At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and Med Tech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at jnj.com.

As guided by Our Credo, Johnson & Johnson is responsible to our employees who work with us throughout the world. We provide an inclusive work environment where each person is considered as an individual. At Johnson & Johnson, we respect the diversity and dignity of our employees and recognize their merit.

Job Function:

Technology Enterprise Strategy & Security:

Job Sub Function:

Security & Controls:

Job Category:

Scientific/Technology

All Job Posting Locations:

São José dos Campos, São Paulo, Brazil

Job Description:

Johnson & Johnson is currently seeking an OT Cybersecurity Senior Specialist for Med Tech Supply Chain, part of the Information Security & Risk Management (ISRM) organization.

This candidate will have a background in automation (knowledge of PLCs for example), with skills in technology, and cybersecurity. They will be a strategic problem solver who performs with impact inclusively, driving intentional change proactively, and be driven to keep up with industry trends in cybersecurity. This role will embed directly with our J&J Technology and Med Tech Supply Chain teams providing the support vital to improve our security posture and enable end-to-end security portfolio/capability roadmaps to identify, mitigate and remediate cyber security vulnerabilities.

You will work across ISRM providing engineering and governance support, driving results, and showing dedication to our Credo. Your scope includes cybersecurity support for internal Manufacturing and Distribution sites in the region and Application Security inclusive of Sarbanes-Oxley (SOX).

Responsibilities:

• Engage with project teams to drive execution of the security capabilities and services needed for supply chain projects

• Conduct Cyber Security Risk Index (CSRI) evaluations and remediation planning across sites to secure IT/OT assets and enable safe & secure innovation.

• Interpret & apply the internal security requirements and standards for Applications, IT, and OT (Operational Technology) initiatives.

• Develop and/or execute awareness initiatives to promote the importance of cybersecurity across the sector and sites.

• Facilitate execution of third-party risk assessments including coordination of business partner and third-party information gathering, risk analysis, and remediation planning/execution tracking.

• Work to achieve operational goals with direct impact on the Security & Controls function and contributes to successful security integrations.

• Analyze results of vulnerability assessments and system analyses to identify risks and mitigate future threats.

• Help establish and implement methods for improving Security & Controls processes by leveraging insight from security system evaluations and root cause analysis investigations to resolve system deficiencies and security faults.

• Adheres to project definitions, budgets, resource requirement estimates, and success criteria for initiatives that aim to protect technology assets and ensure organizational security.

• Contributes to technical reports, technical memoranda, and other documents that provide employees and business partners with information regarding newly implemented security controls and operational practices to mitigate intrusion risks and cybersecurity threats.

• Coaches more junior colleagues in techniques, processes, and responsibilities.

• Understands and applies Johnson & Johnson's Credo and Leadership Imperatives in day-to-day interactions with team.

Qualifications:

• Bachelor’s degree in computer science, information technology, business administration, or another technical field is required.

• 2+ years of related experience in execution roles within Cybersecurity or Risk Management with background in Supply Chain required.

• 2+ years of hands-on experience in delivering security technology, cybersecurity evaluation, and implementation required.

• Superb communication and collaboration skills, able to network, interact at middle management levels of the organization, cross-functionally.

• Basic understanding of current security threats, mitigation measures, and security vendors/technologies.

• Experience working within and/or supporting diverse teams with varying cybersecurity experience and technology experience.

• Attention to detail and ability to understand and align on strategic and tactical security concepts.

Required Skills:

Preferred Skills:

Communication, Corrective and Preventive Action (CAPA), Critical Thinking, Information Security Auditing, Information Security Management System (ISMS), Information Technology (IT) Security Assessments, Information Technology Strategies, Mentorship, Network Optimization, Presentation Design, Process Optimization, Report Writing, Security Policies, Technical Credibility, Technologically Savvy, Training People, Vulnerability Assessments