A&D Cybersecurity Manager

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at ;br>
Job Function:
Technology Enterprise Strategy & Security

Job Sub Function:
Security & Controls

Job Category:
Scientific/Technology

All Job Posting Locations:
Alexandria, Virginia, United States, Alexandria, Virginia, United States, Anchorage, Alaska, United States, Annapolis, Maryland, United States, Atlanta, Georgia, United States, Austin, Texas, United States, Bangor, Maine, United States, Bellingham, Washington, United States, Billings, Montana, United States, Birmingham, Alabama, United States, Boise, Idaho, United States, Boston, Massachusetts, United States of America, Burlington, Vermont, United States, Charleston, South Carolina, United States, Charleston, West Virginia, United States, Chattanooga, Tennessee, United States, Columbus, Ohio, United States, Concord, New Hampshire, United States, Denver, Colorado, United States, Detroit, Michigan, United States, Dover, Delaware, United States, Fargo, North Dakota, United States, Fayetteville, Arkansas, United States, Hartford, Connecticut, United States, Honolulu, Hawaii, United States {+ 25 more}

Job Description:

At Johnson & Johnson, the A&D Security manager role is a cornerstone of our acquisition and divestiture strategy, driving the implementation of cutting-edge security measures to protect our business. This position supports cybersecurity assessments to pinpoint vulnerabilities in potential targets and partners with cross-functional teams to embed robust security controls. By aligning with Johnson & Johnson's security framework, this role safeguards critical data and assets throughout the A&D process, directly fueling the success of our strategic goals.

This position is eligible to work anywhere in the United States, but is required to work a hybrid schedule and report to a J&J office.

Key Responsibilities:

• Implementation: Execute security strategies that support A&D objectives, driving effective delivery of initiatives across the lifecycle of an integration or divesture.
• Manage Daily Operations: Lead all aspects of workflows to maintain consistent ties with security standards and business objectives
• Identify Risks and Impacts: Detect vulnerabilities and assess their financial implications to inform remediation plans and deal terms.
• Conduct Assessments: Assist in initial evaluations and cybersecurity due diligence on A&D targets to identify risks early
• Secure our acquisitions/divestures: Implement and maintain monitoring and reporting processes and technologies (hands on) to ensure A&D activities risks are managed

Qualifications

Education:

• BA/BS or equivalent work experience, Prefered in Computer Sciences / Information Security

Experience and Skills:

Required:

• Cybersecurity Expertise: Proficiency in frameworks, regulations, and standard methodologies, including NIST CSF, ISO 27001, and GDPR.
• Threat Management: In-depth knowledge of cybersecurity controls, current threats, and effective mitigation techniques.
• Analytical Acumen: Solid skills in analyzing complex data and solving problems to support informed, strategic decisions.
• Communication Mastery: Exceptional written and verbal skills to collaborate effectively with diverse partners
• Technical Proficiency: Hands-on experience with risk assessment tools and security monitoring technologies with 3 years of demonstrated ability
• Vendor Oversight: Validated ability to lead vendor relationships and conduct third-party risk assessments.
• Adaptability: Agility in responding to evolving cybersecurity technologies and threats.

Preferred:

• Possession of relevant certifications such as CRISC, CISSP, CCSP, ISSAP, CISM, or CASP+.
• Hands-on experience with cybersecurity technologies, including firewalls, intrusion detection/prevention systems (IDS/IPS), and encryption solutions.
• Experience in the cybersecurity aspects of mergers and acquisitions, including due diligence, integration planning, and compliance with data privacy regulations such as CCPA, HIPAA, and GDPR.
• Proficiency in security management tools (e.g., SIEM systems, vulnerability scanners, identity management solutions).
• Familiarity with project management methodologies (e.g., Agile, Waterfall) to support security initiatives.
• Expertise in applying risk management frameworks and methodologies (e.g., NIST RMF, ISO 31000) to assess and mitigate cybersecurity risks, particularly in the context of acquisitions and divestitures.
• Practical experience in cloud security principles and practices, with a focus on major platforms like AWS, Azure, or Google Cloud.

Other:

• 10% Travel domestic and/or international required

Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.

Johnson and Johnson is committed to providing an interview process that is inclusive of our applicants' needs. If you are an individual with a disability and would like to request an accommodation, please email the Employee Health Support Center () or contact AskGS to be directed to your accommodation resource.

The anticipated base pay range for this position is :
$100,000-$172,500

Additional Description for Pay Transparency:
Subject to the terms of their respective plans, employees and/or eligible dependents are eligible to participate in the following Company sponsored employee benefit programs: medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance. Subject to the terms of their respective plans, employees are eligible to participate in the Company's consolidated retirement plan (pension) and savings plan (401(k)). Subject to the terms of their respective policies and date of hire, Employees are eligible for the following time off benefits: Vacation -120 hours per calendar year Sick time - 40 hours per calendar year; for employees who reside in the State of Washington -56 hours per calendar year Holiday pay, including Floating Holidays -13 days per calendar year Work, Personal and Family Time - up to 40 hours per calendar year Parental Leave - 480 hours within one year of the birth/adoption/foster care of a child Condolence Leave - 30 days for an immediate family member: 5 days for an extended family member Caregiver Leave - 10 days Volunteer Leave - 4 days Military Spouse Time-Off - 80 hours Additional information can be found through the link below.