Johnson & Johnson is currently seeking a Manager, Business Information Security - TO&R - CBT to be located onsite in a North America, LATAM or EMEA J&J location. At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at  https://www.jnj.com/. For more than 130 years, diversity, equity & inclusion (DEI) has been a part of our cultural fabric at Johnson & Johnson and woven into how we do business every day. Rooted in Our Credo, the values of DEI fuel our pursuit to create a healthier, more equitable world. Our diverse workforce and culture of belonging accelerate innovation to solve the world’s most pressing healthcare challenges. We know that the success of our business – and our ability to deliver meaningful solutions – depends on how well we understand and meet the diverse needs of the communities we serve. Which is why we foster a culture of inclusion and belonging where all perspectives, abilities and experiences are valued, and our people can reach their potential. At Johnson & Johnson, we all belong. Summary The Manager will drive Cyber Trust and Security by Design through consulting, engagement and assurance. Support the strategy for embedding cyber security into business initiatives, improving risk posture, secure critical intellectual property and assets, improve site security and enhance business resiliency. Provide assurance over the cybersecurity of the Technology Operations and Risk / Operational services with a focus on facilities and BMS (Building Management Systems). The role will be responsible for providing security consulting services for the CBT Operation teams. Responsibilities Drive the adoption of security industry best-practices, J&J security standards and capabilities with a focus on Quality, Site and Supply Chain services with a focus on physical security and facilities to ensure that critical information and assets are protected from cyber threats. Engagement: Build relationships and collaborate with J&J CBT IT and business partners to ensure security is integrated into all solutions and vendor relationships. Project Leadership: Lead and drive key projects in alignment with the ISRM security strategy to improve cyber capabilities and maturity. Security Assurance: Ensure controls are appropriately implemented, perform security testing (e.g., vulnerability scans), and ensure proper remediation. Regulatory Expertise: Demonstrated experience in implementing and managing security controls, conducting risk assessments, and responding to incidents. Consulting: Provide security consulting by crafting controls related to confidentiality, integrity, and availability, and assess risks against these requirements. Compliance: Ensure compliance with cybersecurity regulatory mandates and internal policies keeping in mind local country requirements where applicable. Standardization: Drive consistency and use of common security products, practices, and standards across the organization. Capability Adoption: Ensure the adoption of ISRM security capabilities across the business. Threat Intelligence: Deploy threat intelligence capabilities to monitor for new threats, vulnerabilities, and assess their potential impact. Risk Posture Assurance: Provide assurance leadership on the cybersecurity risk posture of J&J Operations’ capabilities, including design reviews, risk assessments, and consultation on remediation. Education and Training: Illuminate cybersecurity procedures and controls for internal partners awareness. Metrics Communication: Share valuable metrics and overview of risks with key stakeholders, including visibility of security incidents, vulnerabilities, and issues. **Qualifications** Qualifications + Education: BA/BS in Computer/Data Science, Engineering, IT Security or alike required; MS/advanced degree preferred. + Experience:  5+ years of experience in Information Security, IT Risk Management, or IT with growing technical responsibilities required. + Expertise: Shown capabilities in information technology and security (incl. controls) with a solid understanding of traditional and emerging threats, especially in protecting sites, facilities and labs. + Communication: Superb communication and collaboration skills with the ability to network and influence at all levels is required (both IT and business). + Collaboration:  Ability to influence and drive Adoption of Enterprise Secure Software Development Processes and Tools + Team Experience: Experience working as part of a high-performing team is helpful. + Business Knowledge: Knowledge of key business processes preferred. + Problem-Solving: Creative problem-solving skills and understanding of complex environments (data, application, middleware, network) preferred. + People Management – Proven ability to lead a small, diverse (remote) team. + Certifications: Security certifications such as CISSP, CCSP, CRISC, CISM, are preferred. ---- The compensation and benefits information set forth in this posting applies to candidates hired in the United States. Candidates hired outside the United States will be eligible for compensation and benefits in accordance with their local market. The anticipated base pay range for this position is $100,000 to $172,500. The Company maintains highly competitive, performance-based compensation programs. Under current guidelines, this position is eligible for an annual performance bonus in accordance with the terms of the applicable plan. The annual performance bonus is a cash bonus intended to provide an incentive to achieve annual targeted results by rewarding for individual and the corporation’s performance over a calendar/performance year. Bonuses are awarded at the Company’s discretion on an individual basis. + Employees and/or eligible dependents may be eligible to participate in the following Company sponsored employee benefit programs: medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance. + Employees may be eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)). + Employees are eligible for the following time off benefits: + Vacation – up to 120 hours per calendar year + Sick time - up to 40 hours per calendar year; for employees who reside in the State of Washington – up to 56 hours per calendar year + Holiday pay, including Floating Holidays – up to 13 days per calendar year of Work, Personal and Family Time - up to 40 hours per calendar year + Additional information can be found through the link below. https://www.careers.jnj.com/employee-benefits Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability. For more information on how we support the whole health of our employees throughout their wellness, career and life journey, please visit www.careers.jnj.com.