ISRM Senior Analyst Product Cybersecurity

At Johnson & Johnson, we believe health is everything.

Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at https://www.jnj.com

Job Function:
Legal & Compliance

Job Sub Function:
Product Security

Job Category:
Professional

All Job Posting Locations:
Mumbai, India

Job Description:

The ISRM Senior Analyst Product Cybersecurity will play a key role in the support of J&J’s enterprise Product Cyber Risk Management Process.

This includes crafting and communicating metrics to Medtech management, identifying communications plans and raising overall awareness of the capability.

Specific responsibilities include supporting Medtech Business Units throughout the post market phase, review product vulnerabilities and recommend security design solutions, and support the coordinated vulnerability disclosure process.

Job Title - ISRM Senior Analyst Product Cybersecurity

Fully remote working.

Work timings - 8:00 AM to 5:00 PM EST

Key Responsibilities:



* Support cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.


* Support cyber defense trend analysis and reporting.


* Support security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy using threat modeling.


* Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).


* Support risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.


* Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).


* Support the creation of plans of action and breakthroughs or remediation plans are in place for vulnerabilities identified during risk assessments


* Applies ISRM product security policies and standards when performing all duties


* Anything a team member can do that contributes to improved systems reliability and availability is within scope.

Qualifications:



* Bachelor’s degree or equivalent in Computer Science or similar engineering field


* Minimum 3+ years relevant experience, or equivalent combination of education/experience.


* Must be experienced in Vulnerability Management, including scanning, remediation, stakeholder engagement, system administration and engineering.


* Experience with S...