Sr. Manager, Supply Chain Cybersecurity
Johnson & Johnson
4 hours ago
Remote friendly (Cornelia, GA)
United States
IT
Sr. Manager, Supply Chain Cybersecurity (Surgery Supply Chain ISRM)
Responsibilities
- Provide early/proactive engagement with project teams to drive business understanding and execution of security capabilities and services (end-to-end support for large programs).
- Perform cybersecurity risk assessments of IT/OT assets within manufacturing sites.
- Drive cybersecurity capability adoption across Surgery sites to secure IT/OT assets and enable safe, secure innovation.
- Provide tailored security guidance by interpreting and applying internal security requirements/standards for unique IT/OT initiatives and OT-specific technologies.
- Lead the cyber operational portfolio from identification β remediation planning β completion, partnering across ISRM, business, and technology teams.
- Establish data analytics to provide security posture across Surgery business units, functions, and sites.
- Promote the importance of cybersecurity across the sector and sites.
- Assist the Security Operations Center (SOC) with security incident investigations; partner with business teams and liaise with the central investigation team.
- Ensure solutions are compliant with critical cybersecurity regulations (e.g., NIST, NIS2, Safe Data).
- Support global deployment of security initiatives (awareness sessions, alternative ways of working to avoid disruptions, and review exception requests).
- Provide audit support as a liaison between audit, technology, and business from pre-work through consulting remediation plans.
Qualifications
- 8+ years of cybersecurity leadership/execution experience with supply chain background required.
- Bachelorβs degree in computer science, information technology, business administration, or another rigorous discipline required; MBA preferred.
- 6+ years hands-on experience delivering technology and cybersecurity design/capabilities.
- Preferred certifications: CISM, CISSP, ISA-62443; CISA; CRISC.
- Excellent communication and collaboration skills; ability to network, interface, and influence globally across functions and sectors.
- Strategic mindset to develop capability roadmaps enabling proactive reliability through data and automation.
- Experience securing various layers of enterprise architecture (data, application, host, middleware, network, infrastructure).
- Solid understanding of current security threats, mitigation measures, and security vendors/technologies.
- Required: understanding of security data protection and capabilities in a manufacturing and/or distribution site.
- Required: direct/supporting experience with supply chain applications; Sarbanes-Oxley compliance and audit preferred.
- Required: understanding of ISA/IEC 62443, NIST 800-53, and NIST 800-82.
- Ability to lead diverse team members; resource allocation and planning to meet business needs.
- Big-picture perspective with attention to detail to align strategic and tactical security.
- Preferred: AI fluency/background in AI use cases.
Required Skills
- Cybersecurity, Supply Chain
Preferred Skills
- AI fluency/background in AI use cases
Benefits
- Vacation: 120 hours per calendar year
- Sick time: 40 hours per calendar year (Colorado: 48; Washington: 56)
- Holiday pay (including floating holidays): 13 days per calendar year
- Work, Personal and Family Time: up to 40 hours per calendar year
- Parental Leave: 480 hours within one year of birth/adoption/foster care
- Bereavement Leave: 240 hours (immediate family); 40 hours (extended family) per calendar year
- Caregiver Leave: 80 hours in a 52-week rolling period
- Volunteer Leave: 32 hours per calendar year
- Military Spouse Time-Off: 80 hours per calendar year
Responsibilities
- Provide early/proactive engagement with project teams to drive business understanding and execution of security capabilities and services (end-to-end support for large programs).
- Perform cybersecurity risk assessments of IT/OT assets within manufacturing sites.
- Drive cybersecurity capability adoption across Surgery sites to secure IT/OT assets and enable safe, secure innovation.
- Provide tailored security guidance by interpreting and applying internal security requirements/standards for unique IT/OT initiatives and OT-specific technologies.
- Lead the cyber operational portfolio from identification β remediation planning β completion, partnering across ISRM, business, and technology teams.
- Establish data analytics to provide security posture across Surgery business units, functions, and sites.
- Promote the importance of cybersecurity across the sector and sites.
- Assist the Security Operations Center (SOC) with security incident investigations; partner with business teams and liaise with the central investigation team.
- Ensure solutions are compliant with critical cybersecurity regulations (e.g., NIST, NIS2, Safe Data).
- Support global deployment of security initiatives (awareness sessions, alternative ways of working to avoid disruptions, and review exception requests).
- Provide audit support as a liaison between audit, technology, and business from pre-work through consulting remediation plans.
Qualifications
- 8+ years of cybersecurity leadership/execution experience with supply chain background required.
- Bachelorβs degree in computer science, information technology, business administration, or another rigorous discipline required; MBA preferred.
- 6+ years hands-on experience delivering technology and cybersecurity design/capabilities.
- Preferred certifications: CISM, CISSP, ISA-62443; CISA; CRISC.
- Excellent communication and collaboration skills; ability to network, interface, and influence globally across functions and sectors.
- Strategic mindset to develop capability roadmaps enabling proactive reliability through data and automation.
- Experience securing various layers of enterprise architecture (data, application, host, middleware, network, infrastructure).
- Solid understanding of current security threats, mitigation measures, and security vendors/technologies.
- Required: understanding of security data protection and capabilities in a manufacturing and/or distribution site.
- Required: direct/supporting experience with supply chain applications; Sarbanes-Oxley compliance and audit preferred.
- Required: understanding of ISA/IEC 62443, NIST 800-53, and NIST 800-82.
- Ability to lead diverse team members; resource allocation and planning to meet business needs.
- Big-picture perspective with attention to detail to align strategic and tactical security.
- Preferred: AI fluency/background in AI use cases.
Required Skills
- Cybersecurity, Supply Chain
Preferred Skills
- AI fluency/background in AI use cases
Benefits
- Vacation: 120 hours per calendar year
- Sick time: 40 hours per calendar year (Colorado: 48; Washington: 56)
- Holiday pay (including floating holidays): 13 days per calendar year
- Work, Personal and Family Time: up to 40 hours per calendar year
- Parental Leave: 480 hours within one year of birth/adoption/foster care
- Bereavement Leave: 240 hours (immediate family); 40 hours (extended family) per calendar year
- Caregiver Leave: 80 hours in a 52-week rolling period
- Volunteer Leave: 32 hours per calendar year
- Military Spouse Time-Off: 80 hours per calendar year