Senior Manager Third Party Cyber Risk Assessment

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and Med Tech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity.

Learn more at
** Job Function:
Technology Enterprise Strategy & Security
Job Sub Function:
Security & Controls
Job Category:
People Leader
All Job Posting Locations:
Alabama (Any City), Alabama (Any City), Alaska (Any City), Arizona (Any City), Arkansas (Any City), California (Any City), Colorado (Any City), Connecticut (Any City), Delaware (Any City), Florida (Any City), Hawaii (Any City), Idaho (Any City), Illinois (Any City), Indiana (Any City), Kansas (Any City), Kentucky (Any City), Louisiana (Any City), Maine (Any City), Maryland (Any City), Massachusetts (Any City), Michigan (Any City), Minnesota (Any City), Mississippi (Any City), Missouri (Any City), Montana (Any City) { 24 more}

Job Description:

Johnson & Johnson is recruiting for a Senior Manager, Third-Party Cyber Risk Assessment to join the Information Security & Risk Management (ISRM) team. This role can be based anywhere in the United States.

Are you ready to use your technical knowledge to change the trajectory of health for humanity? We have a position for you!

Caring for the world, one person at a time inspired and united the people of Johnson & Johnson for over 130 years. We embrace research and science — bringing innovative ideas, products, and services to advance the health and well-being of people.

At Johnson & Johnson, we believe good health is the foundation of vibrant lives, thriving communities and forward progress. That’s why for more than 130 years, we have aimed to keep people well at every age and every stage of life. Today, as the world’s largest and most broadly-based healthcare company, we are committed to using our reach and size for good.

We strive to improve access and affordability, create healthier communities, and put a healthy mind, body and environment within reach of everyone, everywhere. Every day, our more than 130,000 employees across the world are blending heart, science and ingenuity to profoundly change the trajectory of health for humanity.

Key Responsibilities:

• Lead the company’s operations for cybersecurity Third-Party Risk Assessment (TPRA) and collaborate with key stakeholders on defining the TPRA strategy.
• Drive critical initiatives and lead a team of technical third-party cyber risk assessment professionals.
• Perform and lead third-party risk assessments, risk rankings, and collaboration on remediation strategies as needed.
• Drive automation and process improvements as identified and through relevant projects and/or operations.
• Implement a coordinated approach to third-party risk assessment by collaborating with the risk management and cybersecurity teams.
• Communicate cybersecurity third-party risk assessment results to senior leaders and provide input on remediation plans.
• Enhance third-party cyber risk assessment processes and define metrics including KPIs, trend analysis, and reporting.
• Offer consulting support to the larger cybersecurity team on third-party risk assessment understanding and remediation.
• Lead and develop the team, ensuring ongoing learning and support special projects as needed.

Qualifications

Education:

• A bachelor’s degree in Computer Science, Engineering or Information Security/Cybersecurity or equivalent degree is required.
• An advanced degree is preferred.
• Security certifications such as CRISC, CISSP, CISM, CTPRA, CTPRM, etc. are preferred.

Experience and Skills:
Required:

• 8 years of Information Security/IT risk assessment/management experience with growing responsibilities.
• 5 years of direct people management experience.
• 5 years of direct third-party cybersecurity risk assessment/management experience, including application of third-party risk assessment/management concepts and internal controls.
• 5 years…