Manager, Cybersecurity - Supply Chain

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at https://www.jnj.com

Job Function:

Technology Enterprise Strategy & Security

Job Sub Function:

Multi-Family Technology Enterprise Strategy & Security

Job Category:

People Leader

All Job Posting Locations:

Courcelles, Hainaut, Belgium, Leeds, West Yorkshire, United Kingdom, Selzach, Switzerland, Umkirch, Germany, Zug, Switzerland

Job Description:

Johnson & Johnson is currently seeking a Manager in the Information Security & Risk Management (ISRM) organization supporting the MedTech Supply Chain – EMEA Distribution Sites. This position can be based in Courcelles - Belgium, Leeds – United Kingdom, Umkirch – Germany, Selzach – Switzerland, or any J&J MedTech site in EMEA.

This candidate will have a diverse background with strong business acumen, technology, and security expertise. He/she will be a strategic thinker who leads with impact inclusively, driving intentional change proactively, and be driven to keep up with industry trends in cybersecurity.  This role will embed directly with our J&J Technology and MedTech Supply Chain teams providing the security posture and the end-to-end security portfolio/capability roadmap to improve, identify, and remediate cyber security vulnerabilities.

You will work across ISRM demonstrating authentic leadership, driving results, and showing dedication to our Credo. Your scope includes global cyber security responsibility for MedTech internal Distribution Sites, external (3PL) Distribution Sites, and Application Security inclusive of Sarbanes-Oxley (SOX).

Responsibilities:

• Provide early/proactive engagement with project teams to drive business understanding and execution of the security capabilities and services needed for the projects; End to end support for large programs.

• Perform cybersecurity risk assessments of IT/OT assets within the distribution sites.

• Drive the OT cybersecurity capability adoption across sites to secure IT/OT assets and enable safe & secure innovation.

• Provide tailored security guidance (based on risk and complexity) by interpreting and applying the internal cybersecurity policy requirements and standards for innovative IT/OT initiatives.

• Lead the cyber operational portfolio from identification > consulting remediation plan > completion partnering across ISRM, business, and technology teams.

• Establish data analytics to provide security posture across business platforms, functions, and sites.

• Proactively promotes the importance of cybersecurity across the sector and sites.

• Assist the Security Operations Center (SOC) with security incident investigation activities; work closely with business teams to support affected users and be the liaison with central investigation teams.

• Drive business understanding of critical cybersecurity regulations and ensuring solutions are compliant (NIST, NIS2, Safe Data, Zero Trust, etc.).

• Support the global deployment of security initiatives with awareness sessions, identify alternative ways of working to avoid business disruptions, and review exception requests

• Provide audit support as the liaison between corporate audit functions from pre-work to consulting remediation plans.

Qualifications: 

• 6+ years of related experience in leadership and execution roles within Cybersecurity or Risk Management with background in Supply Chain required.

• Bachelor’s degree in computer science, information technology, business administration, or another rigorous discipline is required.

• 5+ years of hands-on experience in delivering technology; and cybersecurity design and capabilities required.

• Direct working and/or supporting experience of Supply Chain applications and Sarbanes-Oxley compliance is required.

• Understanding of IEC 62443, NIST 800-53, and 800-82 required.

• Ability to independently complete tasks accurately and thoroughly is required.

• Strong understanding of security data protection and capabilities in a manufacturing and/or distribution site is required.

• Certifications in cybersecurity (CISM, CISSP, GICSP, ISA-62443), audit (CISA), manufacturing, or risk management (CRISC) are preferred.

• Excellent communication and collaboration skills, able to network, interface and influence at all levels of the organization, cross-functionally and globally, establishing oneself as an inspiring leader with expertise in space.

• Strategic mindset to develop capability roadmaps that will enable proactive reliability through data & automation.

• Experience in working/securing various levels of enterprise architecture (data, application, host, middleware, network, Infrastructure).

• Solid understanding of current security threats, mitigation measures, and security vendors/technologies.

• Leading diverse team members with varying cybersecurity experience and proficient in resource allocation and planning to meet business needs.

• Big picture perspective and attention to detail focus to align strategic and tactical security aspects.