J&J Family of Companies Senior Manager- Security & Risk Management Business Services in Greater Mumbai, India
Position Title: Senior Manager, Security & Risk Management Business Services
Supervisor Title: Director, Security & Risk Management Business Services, ASPAC
The Senior Manager, Security & Risk Management Business Services will have responsibilities for all aspects of identifying and managing risk for their assigned companies.
• Serve as the focal point for all information asset protection matters in the Johnson & Johnson Operating Company, Sector organization for which he or she is responsible.
• Be accountable for promoting information security within the Operating Company or Sector, including ensuring processes, procedures, and other activities are defined and implemented to meet the requirements of the Information Asset Protection Policies (IAPPs).
• Serve as the ISRM liaison and have direct interaction with sector personnel, IT, and business leaders.
• Provide expertise in Information Security & Risk Management to ensure that technology solutions meet all requirements and standards.
• Consult with project teams to determine applicability of various regulations.
Major Duties & Responsibilities
Act as a liaison to business owners to coordinate and manage security and risk management activities as required. Proactively drive risk based business strategies anticipating business needs. Participate in business planning to ensure Information security and risk management capabilities are planned for. As a member of the planning committee, plan and prioritize the integration of security measures in business projects during the design, development and deployment phases.
Lead the efforts to apply risk management processes in the business projects to identify and track risks, recommend solutions, validate remediation plans and facilitate implementation.
Responsible for driving ISRM activities and projects across the Sector/operating company, including all information security and risk management activities associated with external regulations and internal Johnson & Johnson policies and procedures such as Sarbanes Oxley, IAPP, PCI, HIPAA. Ensure that J&J information assets are appropriately identified and valued, and are protected by complying with and enforcing all local and worldwide security policies.
Work with IT, QA, Regulatory, CIA and business colleagues to ensure audit readiness and to prepare for internal and external audits. Lead activities for audit preparation, hosting, and follow-up activities and to propose strategies to improve performance in audits.
Facilitate education and training to the organization on Information Security & Risk Management procedures and controls.
Provide leadership and drive employee engagement, drives a focus on Talent Development within ISRM to develop a diverse, regional IT talent pipeline.
Perform other work related duties as assigned.
Required Years of Related Experience: 8+ years of ISRM experience Other Business unit IT/ISRM experience
Required Knowledge, Skills and Abilities:
• Bachelor’s degree required.
• A minimum of 8 years of progressive experience in leadership roles within Information Security & Risk Management/IT required
• Experience working with operating company/sector required.
• 2+ years of People management experience required
• Experience working in ASPAC region and understanding of local/regional regulations
• Experience managing internal and external IT audits required
• Experience managing a SOX 404 program for IT required
• Big Picture/Attention to Detail – align strategic and tactical required.
• Results Orientation/Sense of Urgency – ability to drive to tight timelines required.
• Excellent interpersonal skills required.
• Creative problem solving skills required.
• Change leadership expertise required.
• Customer focus (internal & external) required.
• Excellent communication and collaboration skills, able to network, interface and influence at all levels of the organization, cross sector, cross-functionally and globally required
• Proven ability to influence/collaborate to get to desired result required.
• Strong leadership skills required.
Travel on the Job: 20% Type of Travel Required:International
Preferred Area of Study: Information Technology/Information Security
Preferred Related Industry Experience : Information Security, Risk Management, Risk Assurance
• MS and/or advanced degree preferred.
• Information Security &Risk Management certifications preferred.
• Working knowledge of COBIT and / or ITIL preferred.
• Knowledge of key business processes preferred.
Key Working Relationships
Internal Managing business partner relationships with Senior IT and Business Leaders and key stakeholders Accountability for Information Security & Risk Management business facing teams working in the field close to the business partners for risk assurance and business risk officer activities.
External Managing business partner relationship with key external stakeholders.
Johnson & Johnson Private Limited (8080)