Johnson & Johnson is currently recruiting for a Manager Infrastructure Security & Controls for their Information Security & Risk Management Group. The primary location for this position with be Raritan, NJ, with possible 20% domestic and international travel.
Johnson & Johnson Family of Companies, caring for the world, one person at a time has inspired and united the people of Johnson & Johnson for 125 years. We embrace research and science -- bringing innovative ideas, products and services to advance the health and well-being of people. Employees of the Johnson & Johnson Family of Companies work with partners in health care to touch the lives of over a billion people every day, throughout the world.
With $70.1 billion in 2015 sales, Johnson & Johnson is the world's most comprehensive and broadly based manufacturer of health care products, as well as a provider of related services for the consumer, pharmaceutical, and medical devices and diagnostics markets. The more than 250 Johnson & Johnson operating companies employ approximately 127,000 people in 60 countries throughout the world.
We are thriving on a diverse company culture, celebrating the uniqueness of our employees and committed to inclusion. We are proud to be an equal opportunity employer.
The Manager will have responsibilities for security and internal controls in support of Global Technology Services (GTS). He/she will serve as the Risk Management expert in supporting internal GTS teams, projects and internal control audits. Serves as the ISRM liaison and have direct interaction with GTS management and internal controls audit teams. Provides expertise in security and internal controls to ensure that technology solutions meet requirements and standards.Major Duties & Responsibilities
- 40% - Provides subject matter expertise to GTS infrastructure teams where IT risk management issues are involved, have potential implications for the business, and/or impact regions or functions, regulatory areas or technology platforms. Helps to strategize the risk management approach for projects and develop processes for effective risk management.
- 20% - Proactively assesses the impact of regulatory and other security and internal control changes on GTS and IT processes and advises management on the implications of costs, performance issues, risks and business needs
- 15% - Leads in audit preparation activities, ensures audit readiness, hosts and supports audits (depending on function), and explains risk management tools and methodologies. Facilitates in the delivery of information and response and remediation to audit observations for internal and external audits.
- 15% - Works with devops teams in building and automating builds for J&J’s infrastructure environment, including review and development of automation scripts for implementing and assuring security and controls configuration.
- 10% - Analyses complex business and competitive issues and discerns their implications for risk management.
- Lead the analysis of more complex and sensitive security or internal controls activities and recommends remediation
- Anticipates complex risks and issues based on understanding of business trends and the goals and objectives of the GTS Infrastructure community
- Evaluates and ensures the resolution of complex compliance issues, critical incidents and/or crisis resolution management, with limited need for escalation
- Proactively assesses the impact of regulatory and other Security and Internal Control changes on IT processes and advises executive management on the implications of costs, performance issues, risks and business needs
- Obtains and shares in-depth knowledge of future trends, tools, procedures and systems in security, internal controls and risk management
- Reviews or prepares reports or documents on risk management to be communicated to GTS, IT and J&J senior management in complex situations
- Proactively supports management expectations, advising on optimal approaches and resolving conflicts between internal controls, information security requirements, compliance and project/business constraints
- Develops risk management strategies that will support the business into the future based on understanding of changing business needs
- Leads in the development of networks of internal and external business partners, suppliers, the technical/legal community and consultants
- Bachelor degree, or minimum university degree equivalent is highly preferred.
- Minimum of 8 years of related Information Risk Management Experience or 6+ years with advanced degree.
- Considered a subject matter expert on Information Security, IT Risk Management, IT Internal Controls and/or SOX Compliances.
- Software Development experience, especially related to infrastructure (SDDC) virtualization automation preferred.
- Broad experience on internal and external audits, including audit preparation, support and remediation is preferred.
- GxP background and/or privacy regulations background are preferred.
- Presents effectively to a senior audience.
- Experience with tools and applications managing Governance, Risk and Compliance.
- Effectively works with and/or leads virtual, global teams – including diverse groups of people with varied backgrounds and cultural experiences.
- Knowledge of key business processes required.
- Working knowledge of COBIT and / or ITIL is preferred
- The following certifications are preferred:
- ISRM - Information Security & Risk Management
- CISSP - Certified Information Systems Security Professional
- CISM - Certified Information Security Manager
- CISA – Certified Information Systems Auditor
United States-New Jersey-New BrunswickOther Locations
North America-United States-New Jersey-RaritanOrganization
Johnson & Johnson Services Inc. (6090)Job Function
Information SecurityRequisition ID