Cybersecurity Manager, MedTech R&D

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at ;br>
Job Function:
Technology Enterprise Strategy & Security

Job Sub Function:
Security & Controls

Job Category:
Scientific/Technology

All Job Posting Locations:
Chicago, Illinois, United States, New York, New York, United States, Philadelphia, Mississippi, United States, Raritan, New Jersey, United States of America

Job Description:

Johnson & Johnson is currently seeking a Cybersecurity Manager - MedTech R&D in Information Security & Risk Management (ISRM) organization. This position can be based in Raritan, NJ or remotely in the United States.

An internal pre-identified candidate for consideration has been identified. However, all applications will be considered.

This candidate will have a unique background with strong intuition for business, technology, and security expertise. They will be a strategic problem solver who will partner closely with Technology and Business to lead with impact, drive security culture changes and stay updated with industry trends in cybersecurity.

The role supporting Vision, Heart Recovery and Circulatory Restoration businesses within the Medical Technologies sector. In this role the individual will be the cybersecurity partner to support the secure development and implementation of innovative technology solutions, secure assets and protect IP across the R&D labs and enable data protection in clinical trial operations. The individual will work across ISRM demonstrating authentic leadership, influencing results, and showing dedication to our Credo.

Responsibilities:

• Provide early/proactive engagement with project teams to drive business understanding and execution of the security capabilities and services needed for innovative technology solutions; End to end support for large programs.
• Provide tailored security guidance (based on risk and complexity) - Interpret & apply the IAPP requirements and standards for unique technology and business initiatives.
• Drive cybersecurity adoption across R&D labs and sites (Vision, Heart Recovery and Circulatory Restoration) to secure IT/OT assets and enable safe & secure innovation.
• Drive the strategy and adoption of cybersecurity standard methodologies across clinical operations (Vision, Heart Recovery and Circulatory Restoration) to protect J&J and patient data across clinical study processes and systems
• Lead the cyber operational portfolio from identification > consulting remediation plan > completion across ISRM, business, and technology teams.
• Establish data analytics to provide security posture across the business units, functions, and sites.
• Assist the Security Operations Center (SOC) with security incident investigation activities; work closely with business teams to support affected users and provide liaison with central investigation team.
• Drive business understanding of critical cybersecurity regulations and ensuring solutions are compliant (NIST, NIS2, Safe Data, etc.).
• Support the global deployment of security initiatives with awareness sessions, identify alternative ways of working to avoid business disruptions, and review exception requests

Qualifications:

• Bachelor's degree or equivalent experience in computer science, information technology, business administration, or related subject area is required. Masters or equivalent experience preferred.
• 5+ years of working in IT and/or Engineering with a security focus is required, including hands-on implementation level understanding of key security technologies and controls (e.g., access control, IDP/IDR, anti-malware, patch management, encryption technologies, forensics etc.)
• Direct working and/or supporting experience for Research and Development functions is required.
• Experience in leading/performing security assessments and providing security assurance across various levels of the enterprise architecture (data, application, host, middleware, network, Infrastructure) to ensure data protection
• Solid grasp of current security threats, mitigation measures, and security vendors/technologies.
• Experience with cloud security (e.g., AWS, Azure, Salesforce)
• Experience with security standards (e.g., ISO27001, HiTrust, NIST, etc.) is required. Certifications in cybersecurity (CISM, CISSP, ISA-62443), audit (CISA), or risk management (CRISC) are preferred.
• Awareness of security trends in process, tooling, and threats
• Good understanding and exposure to data visualization tools such as PowerBI, Tableau etc.
• Big picture perspective and attention to detail focus to align strategic and tactical security aspects.
• Ability to collaborate, network and influence all levels of the organization, cross sector, cross-function and global and establish oneself as an inspiring leader with expertise in space.
• Superb communication and collaboration skills, able to network, interact and influence at all levels of the organization, cross sector, multi-functionally and globally.
• Strategic attitude to develop capability roadmaps that will enable proactive reliability through data & automation.
• Experience leading and influencing security audits (e.g., SOC Type 2 reporting, PCI, ISO 27001) is preferred

Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.

Johnson and Johnson is committed to providing an interview process that is inclusive of our applicants' needs. If you are an individual with a disability and would like to request an accommodation, please email the Employee Health Support Center () or contact AskGS to be directed to your accommodation resource.

The anticipated base pay range for this position is :
$100,000 - $172,500

Additional Description for Pay Transparency:
The Company maintains highly competitive, performance-based compensation programs. Under current guidelines, this position is eligible for an annual performance bonus in accordance with the terms of the applicable plan. The annual performance bonus is a cash bonus intended to provide an incentive to achieve annual targeted results by rewarding for individual and the corporation's performance over a calendar/performance year. Bonuses are awarded at the Company's discretion on an individual basis. Employees and/or eligible dependents may be eligible to participate in the following Company sponsored employee benefit programs: medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance. Employees may be eligible to participate in the Company's consolidated retirement plan (pension) and savings plan (401(k)). Employees are eligible for the following time off benefits: Vacation - up to 120 hours per calendar year Sick time - up to 40 hours per calendar year; for employees who reside in the State of Washington - up to 56 hours per calendar year Holiday pay, including Floating Holidays - up to 13 days per calendar year of Work, Personal and Family Time - up to 40 hours per calendar year Additional information can be found through the link below.