IT Lead, Information Security, North America Job
Company Name:
Johnson & Johnson Consumer Inc. (6071)
Skillman, NJ, US
IT Lead, Information Security, North America
Description
Johnson & Johnson Family of Consumer Companies is currently recruiting for an IT Lead, Information Security, North America. The preferred location for this position is Skillman, NJ but consideration may also be given to Fort Washington, PA. Travel up to 20% is required, which mainly consists of travel between NJ and PA sites. Travel outside of these sites may also be required.
Johnson & Johnson Family of Consumer Companies develops and markets some of the world's leading consumer health and beauty brands. Our business helps care for people around the world by anticipating their needs, creating solutions and experiences that help them and those they care for live healthy, vibrant lives. Our global portfolio includes iconic health and healing brands such as TYLENOL , ZYRTEC, BAND AID Brand, and LISTERINE , and leading well-being and beauty brands including JOHNSON'S Baby, NEUTROGENA , ROC , AVEENO and CLEAN & CLEAR .
Thriving on a diverse company culture, celebrating the uniqueness of our employees and committed to inclusion. Proud to be an equal opportunity employer.
The North American IT Risk Assurance group is responsible for ensuring IT compliance and security requirements are met across multiple Consumer Operating Companies. The IT Compliance and Security Lead will be responsible to ensure that all applications and internet sites meet IT security & compliance requirements defined in J&J policies or by industry requirements such as J&J Information Assess Protection Policies, J&J Data Privacy, internet/WICO, Sarbanes-Oxley , Payment Card Information(PCI), Health Information Privacy, etc. Primary focus will be on development & production environments that support customer facing applications/sites. Candidate will act as Information Security Officer (ISO) for Consumer NA and Wellness & Prevention. On a day-to-day basis, candidate will provide guidance to IT & Business partners for project and operational initiatives.
Responsibilities towards Project Support include the following: Review and approve the required documents as defined per the SDLC, including the Compliance Analysis, Compliance Plan, and Compliance Report documents, and any deliverables as defined in the Compliance Plan for IT Compliance or ISO; Based on the Information Valuation and Information Availability defined, determine if any of the below additional security requirements or other security deliverables apply. If so, work with project team analyze and specify the following: IAPP Pre-purchase or Internally Deployed Assessment, IAPP Waiver, IAPP Physical Security of Information Assets Questionnaire, Security Configuration Standard (SCS), Business Partner Risk Assessment (BPRA); Ensure new computer systems and internet sites are in compliance prior to production release. Evaluate the effectiveness of systems' security.
Responsibilities towards Operational Support include the following: Manage and report security violations. Determine the level of security risk, determine appropriate action, and follow defined procedures. Work with the action assignees to resolve the security incident and close all action steps; Monitor compliance with established security measures for production computer systems; Act as IT security & compliance leader for audits from internal & external parties; Track requests and support security activities for the following. Publish Metrics to GBU Mgt, IT Mgt & WWIS: Business Partner Risk Assessments, IAPP Assessments, Security Incidents, External Business Partner Access Requests, IAPP Training Completion, Non-conformance to SDLC for ISO Sign-off; Collaborate and coordinate with the I/TSS personnel designated to support the Company to ensure a common understanding of IAPP requirements and what needs to be done by the Company; Oversee the Enterprise Vulnerability Management program from a Consumer perspective. This involves working with business partners to have 3rd party contracts updated to include language on vulnerability scanning, reviewing and approving scans performed on internally/externally hosted websites, and working with the internal WAVS team, as necessary.
Responsibilities towards Strategic development of Consumer Security include the following: Manage and lead the implementation and deployment of an Incident Response Process and Procedure for Consumer NA; Deploy and maintain an information security portal on the J&J Intranet, giving the organization a digital presence to share information with the business; Identify and report on information security metrics for the NA region for the quarterly management review sessions.
Qualifications
A minimum of a Bachelor's Degree is required. An advanced degree is preferred. A minimum of 5 years of experience in one or more of the following areas is required: IT/Compliance, Privacy, Internet Compliance, Information Security, Legal, and/or Sarbanes-Oxley. A minimum of 2 years of information security related experience is required. A minimum of 2 years of application development experience using a structured approach/SDLC is preferred. Knowledge of at least 3 of the following infrastructure concepts and technologies is required: Network protocols, OSI models, https, SSL, encryption, operating systems, and/or database security. Knowledge of risk management processes is required. Demonstrated ability to influence, negotiate and set/enforce standards is required. Demonstrated ability to develop and implement new processes is required. Strong communication and organizational skills are required. Demonstrated ability to use Microsoft PowerPoint, Excel and Word is required. Professionally certified CISSP (ISC2), CISM (ISACA) or GSEC (SANS Institute) or equivalent certification is preferred.
BE VITAL in your Career; be seen for the talent you bring to your work. Explore opportunities within the Johnson & Johnson Family of Companies.
J2W:DICE
J2W:LI NA
Primary Location:
North America-United States-New Jersey-Skillman
Other Locations:
North America-United States-Pennsylvania-Fort Washington
Organization:
Johnson & Johnson Consumer Inc. (6071)
Job Function:
Information Security
Certain sites within the Johnson & Johnson Family of Companies participate in E-Verify as appropriate in accordance with Company guidelines and federal or state law. To learn more about the government sponsored program and to see a list of the sites that are currently enrolled, please click here.
Johnson and Johnson Family of Companies are equal opportunity employers, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, or disability status, or any other characteristic protected by law.
EEO is the Law
EEO is the Law GINA SupplementEstimated Salary: $20 to $28 per hour based on qualifications.
