Sr. Manager, Supply Chain Cybersecurity
Johnson & Johnson
4 hours ago
Remote friendly (San Lorenzo, CA)
United States
IT
Sr. Manager, Supply Chain Cybersecurity (Surgery Supply Chain ISRM)
Responsibilities
- Provide early/proactive engagement with project teams to drive execution of required security capabilities/services; end-to-end support for large programs.
- Perform cybersecurity risk assessments of IT/OT assets within manufacturing sites.
- Drive cybersecurity capability adoption across Surgery sites to secure IT/OT assets and enable safe, secure innovation.
- Provide tailored security guidance by interpreting and applying internal security requirements/standards for IT/OT initiatives and OT/OT-specific technologies.
- Lead the cyber operational portfolio from identification through consulting remediation plan to completion (partnering across ISRM, business, and technology teams).
- Establish data analytics to provide security posture across Surgery business units, functions, and sites.
- Proactively promote cybersecurity across the sector and sites.
- Assist the Security Operations Center (SOC) with security incident investigation; support affected users and liaise with the central investigation team.
- Ensure compliance with critical cybersecurity regulations (e.g., NIST, NIS2, Safe Data).
- Support global deployment of security initiatives (awareness sessions), identify alternative ways of working to avoid business disruptions, and review exception requests.
- Provide audit support as a liaison between audit, technology, and business from pre-work through remediation plans.
Qualifications
- 8+ years in cybersecurity leadership/execution roles with Supply Chain background required.
- Bachelorβs degree (CS/IT/business admin or similar); MBA preferred.
- 6+ years hands-on experience delivering technology, including cybersecurity design and capabilities.
- Preferred: CISM/CISSP/ISA-62443; CISA; CRISC; manufacturing or risk management experience.
- Excellent communication/collaboration; ability to network and influence across organizational levels globally.
- Strategic mindset to build capability roadmaps using data and automation.
- Experience securing/working across enterprise architecture layers (data, application, host, middleware, network, infrastructure).
- Solid understanding of current security threats, mitigation, and security vendors/technologies.
- Required: security data protection knowledge in manufacturing/distribution settings.
- Required: direct/support experience with Supply Chain applications; Sarbanes-Oxley compliance/audit preferred.
- Required: ISA/IEC 62443, NIST 800-53, and NIST 800-82.
- Lead diverse team members; resource allocation/planning.
- Big-picture and detail-oriented; align strategic and tactical security.
- Preferred: AI fluency/background in AI use cases.
- May require up to 10% domestic and international travel.
Required Skills
- Cybersecurity
- Supply Chain
Preferred Skills
- Certifications in cybersecurity/audit; manufacturing or risk management (e.g., CISM, CISSP, ISA-62443, CISA, CRISC)
- AI fluency/background in AI use cases
Benefits (time-off)
- Vacation: 120 hours/year
- Sick time: 40 hours/year (CO: 48; WA: 56)
- Holiday pay (including floating holidays): 13 days/year
- Work, Personal and Family Time: up to 40 hours/year
- Parental Leave: 480 hours within one year of birth/adoption/foster care
- Bereavement Leave: 240 hours immediate family; 40 hours extended family per year
- Caregiver Leave: 80 hours in a 52-week rolling period
- Volunteer Leave: 32 hours/year
- Military Spouse Time-Off: 80 hours/year
Responsibilities
- Provide early/proactive engagement with project teams to drive execution of required security capabilities/services; end-to-end support for large programs.
- Perform cybersecurity risk assessments of IT/OT assets within manufacturing sites.
- Drive cybersecurity capability adoption across Surgery sites to secure IT/OT assets and enable safe, secure innovation.
- Provide tailored security guidance by interpreting and applying internal security requirements/standards for IT/OT initiatives and OT/OT-specific technologies.
- Lead the cyber operational portfolio from identification through consulting remediation plan to completion (partnering across ISRM, business, and technology teams).
- Establish data analytics to provide security posture across Surgery business units, functions, and sites.
- Proactively promote cybersecurity across the sector and sites.
- Assist the Security Operations Center (SOC) with security incident investigation; support affected users and liaise with the central investigation team.
- Ensure compliance with critical cybersecurity regulations (e.g., NIST, NIS2, Safe Data).
- Support global deployment of security initiatives (awareness sessions), identify alternative ways of working to avoid business disruptions, and review exception requests.
- Provide audit support as a liaison between audit, technology, and business from pre-work through remediation plans.
Qualifications
- 8+ years in cybersecurity leadership/execution roles with Supply Chain background required.
- Bachelorβs degree (CS/IT/business admin or similar); MBA preferred.
- 6+ years hands-on experience delivering technology, including cybersecurity design and capabilities.
- Preferred: CISM/CISSP/ISA-62443; CISA; CRISC; manufacturing or risk management experience.
- Excellent communication/collaboration; ability to network and influence across organizational levels globally.
- Strategic mindset to build capability roadmaps using data and automation.
- Experience securing/working across enterprise architecture layers (data, application, host, middleware, network, infrastructure).
- Solid understanding of current security threats, mitigation, and security vendors/technologies.
- Required: security data protection knowledge in manufacturing/distribution settings.
- Required: direct/support experience with Supply Chain applications; Sarbanes-Oxley compliance/audit preferred.
- Required: ISA/IEC 62443, NIST 800-53, and NIST 800-82.
- Lead diverse team members; resource allocation/planning.
- Big-picture and detail-oriented; align strategic and tactical security.
- Preferred: AI fluency/background in AI use cases.
- May require up to 10% domestic and international travel.
Required Skills
- Cybersecurity
- Supply Chain
Preferred Skills
- Certifications in cybersecurity/audit; manufacturing or risk management (e.g., CISM, CISSP, ISA-62443, CISA, CRISC)
- AI fluency/background in AI use cases
Benefits (time-off)
- Vacation: 120 hours/year
- Sick time: 40 hours/year (CO: 48; WA: 56)
- Holiday pay (including floating holidays): 13 days/year
- Work, Personal and Family Time: up to 40 hours/year
- Parental Leave: 480 hours within one year of birth/adoption/foster care
- Bereavement Leave: 240 hours immediate family; 40 hours extended family per year
- Caregiver Leave: 80 hours in a 52-week rolling period
- Volunteer Leave: 32 hours/year
- Military Spouse Time-Off: 80 hours/year