Cybersecurity Analyst

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at https://www.jnj.com

Job Function:

Job Sub Function:

Job Category:

All Job Posting Locations:

Job Description:

Johnson & Johnson is currently seeking an Analyst for Surgery Supply Chain business units’ part of Information Security & Risk Management (ISRM) organization. This position can be based remotely within Brazil and/or any MedTech location in Brazil.

This candidate will have a foundational background in engineering, with skills in technology, and cybersecurity. They will be a strategic problem solver who performs with impact inclusively, driving intentional change proactively, and be driven to keep up with industry trends in cybersecurity. This role will embed directly with our J&J Technology and MedTech Supply Chain teams providing the support vital to improve our security posture and enable end-to-end security portfolio/capability roadmaps to identify, mitigate and remediate cyber security vulnerabilities.

You will work across ISRM providing engineering and governance support, driving results, and showing dedication to our Credo. Your scope includes cybersecurity support for Surgery internal Manufacturing locations and Application Security inclusive of Sarbanes-Oxley.

Responsibilities:

• Engage with project teams to drive execution of the security capabilities and services needed for Surgery make projects
• Complete Cyber Security Risk Index (CSRI) evaluations and remediation planning across sites to secure IT/OT assets and enable safe & secure innovation.
• Interpret & apply the IAPP requirements and standards for unique IT/OT (Operational Technology) initiatives and innovative or OT Specific technologies.
• Development of material and/or facilitation and the execution of awareness initiatives to promote the importance of cybersecurity across the sector and sites.
• Assist Surgery ISRM Business Information Security (BIS) Representatives with security incident investigation activities
• Facilitate execution of third party risk assessments including coordination of business partner and third party information gathering, risk analysis, and remediation planning/execution tracking.  
• Lead risk management activities to include vulnerability identification, tactical remediation requirements, identification or mitigating controls, and tracking of remediation execution.
• Perform requirements gathering and information collection as part of corporate audit functions from pre-work to remediation plans.

Qualifications:

• 2+ years of related experience in execution roles within Cybersecurity or Risk Management with background in Supply Chain required.
• Bachelor’s degree in computer science, information technology, business administration, or another meticulous field is required.
• 2+ years of hands-on experience in delivering technology; and cybersecurity evaluation and/or implementation required.
• Excellent communication and collaboration skills, able to network, interact at middle management levels of the organization, cross-functionally.
• Basic understanding of current security threats, mitigation measures, and security vendors/technologies.
• Experience working within and/or supporting diverse teams with varying cybersecurity experience and technology experience.