J&J Family of Companies ISRM SENIOR MANAGER LOGISTICS SC in Shepherdsville, Kentucky

Johnson & Johnson is recruiting for an IT Senior Manager - Logistics Cybersecurity, Global Supply Chain located in the United States.

As a part of the Information Security Risk Management Supply Chain group, the IT Senior Manager - Logistics Cybersecurity, Global Supply Chain is responsible for the development and implementation of the security program which spans Johnson and Johnson’s logistics and distribution centers worldwide, including application security, infrastructure security, industrial IoT, distribution center automation equipment and ICS and third-party vendor risk.

The role focuses on shaping and running the cyber security program and team of resources to:

  • Provide consulting to IT and engineering teams on standards, design, implementation, and testing of secure IT and OT (ICS/Distribution Centre Automation) and networks and infrastructure.

  • Provide assurance to senior leadership on the cyber security risk posture of the logistics capabilities within J&J’s global supply chain, including performing and leading assessments and design reviews of current and to-be solutions and environments, ranking risks and providing consulting and guidance on remediation.

  • Shape strategy for security capabilities needed, influence business funding and adoption and partner in the selection and deployment of those capabilities.

  • Influence the cyber security strategy for the J&J global supply chain.

Monitor the industry landscape for emerging threats, technologies and capabilities.

Key Responsibilities:

Lead the execution of the cyber security program for logistics, including:

  • Provide security consulting and design reviews in support of technology projects

  • Perform assessments of cyber security risk posture of logistics technology, sites and vendors. Rank risks, provide solution/remediation guidance and influence adoption. This is across full-stack Information Technology and Operational Technology solutions (applications, databases, infrastructure, networks, industrial Internet of Things, automation equipment), Distribution Center site cyber security and 3rd party cyber security.

  • Manage metrics and dashboards to enable effective management of risk

  • Build and maintain relationships with senior leaders to provide assurance on security risk and influence direction of resources to appropriate mitigations.

Continuously improve the cyber security program, for example:

  • Support identification and implementation of security tools and design patterns (e.g. ICE firewall deployments, IDR, AV, SIEM, deception technology).

  • Develop technical standards, associated training materials and implementation guidance.

  • Drive process improvements and productivity gains to drive increasing value from existing resources

  • Coach and develop the internal team and establish a network of security champions within the distribution centers globally:

  • Actively Monitor new threats and vulnerabilities, advising technology teams on appropriate actions to address them:

Qualifications

  • Bachelor’s Degree or equivalent experience

  • A minimum of 10 years of experience working in IT and/or Engineering with a security focus is required including hands-on implementation level understanding of key security technologies and controls (e.g. remote access, access control, firewalls, IDP/IDR, anti-malware, patch management, encryption technologies, forensics etc.)

  • Experience analyzing IT and Operational Technology architecture to identify security gaps and designing solutions is required.

  • Experience performing security audits and assessments based on technical security frameworks such as NIST 800-53/800-82, ISO 27001, IEC 62433, RG 5.71, NEI 08-09, etc.

  • Strong knowledge of the security landscape including trends in process, tooling and threats is required.

  • Understanding of cloud and virtualized environments is required.

  • Hands-on experience of integration with hospitals and health-care environments is helpful.

  • Experience of penetration testing and penetration testing tool is desirable

  • Experience of working within an incident response team is desirable

  • Demonstrable track record of working within large projects and handling multiple opposing priorities.

  • Big Picture/Attention to Detail – align strategic and tactical security aspects required.

  • Results Orientation/Sense of Urgency – ability to aim to tight timelines required.

  • Excellent interpersonal skills required.

  • Creative problem-solving skills required.

  • Customer focus (internal & external) required.

  • Excellent communication skills, able to network, interface and influence at all levels of the organization, cross sector, cross-functionally and globally required.

  • Proven ability to influence/collaborate to get to desired result required.

  • Strong leadership skills required.

  • Legally able to work in the United States (no visa sponsorship provided).

Travel percentage – 15% (US domestic and international)

Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

Primary Location

United States-New Jersey-Raritan-

Other Locations

North America-United States-Pennsylvania-Tobyhanna, North America-United States-Tennessee-Memphis, North America-United States-California-Fontana, North America-United States-Colorado-Monument, North America-United States-Massachusetts-Bridgewater, North America-United States-Indiana-Warsaw, North America-United States-Indiana-Mooresville, North America-United States-Kentucky-Shepherdsville, North America-United States-Florida-Jacksonville

Organization

Johnson & Johnson Services Inc. (6090)

Job Function

Information Security

Requisition ID

8799181204