This job posting is anticipated to close on Mar 27 2025. We may however extend this time period, in which case the posting will remain available on www.careers.jnj.com to accept additional applications.
Description
At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at https://www.jnj.com
Job Function:
Technology Enterprise Strategy & SecurityJob Sub Function:
Security & ControlsJob Category:
Scientific/TechnologyAll Job Posting Locations:
Raritan, New Jersey, United States of AmericaJob Description:
Johnson & Johnson is recruiting for a Senior Principal, Governance, Risk, and Compliance (GRC) Controls to join the Information Security & Risk Management (ISRM) team. This role may be based at J&J locations in Raritan, NJ or Beerse, Belgium.
Please note that this role is available across multiple countries and may be posted under different requisition numbers to comply with local requirements. While you are welcome to apply to any or all of the postings, we recommend focusing on the specific country(s) that align with your preferred location(s):
Beerse, Belgium- Requisition Number: R-003850
Are you ready to use your technical knowledge to change the trajectory of health for humanity? We have a position for you!
Caring for the world, one person at a time has inspired and united the people of Johnson & Johnson for over 130 years. We embrace research and science -- bringing innovative ideas, products, and services to advance the health and well-being of people.
At Johnson & Johnson, we believe good health is the foundation of vibrant lives, thriving communities and forward progress. That’s why for more than 130 years, we have aimed to keep people well at every age and every stage of life. Today, as the world’s largest and most broadly-based healthcare company, we are committed to using our reach and size for good. We strive to improve access and affordability, create healthier communities, and put a healthy mind, body and environment within reach of everyone, everywhere. Every day, our more than 130,000 employees across the world are blending heart, science and ingenuity to profoundly change the trajectory of health for humanity.
Thriving on a diverse company culture, celebrating the uniqueness of our employees, and committed to inclusion. Proud to be an equal opportunity employer!
As a member of the ISRM integrated Risk Management team, the Senior Principal will be responsible for developing, maintaining and continuously enhancing GRC and assessment processes, ensuring GRC cyber policies and processes are in alignment with industry standard control frameworks, and identifying automation opportunities across the cyber risk management function. They will collaborate with other GRC and risk management leaders, security assessment team leaders, the security architecture and innovation team and ISRM BIS teams in performance of their responsibilities.
Key Responsibilities:
- Lead the maintenance and enhancement of a cybersecurity controls framework, in alignment with industry standards, and support response to audits and inquiries.
- Oversee and maintain control mappings between internal security policies and control frameworks.
- Monitor changes in laws, regulations, and standards to understand impact to controls and compliance.
- Collaborate with internal security teams to ensure the broader processes and operating procedures are in alignment with the controls framework.
- Develop, maintain, and continuously enhance GRC processes.
- Identify and drive opportunities for automated verification of controls, both during initial assessment and on an ongoing basis.
- Define requirements for the GRC tool to support the controls framework and assessments and partner with the GRC Solutions team on implementation.
- Collaborate with the SDLC and Asset Management teams to ensure alignment with the defined controls framework and assessments.
- Support special projects and other duties as assigned.
Qualifications
Education:
- A bachelor’s degree in Computer Science, Engineering or Information Security/Cybersecurity or equivalent degree is required. An advanced degree is preferred.
Experience and Skills:
Required:
- 8+ years of Information Security/IT Risk Management experience with growing responsibilities.
- 4+ years of direct experience with cybersecurity control frameworks and standards and development of assessments based on control standards.
- Experience with security GRC tools and control mappings with industry standards and compliance controls (e.g., HIPAA, PCI-DSS, etc.).
- Demonstrable record of effectively collaborating with virtual, global teams, including diverse groups of people with varied backgrounds and cultural experiences.
- Strong analytical and results-oriented problem-solving skills.
- Strong interpersonal skills to build and maintain relationships with internal stakeholders.
- Experience at a large multinational organization.
Preferred:
- Experience in risk management, cybersecurity or business risk analysis.
- Experience with the Unified Compliance Framework (UCF).
- Certifications in cybersecurity (CISM, CISSP), audit (CISA), or risk management (CRISC).
Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.
Johnson and Johnson is committed to providing an interview process that is inclusive of our applicants’ needs. If you are an individual with a disability and would like to request an accommodation, please email the Employee Health Support Center (ra-employeehealthsup@its.jnj.com) or contact AskGS to be directed to your accommodation resource.
The anticipated base pay range for this position is :
The anticipated base pay range for this position is $120,000.00 - $207,000.00 USDAdditional Description for Pay Transparency:
The Company maintains highly competitive, performance-based compensation programs. Under current guidelines, this position is eligible for an annual performance bonus in accordance with the terms of the applicable plan. The annual performance bonus is a cash bonus intended to provide an incentive to achieve annual targeted results by rewarding for individual and the corporation’s performance over a calendar/performance year. Bonuses are awarded at the Company’s discretion on an individual basis. Employees and/or eligible dependents may be eligible to participate in the following Company sponsored employee benefit programs: medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance. Employees may be eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)). Employees are eligible for the following time off benefits: Vacation – up to 120 hours per calendar year Sick time - up to 40 hours per calendar year; for employees who reside in the State of Washington – up to 56 hours per calendar year Holiday pay, including Floating Holidays – up to 13 days per calendar year of Work, Personal and Family Time - up to 40 hours per calendar year