Supply Chain Sr. Cybersecurity Analyst - Third-Party Risk & Remediation (fixed-term)

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at jnj.com.

As guided by Our Credo, Johnson & Johnson is responsible to our employees who work with us throughout the world. We provide an inclusive work environment where each person is considered as an individual. At Johnson & Johnson, we respect the diversity and dignity of our employees and recognize their merit.

Job Function:

Technology Enterprise Strategy & Security

Job Sub Function:

Security & Controls

Job Category:

Scientific/Technology

All Job Posting Locations:

São José dos Campos, São Paulo, Brazil

Job Description:

Johnson & Johnson is currently seeking a Senior Analyst for MedTech Supply Chain, part of the Information Security & Risk Management (ISRM) organization.

 

This candidate will have a background in supply chain, with skills in technology, and cybersecurity. They will be a strategic problem solver who performs with impact inclusively, driving intentional change proactively, and be driven to keep up with industry trends in cybersecurity. This role will embed directly with our J&J Technology and MedTech Supply Chain teams providing the support vital to improve our security posture and enable end-to-end security portfolio/capability roadmaps to identify, mitigate and remediate cyber security vulnerabilities.

 

Responsibilities:

• Facilitate comprehensive execution of third-party risk assessments, including coordination of business partner and third-party information gathering, in-depth risk analysis, and robust remediation planning and execution tracking. This role will serve as a primary issue manager for all security findings and vulnerabilities identified within the third-party landscape for MedTech Supply Chain.

• Engage with project teams to drive execution of the security capabilities and services needed for supply chain projects, ensuring alignment with GRC policies and proactively managing security-related issues.

• Interpret & apply the internal security requirements and standards for Applications, IT, and OT (Operational Technology) initiatives, ensuring compliance and providing guidance on governance best practices, with a critical focus on ensuring third-party compliance with these standards.

• Develop and/or execute awareness initiatives to promote the importance of cybersecurity across the sector and sites, reinforcing GRC principles and fostering a security-conscious culture, extending to our third-party ecosystem where applicable.

• Work to achieve operational goals with direct impact on the MedTech Supply Chain ISRM function and contributes to successful security integrations, ensuring all integrations meet governance and compliance requirements.

• Analyze results of vulnerability assessments and system analyses to identify risks and mitigate future threats, taking full ownership of the issue management process from identification to resolution, particularly for vulnerabilities identified in third-party systems or processes.

• Help establish and implement methods for improving Third Party Risk management processes by leveraging insight from third-party evaluations and root cause analysis investigations to resolve system deficiencies and security faults, enhancing the overall GRC framework, with a particular emphasis on improving the management and resolution of third-party security issues.

• Coaches more junior colleagues in techniques, processes, and responsibilities, particularly in GRC methodologies and effective issue management, including the specific challenges and best practices for managing third-party security issues.

• Understands and applies Johnson & Johnson's Credo and Leadership Imperatives in day-to-day interactions with team, upholding the highest standards of governance and ethical conduct.

 

Qualifications:

• 2+ years of related experience in execution roles within Cybersecurity or Risk Management, with a strong background in Governance, Risk, and Compliance (GRC) and Supply Chain required, specifically demonstrating experience in third-party risk management, vendor security assessments, and issue remediation.

• Superb communication and collaboration skills, able to network, interact at middle management levels of the organization, cross-functionally, with proven ability to articulate GRC findings and drive issue resolution.

• Attention to detail and ability to understand and align on strategic and tactical security concepts, critical for effective GRC compliance and issue management.

 

 

 

Required Skills:

 

 

Preferred Skills:

Analytical Reasoning, Communication, Corrective and Preventive Action (CAPA), Industry Analysis, Information Security Auditing, Information Security Management System (ISMS), Information Technology (IT) Security Assessments, Information Technology Strategies, Mentorship, Process Oriented, Risk Assessments, Root Cause Analysis (RCA), Security Policies, Solution Architecture, Technologically Savvy, Vulnerability Assessments