Johnson & Johnson is recruiting for a hardworking cybersecurity professional for the Lead, Business Information Security, supporting J&J's corporate finance team. The location for this role is based in New Brunswick, NJ or Raritan, NJ.
J&J is the world's most comprehensive and broadly-based manufacturer of health care products and related services, for the pharmaceutical and medical devices markets. Johnson & Johnson has been caring for the world one person at a time for over 125 yeFars. The people of the Johnson & Johnson family of companies are inspired and united working with partners in healthcare touching the lives of over a billion people throughout the world. Johnson & Johnson embraces research and science bringing innovative ideas, products and services forward to advance the health and well-being of people everywhere.
Want more jobs like this?
Get jobs delivered to your inbox every week.
Johnson & Johnson thrives on a credo-based company culture, celebrating the uniqueness of our employees and is committed to diversity and inclusion. We are proud to be an equal opportunity employer.
The employee will work within J&J's Information Security & Risk Management (ISRM) department and support the cybersecurity of the Corporate Business Technology's (CBT) SigniFi solution including, SAP Central Finance (CFIN) and other related finance applications. This person will be a results-oriented self-starter who enjoys a fast-paced environment and is looking for chance to make a difference in the implementation of a revolutionizing program. They will have responsibility for all aspects of identifying and managing Cybersecurity risks related to the multi-million dollars, multi-year deployment of the Corporate Finance ERP transformational program (TranSCend). This individual will serve as a key point for all cybersecurity and IT internal control matters related to the program.
The candidate will be an SAP S/4 HANA and SOX controls subject matter expert that will work in close collaboration with the TranSCend Global Transformation project team and other key stakeholders to ensure a secure and compliant implementation including a business user access management governance framework.
Responsibilities:
- The primary responsibility will be to support all aspect of cybersecurity for the Trancend program implementation.
- Support the design of cybersecurity controls, ensure proper design implementation and assurance testing.
- Responsible for identifying risks related to the deployment prior to go-live and ensuring that appropriate mitigation/remediation plans are in place.
- Support the strategy for handling the different audit and SOX compliance activities
- Understand and promote risk management activities associated with external regulations and internal Johnson & Johnson policies such as IAPP, GxP, SOX, and GDPR
- Provide assurance to program leadership on the cybersecurity risk posture of the eco-system and processes, including performing and leading vendor/application assessments, design reviews, ranking risks, and consulting on remediation strategies.
- Facilitate education and training to the program team on cybersecurity and internal control procedures and controls.
- Communicate valuable metrics to senior leadership, including timely visibility of security incidents, vulnerabilities and issues.
- Plan and prioritize the integration of security measures in business projects during the design, development, and deployment phases.
Qualifications
- Bachelor's degree is strongly desired or equivalent years of industry experience
- A minimum of 4 years of progressive experience in Security, Technology or relevant discipline is required.
- Understanding of cybersecurity and internal controls and concepts
- Knowledge of security control framework and application in security by design is a MUST.
- Knowledge of Cloud security in SAP S/4Hana environment is highly preferred.
- Experience with SOX compliance, internal controls/Auditing/Testing of IT controls is a MUST.
- Solid grasp of current security threats, mitigation measures, and security vendors/technologies is required.
- Experience in identifying key security risks, and security controls, and providing consulting services to customers throughout the application implementation process is required.
- Experience working in fast-paced environments is required.
- Previous experience developing effective and strong partnerships is required.
- Excellent communication and collaboration skills, ability to network and influence all levels is a MUST.
- Foundational knowledge of regulatory requirements (e.g., SOX404, Privacy, HIPAA, GxP, cyber regulations) is preferred.
- Creative problem-solving skills and understanding of complex environments (data, application, middleware, network) is preferred.
- Security certifications such as CRISC, CISSP, CCSP, ISSAP, CISM, etc. are preferred.
The anticipated base pay range for this position is $91,000 to $147,000.
The Company maintains highly competitive, performance-based compensation programs. Under current guidelines, this position is eligible for an annual performance bonus in accordance with the terms of the applicable plan. The annual performance bonus is a cash bonus intended to provide an incentive to achieve annual targeted results by rewarding for individual and the corporation's performance over a calendar/performance year. Bonuses are awarded at the Company's discretion on an individual basis. • Please use the following language:
- Employees and/or eligible dependents may be eligible to participate in the following Company sponsored employee benefit programs: medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance.
- Employees may be eligible to participate in the Company's consolidated retirement plan (pension) and savings plan (401(k)).
- This position is eligible to participate in the Company's long-term incentive program.
- Employees are eligible for the following time off benefits:
- Vacation - up to 120 hours per calendar year
- Sick time - up to 40 hours per calendar year; for employees who reside in the State of Washington - up to 56 hours per calendar year
- Holiday pay, including Floating Holidays - up to 13 days per calendar year of Work, Personal and Family Time - up to 40 hours per calendar year
- Additional information can be found through the link below. https://www.careers.jnj.com/employee-benefits
The compensation and benefits information set forth in this posting applies to candidates hired in the United States. Candidates hired outside the United States will be eligible for compensation and benefits in accordance with their local market."
Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.