Sr Mgr, Online Tracking, AM, CBT Partner

• Job title Sr Mgr, Online Tracking, AM, CBT Partner
• Function Legal & Compliance
• Sub function Enterprise Compliance
• Category Senior Manager, Enterprise Compliance (P8)
• Location New Brunswick / Beerse / United States of America / Belgium
• Date posted May 22 2026
• Requisition number R-078699
• Work pattern Hybrid Work

This job posting is anticipated to close on May 29 2026. We may however extend this time period, in which case the posting will remain available on www.careers.jnj.com to accept additional applications.

Description

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at jnj.com.

As guided by Our Credo, Johnson & Johnson is responsible to our employees who work with us throughout the world. We provide an inclusive work environment where each person is considered as an individual. At Johnson & Johnson, we respect the diversity and dignity of our employees and recognize their merit.

Job Function:

Job Sub Function:

Job Category:

All Job Posting Locations:

Job Description:

We are searching for the best talent for Sr Mgr, Online Tracking, AM, CBT Partner.

The Senior Manager, Privacy Governance & Operations – Online Tracking Technologies, Asset Management & CBT Partnership is a critical operational and technology leadership role within the Global Privacy Office. This role owns and evolves three foundational global privacy capabilities:

Cookie & Online Tracking Consent Management, Privacy Asset Management (systems and information assets containing personal data), and Primary operational interface between GPO and Corporate Business Technology (CBT).

This role ensures that privacy platforms, inventories, and digital compliance capabilities are designed, built, and operated as scalable enterprise solutions—supporting compliance with global privacy laws, enabling first‑line execution by the business, and providing high‑quality data and intelligence for governance, assurance, and regulatory response. The role is intentionally designed for a technologist with strong IT roots and business-facing experience, capable of translating privacy requirements into durable technology solutions.

Key Responsibilities

1. Global Cookie & Online Tracking Consent Management

• Own the end‑to‑end governance, operation, and evolution of the Company’s global Cookie Consent Management Program, ensuring compliance with online tracking, transparency, and choice requirements across jurisdictions.

• Oversee the technical implementation and operational use of consent tooling (e.g., OneTrust or successor platforms) across all global digital assets, including websites, applications, and emerging digital engagement channels.

• Establish global standards for:

  • Cookie classification and taxonomy

  • Consent models and user interface patterns

  • Banner configuration, localization, and deployment

  • Consent record retention, auditability, and reporting

• Partner with Legal, Digital, Marketing, Medical, and regional privacy leaders to ensure consistent deployment without fragmenting consent logic or creating unmanaged local solutions.

• Drive modernization initiatives to address complex digital ecosystems, including multi‑domain environments, tag management, third‑party technologies, and evolving regulatory interpretation.
  

2. Enterprise Privacy Asset Management (Information Assets)

• Serve as GPO’s global owner of the Privacy Asset Management capability, ensuring the Company maintains a comprehensive, accurate, and usable inventory of systems and assets that process personal data.

• Ensure each asset has:

  • A clearly defined asset owner

  • Complete visibility into types of personal data processed

  • Alignment with data categories, processing purposes, and jurisdictions

  • Ongoing lifecycle tracking (new, changed, retired systems)

• Establish asset management as a foundational dependency for:

  • Records of Processing Activities (ROPAs)

  • Data Subject Rights fulfillment

  • Incident response and impact analysis

  • Privacy Impact Assessments and compliance reviews

• Partner closely with CBT to embed privacy asset identification into SDLC and change processes, ensuring new or modified systems are captured by design, not retroactively.
  

3. Primary GPO Interface to Corporate Business Technology (CBT)

• Act as the primary accountable GPO interface to CBT for privacy technology platforms, roadmaps, demand intake, prioritization, and delivery execution.

• Translate privacy strategy, process requirements, and regulatory obligations into clear, actionable technology requirements for CBT product and engineering teams.

• Drive disciplined governance for:

  • Technology demand management

  • Enhancement prioritization and sequencing

  • Release planning and change control

  • Post‑deployment stabilization and adoption

• Partner with CBT to ensure privacy platforms are scalable, resilient, secure, and integrated within the broader enterprise architecture (e.g., SDLC, IRIS, digital platforms).

• Ensure GPO has strong ownership without building shadow IT, maintaining clear RACI boundaries between GPO (process/product ownership) and CBT (build/run responsibilities).
  

4. Program Intelligence, Metrics & Continuous Improvement

• Ensure Cookie, Asset, and Platform capabilities are instrumented for meaningful metrics, including adoption, completeness, quality, and operational risk indicators.

• Conduct recurring performance reviews with CBT and GPO stakeholders to drive data‑based improvement decisions.

• Lead structured modernization efforts to reduce manual effort, eliminate rework, and improve regulator‑ready transparency across digital and asset inventories.
  

Scope & Impact

• Global accountability for technology‑enabled privacy capabilities affecting every digital property and system processing personal data.

• High regulatory exposure area with direct impact on GDPR, ePrivacy, state privacy laws, transparency, and choice obligations.

• Key enabling role for privacy‑by‑design, automation, and scalable first‑line execution.

• Strategic partnership role with CBT influencing multi‑year technology roadmaps.
  

Required Qualifications

• Bachelor’s degree in Information Systems, Computer Science, Engineering, Business, or equivalent experience.

• Typically 8+ years experience spanning IT, digital platforms, enterprise systems, risk/compliance, or privacy operations (or equivalent combination of education and experience).

• Demonstrated experience working within or alongside IT organizations (e.g., product, platform, engineering, architecture, SDLC).

• Proven ability to act as a business‑facing technology owner, bridging regulatory needs and technical execution.

• Strong understanding of global privacy concepts related to:

  • Online tracking and consent

  • System inventories and data mapping

  • ROPAs and Data Subject Rights enablement
    

Preferred Qualifications

• Prior experience in enterprise IT roles (product owner, platform lead, systems manager, architect, or equivalent).

• Experience with privacy or GRC tooling (e.g., OneTrust), consent management platforms, or large‑scale digital estates.

• Comfort operating in matrixed global organizations with complex stakeholder ecosystems.

• Privacy credentialing (e.g., IAPP) is a plus.
  

Core Competencies

• Technology‑Fluent IT or Privacy Leader

• Enterprise Platform Ownership

• Cross‑Functional Influence (Legal, Privacy, IT, Digital)

• Operational Excellence & Scalability Mindset

• Clear Decision‑Making and Strong Accountability

Please note that this role is available across multiple countries and may be posted under different requisition numbers to comply with local requirements. While you are welcome to apply to any or all of the postings, we recommend focusing on the specific country(s) that align with your preferred location(s):

Sao Paulo [Brazil] - Requisition Number: [R-078030]
Beerse, Antwerp [Belgium] - Requisition Number: [R-078699]
New Jersey [US] - Requisition Number: [R-078699]

Remember, whether you apply to one or all of these requisition numbers, your applications will be considered as a single submission.

Required Skills:

Preferred Skills: