China Cybersecurity Officer - 2406188217W

Description

Johnson & Johnson, through its operating companies, is the world's most comprehensive and broadly based manufacturer of health care products, as well as a provider of related services, for the consumer, pharmaceutical, and medical device markets. We strive to provide scientifically sound, high-quality products and services to help heal, cure disease and improve the quality of life.

Thriving on a diverse company culture, celebrating the uniqueness of our employees, and committed to inclusion. Proud to be an equal opportunity employer.

The China Cybersecurity Officer is a results-oriented self-starter who enjoys a fast-paced environment and is looking for opportunity to influence change in an established organization. He/She will have responsibility for all aspects of identifying and managing security risk and serve as the focal point for all information asset protection matters. Based in Shanghai, China this role will support Johnson & Johnson business units in collaboration with other ISRM and Johnson & Johnson Technology partners to ensure Johnson and Johnson is compliant with China Cybersecurity Regulations as well as Johnson and Johnson Technology governance requirements.

Responsibilities:

• Responsible for driving all ISRM Cybersecurity Compliance activities in China relating to Johnson and Johnson Information Asset Protection Policy as well as all requirements relating to Cybersecurity that is mandated by in-country regulations within China.

• Ensure all In-country Cybersecurity regulatory requirements are clearly documented and resourced appropriately with review and alignment with global Information Security and Risk Management leadership.

• Engage with relevant in-country regulatory bodies and represent Johnson and Johnson in any Cybersecurity regulatory inspection/audits.

• Serve as local Security Officer signatory as required for regulatory submissions aligning with Global Security Officer signatory on requirements.

• Ensure that J&J information assets are appropriately identified, valued, and protected by complying with and enforcing all local and worldwide security policies.

• Act as a liaison to the business and IT to coordinate and manage security and risk management activities as required.

• Proactively drive risk-based business strategies anticipating business needs.

• Participate in business planning to ensure information security and risk management capabilities are appropriately considered and included in plans.

• Plan and prioritize the integration of security measures in business projects during the design, development and deployment phases.

• Provide expertise in Information Security & Risk Management and Enterprise Information Security Architecture to ensure that technology solutions meet all requirements and standards.

• Lead efforts to apply risk management processes in projects, identify and track risks, recommend solutions, validate remediation plans, and facilitate implementation.

• Actively advise, assess, and lead Business and IT stakeholders in the development of secure information systems and solutions in line with organization’s cybersecurity architecture, IAPP policies and regulatory requirements.

• Lead activities for audit preparation, hosting and follow-up activities and to propose strategies to improve performance in audits.

• Facilitate education and training to the organization on Information Security & Risk Management procedures and controls.

• Provide leadership and drive employee engagement; drive a focus on Talent Development within ISRM to develop a diverse, regional IT talent pipeline.

• Communicate with and report value-added metrics to management and senior leadership.

• Prompt reporting of security incidents or significant security problems to appropriate personnel.

• Serve as the primary point of contact for security issues for their area of influence.

Qualifications

Qualifications:

• A bachelor’s degree in the field of computer science, information technology, business administration, or another rigorous discipline is required.

• A minimum of 10 years of progressive experience in leadership roles within Information Security & Risk Management and/or IT

• A minimum of 5 years of experience in design and implementation of enterprise (security) architecture, cloud security (e.g. AWS, Azure) and/or development of IT solutions or services.

• Experience in working/securing various levels of the enterprise architecture (data, application, host, middleware, network, Infrastructure)

• Solid understanding of current security threats, mitigation measures and security vendors/technologies.

• Experience with implementation or review of compliance with international security standards or regulations.

• Experience in People Management and have worked in complex, fast-paced environments.

• Experience in engaging with Regulators in the assigned jurisdiction is mandatory.

• Experience managing internal and external audits.

• Big Picture Thinking / Attention to Detail – align strategic and tactical.

• Previous experience developing effective and strong partnerships along with relationship building skills with business leaders and key stakeholders.

• Results Orientation/Sense of Urgency – ability to drive to tight timelines.

• Excellent interpersonal skills

• Creative problem-solving skills

• Excellent communication and collaboration skills, able to network, interface and influence at all levels of the organization, cross sector, cross-functionally and globally.

• Proven ability to influence/collaborate to get to desired result.

Security certifications such as CISSP, CCSP, ISSAP, CISM, etc.

Primary Location Asia Pacific-China-Shanghai-Shanghai

Organization Johnson & Johnson Services Inc. (6090)

Job Function Security & Controls

Req ID: 2406188217W