrated experience in writing and managing compliance documentation including the ability to coach others for the quality of content is required. Demonstrated ability to manage complex projects, priorities and multiple tasks is required. Possessing the credibility and presence to act as subject matter expert during internal audits and external regulatory inspections is required. Strong communication, influencing, presentation skills, collaboration and teaming skills are required. Must have strong presence, leadership and presentation skills with the ability to articulate issues and outcomes at all levels. Must have the ability to influence others with limited direct authority.
Candidate will need an understanding of the J&J enterprise and a detailed understanding of the J&J Information Asset Protection Policies, and must be able to apply those policies to the J&J IT infrastructure and operating company information security requirements. Candidate will make decisions on information security strategic direction for J&J and present to management, recommend new policy requirements and recommend program management decisions on relevant information security programs. Candidate will report on status of information security and recommend changes to improve overall information security posture.
Candidate must be able to make independent and binding determinations of whether requirements are being met by Worldwide Information Security, identify and evaluate appropriate external service providers, recommend the establishment or revision of information security policies based on new technology or benchmarking input or other changes such as legal or regulatory and that information security programs are meeting stated objectives.
BE VITAL in your Career; be seen for the talent you bring to your work. Explore opportunities within the Johnson & Johnson Family of Companies.
J2W:LI NA
J2W:DICE
Primary Location:North America-United States-New Jersey-Raritan
Organization: Johnson & Johnson Services Inc. (6090)
Job: Information Security
Certain sites within the Johnson & Johnson family of companies participate in E-Verify as appropriate in accordance with Company guidelines and federal or state law. To learn more about the government sponsored program and to see a list of the sites that are currently enrolled, please click here.
0 comments:
Post a Comment