Director- Cyber Risk Assessment Services

Johnson & Johnson is recruiting for a Director- Cyber Risk Assessment Services located in Raritan, NJ or remote work in the U.S.

The Director, Cyber Risk Assessment Services, is responsible for leading a team of security and risk professionals in the conduct of a variety of cybersecurity risk and compliance assessments, including assessments of third-parties and both internal and hosted applications.

They will also be responsible for defining, developing, and monitoring assessment processes, driving continuous improvement, and defining and reporting on Key Performance Indicators.

Lastly, the Director will drive automation throughout the assessment processes and collaborate and partner with other ISRM leaders to ensure assessment services meet stakeholder expectations.

Key Responsibilities:


* Develops and maintains overall Risk Assessment execution strategy and approach to ensure consistent, quality cybersecurity risk assessments.


* Leads team in performance of cybersecurity risk assessments across applications, third parties, websites and other relevant entities.


* Defines and maintains formal cybersecurity risk assessment processes.


* Drives and oversees the development of requirements for automation, process enhancements, and technology enhancements to drive efficiency and accuracy.


* Develops KPIs and metrics to measure quality and effectiveness of risk assessment services.


* Collaborates with other ISRM leaders to ensure risk assessments meet customer expectations.


* Collaborates with the ISRM GRC team to drive technology enhancements and capabilities to support assessment processes.


* Provides People Leadership for the Risk Assessment team, ensuring ongoing development of team members.


* Support ISRM organizational initiatives (e.g., Talent, Learning & Development, etc.).

Education:


* A bachelors degree is required, preferably in Computer Science, Engineering or Information Security/Cybersecurity.


* Masters degree preferred.

Experience and Skills:

Required:


* 10 years of Information Security/IT Risk Management experience with growing responsibilities.


* 5 years of experience leading cybersecurity professionals in the conduct of application and/or third-party assessments.


* Experience with developing and defining formal processes for security assessments.


* Demonstrated proficiency in information security, cybersecurity controls and industry frameworks, and both traditional and emerging cyber threats.


* Demonstrable record of effectively collaborating with virtual, global teams, including diverse groups of people with varied backgrounds and cultural experiences.


* Good communication and demonstrated influencing skills.


* Experience at a large multinational organization.


* Ability to lead a diverse staff.

Preferred:


* Certifications: Information Security & Risk Management certifications preferred.

Other:


* 10% travel.

#JNJTech

#...