Sr Manager, Cybersecurity Policy

Johnson & Johnson is recruiting for a Senior Manager, Cybersecurity Policy to join the Information Security & Risk Management (ISRM) team. This position is open to remote candidates in the UK. Are you ready to use your cybersecurity and technical knowledge to change the trajectory of health for humanity? We have a position for you! As an integral member of the ISRM Cybersecurity Policy, Governance & Compliance team, you will own the enterprise cybersecurity policies and standards which mandate the cyber controls and requirements across all Johnson & Johnson.

In this role, you will work with multiple senior security team members as well as senior Information Technology leaders.

• Lead the development and maintenance of cybersecurity policies and standards for the enterprise, collaborating with various technical and executive stakeholders.
• Establish and manage the governance framework for the full policy lifecycle (creation, approval, communication, monitoring, and retirement).
• Communicate cybersecurity policy and standard updates through various channels and audiences, including senior leaders.
• Partner with business units and technology teams to ensure policies are understood, adopted, and enforced.
• Provide consulting support to the larger cybersecurity team on the cybersecurity policies and standards.
• Lead the development and maintenance of standard cybersecurity exhibits and requirements for inclusion in contracts and agreements.
• Collaborate with Legal, Procurement, and Risk Management teams to ensure contractual security obligations align with company policies and risk posture.
• Support various enterprise governance initiatives, providing cybersecurity input and subject matter expertise.
• Lead and develop the policy and contracts team, ensuring ongoing learning and support special projects as needed.

• A bachelor's degree in Computer Science, Engineering or Information Security/Cybersecurity or equivalent degree is required.
• An advanced degree is preferred.
• Security certifications such as CRISC, CISSP, CISM, etc. are preferred.
• 8+ years of Information Security/IT risk assessment/management experience with growing responsibilities.
• 5+ years of direct people management experience.
• 5+ years of direct information security/cybersecurity policy experience.
• Working knowledge of cybersecurity frameworks (e.g., NIST CSF, NIST 800-53, ISO 27001, etc.).
• Proficiency in defining cybersecurity contractual language and requirements.
• Ability to analyze and gauge business impact for policy/requirement changes.
• Strong analytical and problem-solving skills.
• Strong interpersonal skills to build and maintain relationships with both technical and business partners and effectively communicate with senior leaders.

• Knowledge of and multi-national and healthcare specific cyber laws and regulations (e.g., HIPAA).
• Experience managing cybersecurity policies in a large, dynamic, multinational organization.
• Experience in identifying key security risks, security controls, and providing consulting services to internal stakeholders.
• Demonstrable record of effectively collaborating with virtual, global teams.