Senior Manager Third Party Cyber Risk Assessment

Johnson & Johnson is recruiting for a Senior Manager, Third-Party Cyber Risk Assessment to join the Information Security & Risk Management (ISRM) team. This role can be based anywhere in the United States.

At Johnson & Johnson, we believe good health is the foundation of vibrant lives and thriving communities. We are committed to using our reach and size for good and to improving access and affordability of health solutions. We are an equal opportunity employer and value diversity and inclusion.

As an integral member of the ISRM Risk Assessment Center of Excellence, you will own the identification and assessment of cyber risks within the Third-Party Risk Assessment (TPRA) service. You will work with multiple senior security team members as well as senior Information Technology leaders.

• Lead the company’s operations for cybersecurity Third-Party Risk Assessment (TPRA) and collaborate with key stakeholders on defining the TPRA strategy.
• Drive critical initiatives and lead a team of technical third-party cyber risk assessment professionals.
• Perform and lead third-party risk assessments, risk rankings, and collaboration on remediation strategies as needed.
• Drive automation and process improvements as identified and through relevant projects and/or operations.
• Implement a coordinated approach to third-party risk assessment by collaborating with the risk management and cybersecurity teams.
• Communicate cybersecurity third-party risk assessment results to senior leaders and provide input on remediation plans.
• Enhance third-party cyber risk assessment processes and define metrics including KPIs, trend analysis, and reporting.
• Offer consulting support to the larger cybersecurity team on third-party risk assessment understanding and remediation.
• Lead and develop the team, ensuring ongoing learning and support special projects as needed.

Education:

• A bachelor’s degree in Computer Science, Engineering or Information Security/Cybersecurity or equivalent degree is required.
• An advanced degree is preferred.
• Security certifications such as CRISC, CISSP, CISM, CTPRA, CTPRM, etc. are preferred.

Experience and Skills:

Required:

• 8+ years of Information Security/IT risk assessment/management experience with growing responsibilities.
• 5+ years of direct people management experience.
• 5+ years of direct third-party cybersecurity risk assessment/management experience, including application of third-party risk assessment/management concepts and internal controls.
• 5+ years running and/or using a GRC tool to support security risk objectives.
• Proficiency in conducting and leading third-party risk assessments, including data classification, risk scoring, and mitigation planning.
• Ability to translate technical findings into business impact for key partners.
• Strong analytical and problem-solving skills.
• Strong interpersonal skills to build and maintain relationships with internal partners.

Preferred:

• Foundational knowledge of regulatory requirements (e.g., SOX404, Privacy, HIPAA, GxP, cyber regulations) is preferred.
• Experience managing/assessing third-party risk in a large, dynamic, multinational organization.
• Experience in identifying key security risks, security controls, and providing consulting services to customers throughout the third-party vendor lifecycle.
• Experience with security standards and control frameworks (e.g. FAIR, HITRUST, ISO27001, NIST, SOC 2, etc.).
• Demonstrable record of effectively collaborating with virtual, global teams, including diverse groups of people with varied backgrounds and cultural experiences.

#JNJTech

#LI-Remote

Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.

Johnson & Johnson is committed to providing an inclusive interview process. If you are an individual with a disability and would like to request an accommodation, please contact us via the Careers site or AskGS to be directed to your accommodation resource.

Pay: The anticipated base pay range for this position is $120,000-$207,000.

The following pay/benefits details apply where applicable:

• Company-sponsored employee benefit programs (medical, dental, vision, life, disability, insurance, group legal).
• Consolidated retirement plan (pension) and savings plan (401(k)).
• Vacation, sick leave, holidays, and other time-off provisions per policy and location.

Additional information can be found at the Johnson & Johnson careers site.