DIRECTOR, SECURITY TECHNICAL STANDARDS

Johnson & Johnson is currently seeking a Director Security Architecture – Security Products to join our ISRM team located in Raritan.
At Johnson & Johnson, we believe health is everything.
Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal.
Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity.
Learn more at https://www.
nj.
om/.
For more than 130 years, diversity, equity & inclusion (DEI) has been a part of our cultural fabric at Johnson & Johnson and woven into how we do business every day.
Rooted in Our Credo, the values of DEI fuel our pursuit to create a healthier, more equitable world.
Our diverse workforce and culture of belonging accelerate innovation to solve the world’s most pressing healthcare challenges.
We know that the success of our business – and our ability to deliver meaningful solutions – depends on how well we understand and meet the diverse needs of the communities we serve.
Which is why we foster a culture of inclusion and belonging where all perspectives, abilities and experiences are valued, and our people can reach their potential.
At Johnson & Johnson, we all belong.
This position involves leading a team of security technology SMEs in shaping & defining global in-depth security product architectures, embedded in the security technology product squads, leading evaluations of new technologies and solution section decision rights, act as a trusted advisor to technology vendors and service providers worldwide, building and maintaining strong relationships to ensure effective global communication, contract management, and vendor relationship management.
Role.
The Director, Security Technical Standards position is responsible for defining and distributing global technical security standards, ensuring the protection of information assets, and aligning with global security policies and standards.
This role focuses on providing well-defined and up-to-date standards across business units and collaborating with the office of the Chief Technology Officer (CTO) and global architecture councils.
The Director, Technical Security Standards role involves creating, documenting, and testing practical and programmatically consumable global technical security standards.
This includes partnering with various teams, training employees, and raising awareness about these standards.
The position also entails leading a team to shape and define these standards, aligning them with industry best practices and distributing them throughout the organization.
The core responsibility areas of the role include.
Defining and Documenting Global Technical Security Standards Distributing and Communicating Technical Security Standards Collaboration with Office of the CTO and various Councils including Architecture council.
Programmatic Testing and Practical Application Leadership and Team Collaboration In summary, this position involves leading a small team of key SME’s defining global technical security standards, aligning them with company policies and industry best practices, ensuring practicality and programmability, and effectively distributing and raising awareness of these standards throughout the organization.
Qualifications Required.
Minimum of 15 years of experience in information technologies with a minimum of 9+ years of related Information Security Risk Management experience In-depth Knowledge of Security Frameworks and Standards A strong understanding of various security frameworks and standards, such as ISO , NIST Cybersecurity Framework, CIS Controls, and SOC2.
Familiarity with industry-specific security standards, regulations, and requirements, (e.
., PCI DSS, HIPAA, GDPR, GxP etc.).
Proficiency in Security Architecture and Design.
Knowledge and experience in designing and implementing secure architectures for complex systems, networks, and applications.
Understanding of secure coding practices and secure software development life cycle (SDLC) methodologies.
Experience in conducting threat modeling exercises to identify potential security risks and vulnerabilities.
Knowledge of risk management frameworks and methodologies, such as FAIR (Factor Analysis of Information Risk) or OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation).
Broad Understanding of Security Technologies Comprehensive knowledge of a wide range of security technologies, tools, and solutions, including firewalls, intrusion detection/prevention systems, encryption, identity, and access management (IAM), vulnerability management, Secure Access Service Edge (SASE), Cloud Access Security Brokers (CASB), and Cloud Security Posture Management (CSPM) and endpoint protection.
Excellent written and verbal communication skills, with the ability to convey complex technical concepts to both technical and non-technical stakeholders.
Strong analytical and problem-solving skills, with the ability to identify potential security risks or weaknesses and develop effective strategies for mitigation.
Demonstrated ability to lead and manage cross-functional teams, including providing guidance, mentoring, and support to less experienced security professionals.
Experience in driving security initiatives and projects, ensuring adherence to timelines and objectives.
Excellent communication and interpersonal skills, with the ability to collaborate effectively with technical and non-technical stakeholders.
Effectively works with virtual, global teams – including diverse groups of people with varied backgrounds and cultural experiences.
Preferred Knowledge, Skills and Abilities.
MS and/or advanced degree preferred.
Certifications in related areas (e.
.
SANS GPEN/GWAPT/GXPN, OSCP, CEH) are a plus AWS Certifications – AWS Solutions Architect (Associate), AWS Security Specialty are a plus Core understanding of IP Networking, routing, VPNs.
Some visualization tool knowledge (i.
., Tableau, Power BI) GxP background an asset (desirable, but not required) The anticipated base pay range for this position is $ to $.
Bonus.
- The Company maintains highly competitive, performance-based compensation programs.
Under current guidelines, this position is eligible for an annual performance bonus in accordance with the terms of the applicable plan.
The annual performance bonus is a cash bonus intended to provide an incentive to achieve annual targeted results by rewarding for individual and the corporation’s performance over a calendar/performance year.
Bonuses are awarded at the Company’s discretion on an individual basis.
Employees and/or eligible dependents may be eligible to participate in the following Company sponsored employee benefit programs.
medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance.
Employees may be eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)).
This position is eligible to participate in the Company’s long-term incentive program.
Employees are eligible for the following time off benefits.
- Vacation – up to 120 hours per calendar year Sick time - up to 40 hours per calendar year; for employees who reside in the State of Washington – up to 56 hours per calendar year Holiday pay, including Floating Holidays – up to 13 days per calendar year of Work, Personal and Family Time - up to 40 hours per calendar year Additional information can be found through the link below.
https://www.
areers.
nj.
om/employee-benefits The compensation and benefits information set forth in this posting applies to candidates hired in the United States.
Candidates hired outside the United States will be eligible for compensation and benefits in accordance with their local market.