Business Info. Security Manager Nchc Emea

Johnson & Johnson is undertaking a major strategic transformation of the cybersecurity program as part of the separation of our Consumer Health business into an independent, market-leading consumer products company. This role will be within our Information Security and Risk Management (ISRM) organization, working at the intersection of business strategy, security risk assurance, and security consulting across enterprise IT, Operational Technologies, and Third Parties.

The Sr. Manager, Business Information Security Officer (BISO) will provide security leadership, consulting, and education driving accountability for cybersecurity risk, supporting initiatives to shape business strategy and security risk investment priorities. Overall, this position serves as an advocate for the business but maintains a clear focus on information risk and security, helping to identify and assess risks to the business unit. The Sr. Mgr. BISO will handle and coordinate various information security activities, programs, and initiatives for the business across Enterprise IT, Operational Technologies / Supply Chain and Third Parties.

This position is a key member of the Kenvue, the proposed new Consumer Health Company, Security Organization, reporting directly to the Director, BISO _EMEA.**Key Responsibilities**:

- Understand the proposed new Consumer Healthcare company business priorities and goals, and risk profile for projects in the business portfolio
- Enable business strategies, while balancing the security risk; articulate the security perspective to the business, helping them understand the potential risk impact and possible controls in business terms. In return, bring business knowledge to the Information Security organization to help ensure security is aligned with the business strategy and accelerates solutions with better communication and alignment.
- Establish communication channels within the security organization (i.e.: cross pillar engagement with Risk and Governance, Security Engineering & IAM) with an aim to efficiently address security issues leveraging the capabilities offered across the security org.
- Provide guidance on the security risk aspect of key business / IT strategic initiatives and ensure timely engagement.
- Help drive accountability and stand up “cyber champions” within the business to ensure there is ownership and understanding regarding risk mitigation and remediation activities.
- Ensure corrective plans are developed to remediate defined risks and non-compliant activities and stay on top of action plans and their execution.
- Educate management of the risk implications associated with business technology decisions and communicate the likelihood and impact of those decisions. Help to establish metrics so management can fully quantify those risks and implement effective actions to resolve.
- Align with BISO leadership to help improve strategies for the delivery of Business Information Security products to customers and partners across Enterprise IT, Operational Technology, Third Party / Supplier Assessments.
- Actively engage with and understand industry trends in cybersecurity capabilities and best practices.
- Deliver high-quality work outcomes and customer service in a high-pressure, fast-paced setting to meet company needs.
- Attend and participate in internal/external forums with Business & IT Leaders where appropriate.

**Qualifications**:
**Qualifications/Selection Criteria**:

- Minimum 8 years in Information Technology with at least 7 in Information Security
- Bachelor’s degree or higher with a concentration in IT or related field
- Security and control certifications preferred (CISSP, CISM, CISA, CRISC)
- Experienced in Information Security programs including, but not limited to Application / Digital Risk Assessment, Third Party Assessment, Product Security and Mergers & Acquisition preferred
- Experience across Operational Technology / Supply Chain Systems preferred
- Demonstrated understanding the proposed new Consumer Health company business priorities and goals
- Ability to guide to completion security risk assessments and ensure processes are understood, appropriate controls take place, and remediation of identified risks are documented and addressed
- Ability to influence others and shape/acquire desired outcome in areas outside of direct control.
- Strong verbal, written and presentation skills to effectively communicate information security projects in business terms to various levels within the organization
- Results oriented, well organized with follow-up skills to meet deadlines; have a track record of optimally balancing multiple tasks in a sophisticated environment
- Demonstrated knowledge of government and other local privacy regulations related to Information Security, Payment Card Industry Data Security Standard (PCI DSS) and Data Privacy (SOX, HIPAA, etc.)
- Experience working with virtual and diverse global teams of varied backgrounds and cultural experiences