Johnson & Johnson
Director, Business Information Security - TO&R
Johnson & Johnson, Raritan, NJ
DescriptionJohnson & Johnson is currently seeking a Director, Business Information Security - TO&R to be located onsite in NJ, PA or EMEA J&J location. At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at .For more than 130 years, diversity, equity & inclusion (DEI) has been a part of our cultural fabric at Johnson & Johnson and woven into how we do business every day. Rooted in Our Credo, the values of DEI fuel our pursuit to create a healthier, more equitable world. Our diverse workforce and culture of belonging accelerate innovation to solve the world’s most pressing healthcare challenges.We know that the success of our business – and our ability to deliver meaningful solutions – depends on how well we understand and meet the diverse needs of the communities we serve. Which is why we foster a culture of inclusion and belonging where all perspectives, abilities and experiences are valued, and our people can reach their potential.At Johnson & Johnson, we all belong.The Director will lead the Business Information Security for Technology Operations and Risk. Drive Cyber Trust and Security by Design through consulting, engagement, and assurance. Partner with business leadership teams eg. Quality, Procurement, Facilities, Brand Protection, HCC, Trade etc. on setting the strategy for embedding cyber security into business initiatives, improving risk posture, secure critical intellectual property, protect sensitive assets, improve site security, and enhance business resiliency. Manage the Business Information Security Team to deliver and secure large and complex portfolios while providing strategic direction, setting performance expectations, and making important decisions that impact the team's performance.Responsibilities:• Security Risk Management and consulting oversighto Focus on key business strategic initiatives, ensuring security by design. Serve as a liaison between ISRM and business leadership, relaying feedback from the customer and business leaders to the ISRM leadership.o Provide strategic direction related to cybersecurity, setting performance expectations for technical deployments and leadership behaviors, and making important decisions that impact the team's performance and ways of working.o Enable the ISRM Cyber Trust Strategy by engaging with key stakeholders/senior management and their teams to maintain a level of awareness around cyber risks and proper controls needed to mitigate risks due to ever changing regulatory, geopolitical and third-party risks. o Business Engagement on large program, providing overall consulting on security by design, proactive business planning for project security requirements.• Provide forward looking input to ISRM capabilities roadmap to enable accelerating digital transformation, support ISRM capabilities deployment for the business including awareness, business impact, exceptions handling (e.g., Safe Data)• Security communications and education to the executive team. Highlight insights and recommended actions derived from metrics and reporting to senior ISRM and Business leadership on status of compliance to cybersecurity requirements and risks.• Strategic planning and direction setting for business planning.QualificationsRequired: • Bachelor’s degree required, preferably in Cybersecurity, Engineering, Computer Science or other relevant life science degree.• At least 10 years of experience in technology with at least 5 years within Cybersecurity • At least 5 years of people management experience• Deep understanding of cybersecurity controls and concepts including industry cybersecurity frameworks and certifications• Security expertise in one or more of the following: Application security, cloud, infrastructure technology, Supply Chain resiliency, Third Party, Data Science, and Digital technology• Experience with collaborating and building relationships with key senior stakeholders• Strong communication skills• Experience with supporting their teams’ professional growth and development through a defined career path• Exhibit Commitment to Our Credo, (who we are and what we believe) by ensuring we are attracting, developing, and retaining talent that reflect the communities our teams serve• Ability to influence and drive Adoption of Enterprise Secure Software Development Processes and Tools• Ability to prioritize activities to deliver Cybersecurity by Design and Comprehensive, Effective Risk Management by JJT• Strong financial and business acumen, experience with setting strategic direction, business planning• Ability to provide Leadership & Representation in External Industry Working Groups• Ability to travel up to 5% of the timePreferred: • MS in Cybersecurity/MBA • Security certifications such as CRISC, CISSP, CCSP, ISSAP, CISM, etc.The compensation and benefits information set forth in this posting applies to candidates hired in the United States. Candidates hired outside the United States will be eligible for compensation and benefits in accordance with their local market.The anticipated base pay range for this position is $142,000 to $244,950.The Company maintains highly competitive, performance-based compensation programs. Under current guidelines, this position is eligible for an annual performance bonus in accordance with the terms of the applicable plan. The annual performance bonus is a cash bonus intended to provide an incentive to achieve annual targeted results by rewarding for individual and the corporation’s performance over a calendar/performance year. Bonuses are awarded at the Company’s discretion on an individual basis.• Employees and/or eligible dependents may be eligible to participate in the following Company sponsored employee benefit programs: medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance.• Employees may be eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)).• This position is eligible to participate in the Company’s long-term incentive program.• Employees are eligible for the following time off benefits:o Vacation – up to 120 hours per calendar yearo Sick time - up to 40 hours per calendar year; for employees who reside in the State of Washington – up to 56 hours per calendar yearo Holiday pay, including Floating Holidays – up to 13 days per calendar year of Work, Personal and Family Time - up to 40 hours per calendar year• Additional information can be found through the link below. https://www.careers.jnj.com/employee-benefitsJohnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.For more information on how we support the whole health of our employees throughout their wellness, career and life journey, please visit www.careers.jnj.com.Job Field: Security & ControlsOrganization: Johnson & Johnson Services Inc. (6090)