Senior Manager- GRC Process and Controls for Johnson & Johnson in Raritan, NJ or Beerse, Belgium (salary not disclosed) UCF

The Sr. Manager, GRC Process & Controls, will be responsible for developing, maintaining and continuously enhancing GRC and assessment processes, ensuring GRC cyber policies and processes are in alignment with industry standard control frameworks, and identifying automation opportunities across the cyber risk management function. They will collaborate with other GRC and risk management leaders, security assessment team leaders, the security architecture and innovation team and ISRM BIS teams in performance of their responsibilities.

Key Responsibilities:

• Lead the maintenance and enhancement of a controls framework, in alignment with industry standards, and support response to audits and inquiries.
• Oversee and/or maintain controls mapping between internal security policies and controls frameworks.
• Monitor changes in laws, regulations, and standards to understand impact to controls and compliance.
• Collaborate with internal security teams to ensure the broader processes and operating procedures are in alignment with the controls framework.
• Develop, maintain, and continuously enhance GRC processes.
• Identify and drive opportunities for automated verification of controls, both during initial assessment and on an ongoing basis.
• Define requirements for the GRC tool to support the controls framework and assessments and partner with the GRC Solutions team on implementation.
• Collaborate with the SDLC and Asset Management teams to ensure alignment with the defined controls framework and assessments.
• Support special projects in the GRC and Risk Management space.

QUALIFICATIONS

Education:

• A bachelors degree is required, preferably in Computer Science, Engineering or Information Security/Cybersecurity.

Experience and Skills:

Required:

• 8+ years of Information Security/IT Risk Management experience with growing responsibilities.
• 4+ years of direct experience with cybersecurity control frameworks and standards and development of assessments based on control standards.
• Experience with security GRC tools and control mappings with industry standards and compliance controls (e.g. ServiceNow, Archer, Fusion, HIPAA, PCI-DSS, etc.).
• Demonstrable record of effectively collaborating with virtual, global teams, including diverse groups of people with varied backgrounds and cultural experiences.
• Strong analytical and results-oriented problem-solving skills.
• Strong interpersonal skills to build and maintain relationships with internal stakeholders.
• Experience at a large multinational organization.

Preferred:

• Certifications in cybersecurity (CISM, CISSP), audit (CISA), or risk management (CRISC).
• Experience with Unified Compliance Framework (UCF).

For more info: https://hubs.la/Q02Ts5Db0