Cybersecurity Lead MedTech R&D

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at jnj.com

As guided by Our Credo, Johnson & Johnson is responsible to our employees who work with us throughout the world.  We provide an inclusive work environment where each person is considered as an individual.  At Johnson & Johnson, we respect the diversity and dignity of our employees and recognize their merit.

Job Function:

Technology Enterprise Strategy & Security

Job Sub Function:

Security & Controls

Job Category:

Scientific/Technology

All Job Posting Locations:

Alabama (Any City), Alabama (Any City), Alaska (Any City), Arizona (Any City), Arkansas (Any City), California (Any City), Colorado (Any City), Connecticut (Any City), Delaware (Any City), Florida (Any City), Georgia (Any City), Hawaii (Any City), Idaho (Any City), Illinois (Any City), Indiana (Any City), Iowa (Any City), Irvine, California, United States of America, Kansas (Any City), Kentucky (Any City), Louisiana (Any City), Maine (Any City), Maryland (Any City), Massachusetts (Any City), Michigan (Any City), Minnesota (Any City) {+ 27 more}

Job Description:

We are searching for top talent for Cybersecurity Lead, You will be the Business Information Security partner for MedTech R&D. This position can be based in Raritan, NJ or Irvine, CA, or remotely in the US

This candidate will have a diverse background with strong business acumen, technology, and security expertise. He/she will be a strategic thinker who will partner closely with Technology and Business to lead with impact, drive security culture changes and stay updated with industry trends in cybersecurity.

The role is part of the Information Security & Risk Management (ISRM) organization supporting Electrophysiology business within the Medical Technologies sector. In this role the individual will be the cybersecurity partner to support the secure development and implementation of innovative technology solutions, secure assets and protect IP across the R&D labs and workspaces. The individual will work across ISRM demonstrating authentic leadership, driving results, and showing dedication to our Credo.

Responsibilities:

• Provide early/proactive engagement with project teams to drive business understanding and execution of the security capabilities and services needed for innovative technology solutions; End to end support for large programs.

• Provide tailored security guidance (based on risk and complexity) - Interpret & apply the IAPP requirements and standards for unique technology and business initiatives.

• Drive cybersecurity adoption across R&D labs and sites (Electrophysiology) to secure IT/OT assets and enable safe & secure innovation.

• Lead the cyber operational portfolio from identification > consulting remediation plan > completion partnering across ISRM, business, and technology teams.

• Establish data analytics to provide security posture across the business units, functions, and sites.

• Assist the Security Operations Center (SOC) with security incident investigation activities; work closely with business teams to support affected users and provide liaison with central investigation team.

• Drive business understanding of critical cybersecurity regulations and ensuring solutions are compliant (NIST, NIS2, Safe Data, etc.).

• Support the global deployment of security initiatives with awareness sessions, identify alternative ways of working to avoid business disruptions, and review exception requests

• Drive and manage security gap assessments/remediation efforts and support integration activities for the R&D portfolio for key acquisitions

Qualifications: 

• Bachelor’s degree in computer science, information technology, cybersecurity, business administration, or another rigorous discipline is required.

• 5+ years of working in IT, OT, and/or Engineering with a security focus is required, including hands-on implementation level understanding of key security technologies and controls (e.g., access control, IDP/IDR, anti-malware, patch management, encryption technologies, forensics etc.)

• Direct working and/or supporting experience for Research and Development functions is required.

• Experience in leading/performing security assessments and providing security assurance across various levels of the enterprise architecture (data, application, host, middleware, network, Infrastructure) to ensure data protection

• Solid understanding of current security threats, mitigation measures, and security vendors/technologies.

• Experience with cloud security (e.g., AWS, Azure, Salesforce)

• Experience with security standards (e.g., ISO27001, HiTrust, NIST, etc.) is required. Certifications in cybersecurity (CISM, CISSP, ISA-62443), audit (CISA), or risk management (CRISC) are preferred.

• Awareness of security trends in process, tooling, and threats

• Good understanding and exposure to data visualization tools such as PowerBI, Tableau etc.

• Big picture perspective and attention to detail focus to align strategic and tactical security aspects.

• Ability to collaborate, network and influence all levels of the organization, cross sector, cross-function and global and establish oneself as an inspiring leader with expertise in space.

• Excellent communication and collaboration skills, able to network, interface and influence at all levels of the organization, cross sector, cross-functionally and globally.

• Experience leading and influencing security audits (e.g., SOC Type 2 reporting, PCI, ISO 27001) is preferred

Other:

This may require up to 10% travel.

Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.

Johnson & Johnson is committed to providing an interview process that is inclusive of our applicants’ needs. If you are an individual with a disability and would like to request an accommodation, external applicants please contact us via https://www.jnj.com/contact-us/careers, internal employees contact AskGS to be directed to your accommodation resource

#JNJTech

#LI-Remote

Required Skills:

Preferred Skills:

Communication, Corrective and Preventive Action (CAPA), Critical Thinking, Information Security Auditing, Information Security Management System (ISMS), Information Technology (IT) Security Assessments, Information Technology Strategies, Mentorship, Network Optimization, Presentation Design, Process Optimization, Report Writing, Security Policies, Technical Credibility, Technologically Savvy, Training People, Vulnerability Assessments

The anticipated base pay range for this position is :

$94,000.00 - $151,800.00

Additional Description for Pay Transparency:

Subject to the terms of their respective plans, employees are eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)).
Subject to the terms of their respective policies and date of hire, employees are eligible for the following time off benefits:
Vacation –120 hours per calendar year
Sick time - 40 hours per calendar year; for employees who reside in the State of Colorado –48 hours per calendar year; for employees who reside in the State of Washington –56 hours per calendar year
Holiday pay, including Floating Holidays –13 days per calendar year
Work, Personal and Family Time - up to 40 hours per calendar year
Parental Leave – 480 hours within one year of the birth/adoption/foster care of a child
Bereavement Leave – 240 hours for an immediate family member: 40 hours for an extended family member per calendar year
Caregiver Leave – 80 hours in a 52-week rolling period10 days
Volunteer Leave – 32 hours per calendar year
Military Spouse Time-Off – 80 hours per calendar year