Johnson & Johnson Consumer Inc. (6071)
Skillman, NJ, US
IT Lead, Information Security, North America
Description
Johnson & Johnson Family of Consumer Companies is currently recruiting for an IT Lead, Information Security, North America. The preferred location for this position is Skillman, NJ but consideration may also be given to Fort Washington, PA. Travel up to 20% is required, which mainly consists of travel between NJ and PA sites. Travel outside of these sites may also be required.
Johnson & Johnson Family of Consumer Companies develops and markets some of the world's leading consumer health and beauty brands. Our business helps care for people around the world by anticipating their needs, creating solutions and experiences that help them and those they care for live healthy, vibrant lives. Our global portfolio includes iconic health and healing brands such as TYLENOL , ZYRTEC, BAND AID Brand, and LISTERINE , and leading well-being and beauty brands including JOHNSON'S Baby, NEUTROGENA , ROC , AVEENO and CLEAN & CLEAR .
Thriving on a diverse company culture, celebrating the uniqueness of our employees and committed to inclusion. Proud to be an equal opportunity employer.
The North American IT Risk Assurance group is responsible for ensuring IT compliance and security requirements are met across multiple Consumer Operating Companies. The IT Compliance and Security Lead will be responsible to ensure that all applications and internet sites meet IT security & compliance requirements defined in J&J policies or by industry requirements such as J&J Information Assess Protection Policies, J&J Data Privacy, internet/WICO, Sarbanes-Oxley , Payment Card Information(PCI), Health Information Privacy, etc. Primary focus will be on development & production environments that support customer facing applications/sites. Candidate will act as Information Security Officer (ISO) for Consumer NA and Wellness & Prevention. On a day-to-day basis, candidate will provide guidance to IT & Business partners for project and operational initiatives.
Responsibilities towards Project Support include the following: Review and approve the required documents as defined per the SDLC, including the Compliance Analysis, Compliance Plan, and Compliance Report documents, and any deliverables as defined in the Compliance Plan for IT Compliance or ISO; Based on the Information Valuation and Information Availability defined, determine if any of the below additional security requirements or other security deliverables apply. If so, work with project team analyze and specify the following: IAPP Pre-purchase or Internally Deployed Assessment, IAPP Waiver, IAPP Physical Security of Information Assets Questionnaire, Security Configuration Standard (SCS), Business Partner Risk Assessment (BPRA); Ensure new computer systems and internet sites are in compliance prior to production release. Evaluate the effectiveness of systems' security.
Responsibilities towards Operational Support include the following: Manage and report security violations. Determine the level of security risk, determine appropriate action, and follow defined procedures. Work with the action assignees to resolve the security incident and close all action steps; Monitor compliance with established security measures for production computer systems; Act as IT security & compliance leader for audits from internal & external parties; Track requests and support security activities for the following. Publish Metrics to GBU Mgt, IT Mgt & WWIS: Business Partner Risk Assessments, IAPP Assessments, Security Incidents, External Business Partner Access Requests, IAPP Training Completion, Non-conformance to SDLC for ISO Sign-off; Collaborate and coordinate with the I/TSS personnel designated to support the Company to ensure a common understanding of IAPP requirements and what needs to be done by the Company; Oversee the Enterprise Vulnerability Management program from a Consumer perspective. This involves working with business partners to have 3rd party contracts updated to include language on vulnerability scanning, reviewing and approving scans performed on internally/externally hosted websites, and working with the internal WAVS team, as necessary.
Responsibilities towards Strategic development of Consumer Security include the following: Manage and lead the implementation and deployment of an Incident Response Process and Procedure for Consumer NA; Deploy and maintain an information security portal on the J&J Intranet, giving the organization a digital presence to share information with the business; Identify and report on information security metrics for the NA region for the quarterly management review sessions.
Qualifications
A minimum of a Bachelor's Degree is required. An advanced degree is preferred. A minimum of 5 years of experience in one or more of the following areas is required: IT/Compliance, Privacy, Internet Compliance, Information Security, Legal, and/or Sarbanes-Oxley. A minimum of 2 years of information security related experience is required. A minimum of 2 years of application development experience using a structured approach/SDLC is preferred. Knowledge of at least 3 of the following infrastructure concepts and technologies is required: Network protocols, OSI models, https, SSL, encryption, operating systems, and/or database security. Knowledge of risk management processes is required. Demonstrated ability to influence, negotiate and set/enforce standards is required. Demonstrated ability to develop and implement new processes is required. Strong communication and organizational skills are required. Demonstrated ability to use Microsoft PowerPoint, Excel and Word is required. Professionally certified CISSP (ISC2), CISM (ISACA) or GSEC (SANS Institute) or equivalent certification is preferred.
BE VITAL in your Career; be seen for the talent you bring to your work. Explore opportunities within the Johnson & Johnson Family of Companies.
J2W:DICE
J2W:LI NA
Primary Location:
North America-United States-New Jersey-Skillman
Other Locations:
North America-United States-Pennsylvania-Fort Washington
Organization:
Johnson & Johnson Consumer Inc. (6071)
Job Function:
Information Security
Certain sites within the Johnson & Johnson Family of Companies participate in E-Verify as appropriate in accordance with Company guidelines and federal or state law. To learn more about the government sponsored program and to see a list of the sites that are currently enrolled, please click here.
Johnson and Johnson Family of Companies are equal opportunity employers, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, or disability status, or any other characteristic protected by law.
EEO is the Law
EEO is the Law GINA SupplementEstimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
