Manager, Business Information Security Officer(BISO)

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at https://www.jnj.com

Job Function:

Technology Enterprise Strategy & Security

Job Sub Function:

Security & Controls

Job Category:

Scientific/Technology

All Job Posting Locations:

Singapore, Singapore

Job Description:

Johnson & Johnson, through its operating companies, is the world's most comprehensive and broadly based manufacturer of health care products, as well as a provider of related services, for the consumer, pharmaceutical, and medical device markets. We strive to provide scientifically sound, high-quality products and services to help heal, cure disease and improve the quality of life.

Thriving on a diverse company culture, celebrating the uniqueness of our employees, and committed to inclusion. Proud to be an equal opportunity employer.

The Manager, Business Information Security Officer(BISO) is a results-oriented self-starter who enjoys a fast-paced environment and is looking for opportunity to influence change in an established organization. He/She is responsible for all aspects of identifying and managing security risk and serve as the focal point for all information asset protection matters. Based Singapore this role will support Johnson & Johnson business units in collaboration with Johnson & Johnson Technology partners in Asia Pacific.

Responsibilities:

• Responsible for driving Information Security & Risk Management(ISRM) activities and projects in Asia in alignment with J&J Corporate directive.

• Ensure that J&J information assets are appropriately identified, valued, and protected by complying with and enforcing all local and worldwide security policies.

• Act as a liaison to the business and IT to coordinate and manage security and risk management activities as required. 

• Proactively drive risk-based business strategies anticipating business needs.

• Participate in business planning to ensure information security and risk management capabilities are appropriately considered and included in plans. 

• Plan and prioritize the integration of security measures in business projects during the design, development and deployment phases.

• Provide expertise in Information Security & Risk Management and Enterprise Information Security Architecture to ensure that technology solutions meet all requirements and standards.

• Lead efforts to apply risk management processes in projects, identify and track risks, recommend solutions, validate remediation plans and facilitate implementation.

• Actively advise, assess and lead Business and IT stakeholders in the development of secure information systems and solutions in line with organization’s cybersecurity architecture, IAPP policies and regulatory requirements.

• Work with IT, QA, Regulatory, CIA and business colleagues to ensure audit readiness and to prepare for internal and external audits. 

• Lead activities for audit preparation, hosting and follow-up activities and to propose strategies to improve performance in audits.

• Facilitate education and training to the organization on Information Security & Risk Management procedures and controls.

• Communicate with and report value-added metrics to management and senior leadership.

• Prompt reporting of security incidents or significant security problems to appropriate personnel.

• Serve as the primary point of contact for security issues for their area of influence.

Qualifications:

• A Bachelor’s degree in the field of computer science, information technology, business administration, or another rigorous discipline is required

• A minimum of 8 years of progressive experience in hands-on Technology roles with Cybersecurity exposure(preferred)

• A minimum of 5 years of experience in design and implementation of enterprise (security) architecture, cloud security (e.g. AWS, Azure) and/or development of IT solutions or services.

• Experience in working/securing various levels of the enterprise architecture (data, application, host, middleware, network, Infrastructure)

• Solid understanding of current security threats, mitigation measures and security vendors/technologies.

• Experience with implementation or review of compliance with international security standards or regulations.

• Experience working in complex, fast-paced environments

• Experience managing internal and external audits

• Results Orientation/Sense of Urgency – ability to drive to tight timelines

• Excellent interpersonal skills

• Creative problem-solving skills

• Excellent communication and collaboration skills, able to network, interface and influence at all levels of the organization, cross sector, cross-functionally and globally

• Proven ability to influence/collaborate to get to desired result

• Security certifications such as CISSP, CCSP, ISSAP, CISM, etc.

*This role is not eligible for relocation.