Senior Manager- GRC Process and Controls - Johnson and Johnson
Raritan, NJ 08869
About the Job
The Sr. Manager, GRC Process & Controls, will be responsible for developing, maintaining and continuously enhancing GRC and assessment processes, ensuring GRC cyber policies and processes are in alignment with industry standard control frameworks, and identifying automation opportunities across the cyber risk management function. They will collaborate with other GRC and risk management leaders, security assessment team leaders, the security architecture and innovation team and ISRM BIS teams in performance of their responsibilities.
Key Responsibilities:
- Lead the maintenance and enhancement of a controls framework, in alignment with industry standards, and support response to audits and inquiries.
- Oversee and/or maintain controls mapping between internal security policies and controls frameworks.
- Monitor changes in laws, regulations, and standards to understand impact to controls and compliance.
- Collaborate with internal security teams to ensure the broader processes and operating procedures are in alignment with the controls framework.
- Develop, maintain, and continuously enhance GRC processes.
- Identify and drive opportunities for automated verification of controls, both during initial assessment and on an ongoing basis.
- Define requirements for the GRC tool to support the controls framework and assessments and partner with the GRC Solutions team on implementation.
- Collaborate with the SDLC and Asset Management teams to ensure alignment with the defined controls framework and assessments.
- Support special projects in the GRC and Risk Management space.
- A bachelors degree is required, preferably in Computer Science, Engineering or Information Security/Cybersecurity.
Experience and Skills:
Required:
- 8 years of Information Security/IT Risk Management experience with growing responsibilities.
- 4 years of direct experience with cybersecurity control frameworks and standards and development of assessments based on control standards.
- Experience with security GRC tools and control mappings with industry standards and compliance controls (e.g. ServiceNow, Archer, Fusion, HIPAA, PCI-DSS, etc.).
- Demonstrable record of effectively collaborating with virtual, global teams, including diverse groups of people with varied backgrounds and cultural experiences.
- Strong analytical and results-oriented problem-solving skills.
- Strong interpersonal skills to build and maintain relationships with internal stakeholders.
- Experience at a large multinational organization.
Preferred:
- Certifications in cybersecurity (CISM, CISSP), audit (CISA), or risk management (CRISC).
- Experience with Unified Compliance Framework (UCF).
Other:
- 10% Travel
#JNJTech
#LI-Onsite
#LI-RW1
Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.
For more information on how we support the whole health of our employees throughout their wellness, career and life journey, please visit www.careers.jnj.com .
The anticipated base pay range for this position is $118,000- $203,550 USD.
The Company maintains highly competitive, performance-based compensation programs. Under current guidelines, this position is eligible for an annual performance bonus in accordance with the terms of the applicable plan. The annual performance bonus is a cash bonus intended to provide an incentive to achieve annual targeted results by rewarding for individual and the corporation's performance over a calendar/performance year. Bonuses are awarded at the Company's discretion on an individual basis.
- Employees and/or eligible dependents may be eligible to participate in the following Company sponsored employee benefit programs: medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance.
- Employees may be eligible to participate in the Company's consolidated retirement plan (pension) and savings plan (401(k)).
- Employees are eligible for the following time off benefits:
- Vacation - up to 120 hours per calendar year
- Sick time - up to 40 hours per calendar year; for employees who reside in the State of Washington - up to 56 hours per calendar year
- Holiday pay, including Floating Holidays - up to 13 days per calendar year of Work, Personal and Family Time - up to 40 hours per calendar year
- Additional information can be found through the link below. https://www.careers.jnj.com/employee-benefits
The compensation and benefits information set forth in this posting applies to candidates hired in the United States. Candidates hired outside the United States will be eligible for compensation and benefits in accordance with their local market.