Senior Manager MedTech Cybersecurity
Johnson & Johnson
5 hours ago
Remote friendly (Jacksonville, FL)
United States
IT
Sr. Manager, Cybersecurity β Medtech Vision
Key Responsibilities
- Serve as the focal point for all information asset protection matters for the Vision MedTech BU globally and/or cross-BU for a responsible region.
- Promote information security within the BU/region by defining and implementing processes and activities to meet Information Asset Protection Policies (IAPPs) requirements.
- Drive end-to-end Cyber Trust and Security-by-Design via consulting, engagement, and assurance; embed cybersecurity into business initiatives; improve risk posture; protect intellectual property and sensitive assets; improve site security and business resiliency.
- Act as the ISRM liaison with sector personnel, IT, and business leaders.
- Provide Information Security & Risk Management expertise so technology solutions meet requirements and standards.
- Consult project teams on applicability of global/local regulations, security standards, and certifications (e.g., NIST, NIS2, SOX, ISO 27001).
- Drive adoption of security best practices, J&J security standards/capabilities to protect critical information and assets.
- Drive remediation of identified cybersecurity issues.
- Lead cybersecurity risk posture activities (security consulting, design reviews, risk prioritization, advice and assurance on remediation).
- Support vulnerability management, third-party risk remediation, and cyber incident investigations.
- Engage business teams to drive user acceptance and support ISRM initiatives; provide security-by-design consulting.
- Enable ISRM capabilities (awareness, business impact, exceptions handling).
- Coordinate with IT, Quality Assurance, Regulatory Affairs, Global Audit & Assurance, and business partners for audit readiness and internal/external audits; support cybersecurity and internal control readiness.
- Deliver cybersecurity training/awareness to business teams; provide metrics and reporting on compliance to cybersecurity IAPP requirements and risks.
- Participate in BU planning to integrate security measures and remediations across design, development, and deployment phases.
Qualifications
- Education: Bachelorβs degree or equivalent; major in Cybersecurity or Computer Science highly preferred.
Required Experience and Skills
- 10+ years in Information Security & Risk Management and/or IT.
- Experience building strong partnerships with business leaders and partners.
- Strong understanding of security threats, mitigation measures, and security vendors/technologies.
- Experience designing and implementing enterprise security and/or cloud security and/or developing IT solutions/services to protect data, applications, hosts, middleware, networks, and infrastructure.
- Experience in complex, fast-paced environments.
- Experience supporting/leading/influencing security assessments (e.g., SOC Type 2, PCI, ISO 27001).
- Big-picture thinking with attention to detail; results orientation and ability to drive to short timelines.
- Passion for leading and influencing people; creative problem-solving.
- Customer focus (internal/external).
- Strong communication, collaboration, and ability to network/influence across sectors/functions/markets.
Preferred
- Experience implementing or reviewing compliance with international security standards/regulations.
- Security certifications (e.g., CISSP, CCSP, ISSAP, CISM).
- Fluency in English; preferably proficiency in another language.
Required/Preferred Skills (role-aligned)
- Business Process Design, collaborating, crisis management, critical thinking, cyber threat intelligence, developing others, inclusive leadership.
- Information security auditing, Information Security Management System (ISMS), IT security assessments, IT security strategies.
- Leadership, managing managers, people performance management.
- Presentation design, process optimization, security architecture design, security policies (as the only source of truth).
Key Responsibilities
- Serve as the focal point for all information asset protection matters for the Vision MedTech BU globally and/or cross-BU for a responsible region.
- Promote information security within the BU/region by defining and implementing processes and activities to meet Information Asset Protection Policies (IAPPs) requirements.
- Drive end-to-end Cyber Trust and Security-by-Design via consulting, engagement, and assurance; embed cybersecurity into business initiatives; improve risk posture; protect intellectual property and sensitive assets; improve site security and business resiliency.
- Act as the ISRM liaison with sector personnel, IT, and business leaders.
- Provide Information Security & Risk Management expertise so technology solutions meet requirements and standards.
- Consult project teams on applicability of global/local regulations, security standards, and certifications (e.g., NIST, NIS2, SOX, ISO 27001).
- Drive adoption of security best practices, J&J security standards/capabilities to protect critical information and assets.
- Drive remediation of identified cybersecurity issues.
- Lead cybersecurity risk posture activities (security consulting, design reviews, risk prioritization, advice and assurance on remediation).
- Support vulnerability management, third-party risk remediation, and cyber incident investigations.
- Engage business teams to drive user acceptance and support ISRM initiatives; provide security-by-design consulting.
- Enable ISRM capabilities (awareness, business impact, exceptions handling).
- Coordinate with IT, Quality Assurance, Regulatory Affairs, Global Audit & Assurance, and business partners for audit readiness and internal/external audits; support cybersecurity and internal control readiness.
- Deliver cybersecurity training/awareness to business teams; provide metrics and reporting on compliance to cybersecurity IAPP requirements and risks.
- Participate in BU planning to integrate security measures and remediations across design, development, and deployment phases.
Qualifications
- Education: Bachelorβs degree or equivalent; major in Cybersecurity or Computer Science highly preferred.
Required Experience and Skills
- 10+ years in Information Security & Risk Management and/or IT.
- Experience building strong partnerships with business leaders and partners.
- Strong understanding of security threats, mitigation measures, and security vendors/technologies.
- Experience designing and implementing enterprise security and/or cloud security and/or developing IT solutions/services to protect data, applications, hosts, middleware, networks, and infrastructure.
- Experience in complex, fast-paced environments.
- Experience supporting/leading/influencing security assessments (e.g., SOC Type 2, PCI, ISO 27001).
- Big-picture thinking with attention to detail; results orientation and ability to drive to short timelines.
- Passion for leading and influencing people; creative problem-solving.
- Customer focus (internal/external).
- Strong communication, collaboration, and ability to network/influence across sectors/functions/markets.
Preferred
- Experience implementing or reviewing compliance with international security standards/regulations.
- Security certifications (e.g., CISSP, CCSP, ISSAP, CISM).
- Fluency in English; preferably proficiency in another language.
Required/Preferred Skills (role-aligned)
- Business Process Design, collaborating, crisis management, critical thinking, cyber threat intelligence, developing others, inclusive leadership.
- Information security auditing, Information Security Management System (ISMS), IT security assessments, IT security strategies.
- Leadership, managing managers, people performance management.
- Presentation design, process optimization, security architecture design, security policies (as the only source of truth).