Information Security Risk Management Supply Chain Deliver Manager

Johnson and Johnson is recruiting for an Information Security Risk Management Supply Chain Deliver Manager located in Raritan, NJ, Springhouse, PA or Horsham, PA! As part of the Information Security Risk Management Supply Chain group, the Information Security Risk Management Supply Chain Deliver Manager is responsible for the shaping and implementation of the security program which spans Johnson and Johnson’s logistics and distribution centers, logistics applications, and vendors globally, including application security, infrastructure security, industrial IoT, distribution center automation equipment and ICS and third-party vendor risk. The role focuses on crafting and running the cybersecurity program to: Provide consulting to IT and engineering teams on standards, design, implementation, and testing of secure IT and OT (ICS/Distribution Centre Automation) and networks and infrastructure. Provide assurance to senior leadership on the cyber security risk posture of the logistics capabilities within J&J’s global supply chain, including performing and managing assessments and design reviews of current and to-be solutions and environments, ranking risks and providing coaching and guidance on remediation. Shape strategy for security capabilities needed, influence business funding and adoption and partner in the selection and deployment of those capabilities. Influence the cyber security strategy for the J&J global supply chain. Monitor the industry landscape for emerging threats, technologies and capabilities. Key Responsibilities: Manage the execution of the cyber security program for logistics, including: Manage complex network of senior stakeholders in the region across both Logistics and Customer Connectivity product lines, JJTS, Regional Deliver BTL, regional Engineering teams, facilities, compliance groups and others. Plan and prioritize work based on business value across product lines balancing risk and available resource, including project work, ongoing assessments of distribution centers, customer call centers, applications, and vendors as well as periodic renewals of Business Partner Risk Assessments, Risk Acceptance Documents and External Business Partner networking connections. Provide security SME consulting and design reviews in support of technology projects. Obtain buy in, scheduled and then perform assessments of cyber security risk posture of logistics technology, sites and vendors. Rank risks, provide solution/remediation guidance and influence adoption. This is across full-stack Information Technology and Operational Technology solutions (applications, databases, infrastructure, networks, industrial Internet of Things, automation equipment), Distribution Center site cyber security and 3rd party cyber security. Manage metrics and dashboards to enable effective management of risk. Build and maintain relationships with leaders to the Senior Director level within areas of responsibility to provide assurance on security risk and influence direction of resources to appropriate mitigations. Continuously improve the cyber security program, for example: Support identification and implementation of security tools and design patterns (e.g. firewall deployments, IDR, AV, SIEM, deception technology). Develop technical standards, associated training materials and implementation guidance. Drive process improvements and productivity gains to drive increasing value from existing resources. Coach and develop the internal direct team and establish a network of security champions within the distribution centers globally. Actively monitor new threats and vulnerabilities, advising IT and Engineering teams on appropriate actions to address them. Qualifications Education: At least a Bachelor's degree is required. Experience and Skills: Required: A minimum of 5 years of experience working in IT and/or Engineering with a security focus is required, including hands-on implementation level understanding of key security technologies and controls (e.g. remote access, access control, firewalls, IDP/IDR, anti-malware, patch management, encryption technologies, forensics etc.) Experience analyzing IT and Operational Technology architecture to identify security gaps and crafting solutions. Experience performing security audits and assessments based on technical security frameworks such as NIST 800-53/800-82, ISO 27001, IEC 62433, RG 5.71, NEI 08-09, etc. Solid understanding of the security landscape including trends in process, tooling and threats. Understanding of cloud, virtualized environments and emerging digital capabilities. Demonstrable track record of working within large projects and leading multiple competing priorities. Big Picture/Attention to Detail – align strategic and tactical security aspects. Results Orientation/Sense of Urgency – ability to aim to tight timelines. Excellent interpersonal skills and creative problem solving skills are required. Customer focus (internal & external) required. Excellent communication skills, ability to network, interface and influence at all levels of the organization, cross sector, cross-functionally and globally. Demonstrable ability to influence/collaborate to get to desired result. Strong leadership skills. Preferred: Hands-on experience of integration with hospitals and health-care environments is helpful. Experience of penetration testing and penetration testing tools is desirable. Experience working within an incident response team is desirable. At Johnson & Johnson, we’re on a mission to change the trajectory of health for humanity. That starts by creating the world’s healthiest workforce. Through cutting-edge programs and policies, we empower the physical, mental, emotional and financial health of our employees and the ones they love. As such, candidates offered employment must show proof of COVID-19 vaccination or secure an approved accommodation prior to the commencement of employment to support the well-being of our employees, their families and the communities in which we live and work. Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability. For more information on how we support the whole health of our employees throughout their wellness, career and life journey, please visit www.careers.jnj.com. Primary Location United States-New Jersey-Raritan-1003 US HIghway 202 Other Locations United States-Pennsylvania-Spring House, United States-Pennsylvania-Horsham Organization Johnson & Johnson Services Inc. (6090) Job Function Info Technology Requisition ID 2206062671W