Cybersecurity Lead MedTech R&D
Johnson & Johnson
9 hours ago
Remote
United States
IT
Responsibilities:
- Serve as the Business Information Security partner for MedTech R&D; provide early/proactive engagement and end-to-end support for large programs.
- Provide tailored security guidance by interpreting and applying IAPP requirements/standards.
- Drive cybersecurity adoption across Electrophysiology R&D labs/sites to secure IT/OT assets and enable safe innovation.
- Lead the cyber operational portfolio (identify β consult remediation plan β completion) with ISRM, business, and technology teams.
- Establish security data analytics to show security posture across business units/functions/sites.
- Support Security Operations Center (SOC) incident investigation activities and liaise with central investigation teams.
- Ensure compliance with critical cybersecurity regulations (e.g., NIST, NIS2, Safe Data).
- Support global deployment of security initiatives, awareness sessions, exception reviews, and mitigation of business disruptions.
- Drive/manage security gap assessments/remediation and support integration for R&D portfolio acquisitions.
Qualifications:
- Bachelorβs degree in computer science/IT/cybersecurity/business administration or similar required.
- 5+ years in IT/OT and/or Engineering with security focus, including hands-on implementation of key controls (access control, IDP/IDR, anti-malware, patching, encryption, forensics, etc.).
- Direct experience supporting Research & Development functions required.
- Experience leading/performing security assessments and providing security assurance across enterprise architecture (data, application, host, middleware, network, infrastructure).
- Solid understanding of threats, mitigations, and security vendors/technologies.
- Cloud security experience (AWS/Azure/Salesforce).
- Security standards experience (ISO27001, HiTrust, NIST, etc.) required; CISM/CISSP/ISA-62443 or CISA/CRISC preferred.
- Exposure to data visualization tools (PowerBI, Tableau).
- Strong collaboration, networking, and communication skills.
Other:
- May require up to 10% travel.
Benefits (time off, subject to policy/date of hire):
- Vacation: 120 hours/year; Sick time: 40 hours/year (CO: 48; WA: 56); Holiday (incl. floating): 13 days/year; Work/Personal/Family: up to 40 hours/year; Parental leave: 480 hours in one year; Bereavement: 240 hours immediate family / 40 hours extended; Caregiver leave: 80 hours in 52-week rolling period; Volunteer: 32 hours/year; Military spouse time-off: 80 hours/year.
- Serve as the Business Information Security partner for MedTech R&D; provide early/proactive engagement and end-to-end support for large programs.
- Provide tailored security guidance by interpreting and applying IAPP requirements/standards.
- Drive cybersecurity adoption across Electrophysiology R&D labs/sites to secure IT/OT assets and enable safe innovation.
- Lead the cyber operational portfolio (identify β consult remediation plan β completion) with ISRM, business, and technology teams.
- Establish security data analytics to show security posture across business units/functions/sites.
- Support Security Operations Center (SOC) incident investigation activities and liaise with central investigation teams.
- Ensure compliance with critical cybersecurity regulations (e.g., NIST, NIS2, Safe Data).
- Support global deployment of security initiatives, awareness sessions, exception reviews, and mitigation of business disruptions.
- Drive/manage security gap assessments/remediation and support integration for R&D portfolio acquisitions.
Qualifications:
- Bachelorβs degree in computer science/IT/cybersecurity/business administration or similar required.
- 5+ years in IT/OT and/or Engineering with security focus, including hands-on implementation of key controls (access control, IDP/IDR, anti-malware, patching, encryption, forensics, etc.).
- Direct experience supporting Research & Development functions required.
- Experience leading/performing security assessments and providing security assurance across enterprise architecture (data, application, host, middleware, network, infrastructure).
- Solid understanding of threats, mitigations, and security vendors/technologies.
- Cloud security experience (AWS/Azure/Salesforce).
- Security standards experience (ISO27001, HiTrust, NIST, etc.) required; CISM/CISSP/ISA-62443 or CISA/CRISC preferred.
- Exposure to data visualization tools (PowerBI, Tableau).
- Strong collaboration, networking, and communication skills.
Other:
- May require up to 10% travel.
Benefits (time off, subject to policy/date of hire):
- Vacation: 120 hours/year; Sick time: 40 hours/year (CO: 48; WA: 56); Holiday (incl. floating): 13 days/year; Work/Personal/Family: up to 40 hours/year; Parental leave: 480 hours in one year; Bereavement: 240 hours immediate family / 40 hours extended; Caregiver leave: 80 hours in 52-week rolling period; Volunteer: 32 hours/year; Military spouse time-off: 80 hours/year.