Johnson & Johnson is recruiting for a Senior Manager, GRC Process & Controls located in Raritan, NJ or Beerse, Belgium.

The Sr. Manager, GRC Process & Controls, will be responsible for developing, maintaining and continuously enhancing GRC and assessment processes, ensuring GRC cyber policies and processes are in alignment with industry standard control frameworks, and identifying automation opportunities across the cyber risk management function. They will collaborate with other GRC and risk management leaders, security assessment team leaders, the security architecture and innovation team and ISRM BIS teams in performance of their responsibilities.

Key Responsibilities:

• Lead the maintenance and enhancement of a controls framework, in alignment with industry standards, and support response to audits and inquiries.
• Oversee and/or maintain controls mapping between internal security policies and controls frameworks.
• Monitor changes in laws, regulations, and standards to understand impact to controls and compliance.
• Collaborate with internal security teams to ensure the broader processes and operating procedures are in alignment with the controls framework.
• Develop, maintain, and continuously enhance GRC processes.
• Identify and drive opportunities for automated verification of controls, both during initial assessment and on an ongoing basis.
• Define requirements for the GRC tool to support the controls framework and assessments and partner with the GRC Solutions team on implementation.
• Collaborate with the SDLC and Asset Management teams to ensure alignment with the defined controls framework and assessments.
• Support special projects in the GRC and Risk Management space.

• A bachelors degree is required, preferably in Computer Science, Engineering or Information Security/Cybersecurity.

• 8+ years of Information Security/IT Risk Management experience with growing responsibilities.
• 4+ years of direct experience with cybersecurity control frameworks and standards and development of assessments based on control standards.
• Experience with security GRC tools and control mappings with industry standards and compliance controls (e.g. ServiceNow, Archer, Fusion, HIPAA, PCI-DSS, etc.).
• Demonstrable record of effectively collaborating with virtual, global teams, including diverse groups of people with varied backgrounds and cultural experiences.
• Strong analytical and results-oriented problem-solving skills.
• Strong interpersonal skills to build and maintain relationships with internal stakeholders.
• Experience at a large multinational organization.

• Certifications in cybersecurity (CISM, CISSP), audit (CISA), or risk management (CRISC).
• Experience with Unified Compliance Framework (UCF).

• 10% Travel

• Employees and/or eligible dependents may be eligible to participate in the following Company sponsored employee benefit programs: medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance.
• Employees may be eligible to participate in the Company's consolidated retirement plan (pension) and savings plan (401(k)).
• Employees are eligible for the following time off benefits:
• Vacation - up to 120 hours per calendar year
• Sick time - up to 40 hours per calendar year; for employees who reside in the State of Washington - up to 56 hours per calendar year
• Holiday pay, including Floating Holidays - up to 13 days per calendar year of Work, Personal and Family Time - up to 40 hours per calendar year
• Additional information can be found through the link below. https://www.careers.jnj.com/employee-benefits