Senior Director, Cybersecurity Leader - A&D

at J&J Family of Companies in Springfield, Illinois, United States

Job Description

Senior Director, Cybersecurity Leader – A&D – 2406202112W

Description

Johnson and Johnson is currently recruiting for a Senior Director, Cybersecurity Leader – A&D within the Johnson & Johnson Technology (JJT) organization and will be based in Raritan, NJ. Remote work options may be considered on a case-by-case basis and if approved by the company.

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated and cured, where treatments are smarter and less invasive and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow and profoundly impact health for humanity. Learn more at https://www.jnj.com/ .

As a key member of our team, this leader will play a critical role in ensuring the security and integrity of our organization’s merger and acquisition activities globally. In this exciting and influential position, this individual will have the unique opportunity to lead the overall security responsibility for our A&D space and oversee all aspects of cyber security tasks during the merger and acquisition process.

A key responsibility will be to develop and implement robust security strategies and frameworks that protect our organization’s sensitive data and assets during these critical business activities. This leader will work closely with business development and various teams and define the Cyber Security playbook and operationalization associated with J&J Global Acquisitions & Divestitures. By integrating deep knowledge of cyber security, strong leadership skills, and a collaborative approach, this individual will ensure that our A&D activities align with corporate risk profiles and report progress to the executive team on a regular basis. Additional responsibilities will include, but are not limited to:

• Lead the teams in conducting thorough cyber security due diligence assessments for A&D targets.

• Evaluate the target company’s security posture, identifying vulnerabilities and risks.

• Define the risks and financial impact for remediation prior to final deal terms and assess the impact of the acquisition on our overall security framework.

• Develop and implement comprehensive security integration plans for acquired companies.

• Define and implement security policies, standards and procedures for the merged entities and collaborate with multi-functional teams to ensure timely integration of security controls.

• Work closely with executives and teams to ensure smooth integration of acquired entities into our security framework.

• Liaise with Business Development, JJT, Legal and other key teams to align security requirements and priorities and coordinate with relevant partners to address any potential challenges.

• Lead the planning and implementation of security controls and measures to safeguard merged and or divested systems and data.

• Partner with security architecture and information security controls teams to protect merged and divested environments through the integration period.

• Lead the deployment and monitoring of security technologies and tools, conduct regular security assessments, run incident response and develop and maintain security policies and procedures.

• Provides technical expertise to risk management activities for meeting regulatory, security and business requirements.

• Anticipates risks and issues of high technical complexity based on understanding of business trends and the goals and objectives.

• Evaluates and ensures the resolution of technically complex security issues, internal control issues, critical incidents and/or crisis resolution management, raising as necessary.

• Proactively assesses the impact of regulatory and other security and internal control changes on processes and advises senior leadership on the implications of risks and business needs.

• Shares knowledge of future trends, technology, procedures and systems in security, controls, and risk management.

• Reviews or prepares reports or documents on risk management to be communicated to TS, JJT and J&J senior management in highly complex situations.

• Experience building and working in complex organizations with ability to influence teams where resources do not all report directly into the function.

• Proven critical thinking skills, with a long-term outlook and the ability to achieve results to improve business unit performance and create a culture of accountability.

• Skilled leader with exceptional communication abilities, collaboration and relationship building skills establishing credibility and fostering multi-functional relationships.

• Advises on information security requirements, compliance and project/business constraints and creates forums, benchmarking analyses and processes that result in improvement, information sharing and innovation across J&J.

• Develops networks of internal and external business partners, suppliers, the technical/legal community, and consultants

• Oversees and reports on the effectiveness of security controls and compliance across all merged / divesting entities.

• Implement monitoring and reporting processes to ensure ongoing compliance and provide regular updates and metrics on security performance and incidents.

• Stay abreast of emerging cyber threats and proactively recommend and implement security enhancements.

• Stay current with industry trends, regulations, and emerging cyber threats and propose and drive the implementation of proactive security measures and processes.

• Provide guidance and support to the organization on cyber security practices.

• Conduct training and awareness sessions to promote cyber security awareness and advise on security-related matters and guide them towards security compliance.

Qualifications

• Bachelor’s level degree or equivalent is required, preferably within Information Technology or Information Security; an advanced degree (MBA or MS) is preferred.

• Minimum of 6 years of experience in leading technical teams, with a minimum of 14 years of related Information Risk Management experience or a combination of 12 years of combined experience.

• In-depth understanding and knowledge of cyber security frameworks, standards and regulations, such as NIST Cybersecurity Framework, ISO 27001, GDPR and industry-specific requirements.

• Prior experience in conducting thorough cyber security due diligence assessments for A&D targets, evaluating target companies’ security postures, identifying vulnerabilities and risks, and assessing the impact of acquisitions on overall security frameworks.

• Solid understanding of due diligence processes and methodologies related to cyber security, including data privacy and protection, incident response, risk management, and technology integration.

• Demonstrated expertise in designing and implementing security architectures and controls to safeguard merged environments, including secure network infrastructure, access controls, encryption methods, and other security measures.

• Demonstrable experience in leading and integrating security controls across multiple systems and environments, ensuring seamless alignment with existing security frameworks and standards.

• Solid understanding of security technologies and tools, including firewalls, intrusion detection and prevention systems, data loss prevention solutions, SIEM systems, and vulnerability assessment tools.

• Experience in conducting security assessments and audits to evaluate the effectiveness of security controls and measures, identify gaps or vulnerabilities, and implement remediation plans.

• Robust knowledge of incident response and management processes, including incident investigation, con