Senior Manager, Supply Chain Cybersecurity (IT and OT), APAC

At Johnson & Johnsonwe believe health is everything. Our strength in healthcare innovation empowers us to build aworld where complex diseases are prevented treated and curedwhere treatments are smarter and less invasive andsolutions are our expertise in Innovative Medicine and MedTech we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow and profoundly impact health for more at

Job Function:

Job Sub Function:

Job Category:

All Job Posting Locations:

Job Description:

Sr. Manager Supply Chain Cybersecurity (IT and OT) - ASPAC

Johnson & Johnson is currently seeking a Senior Manager in the Information Security & Risk Management (ISRM) organization supporting the MedTech Supply Chain ASPAC. This position can be based in China or Singapore.

This candidate will have a diverse background with strong business acumen technology and security expertise. They will be a strategic thinker who leads with impact inclusively driving intentional change proactively and be driven to keep up with industry trends in cybersecurity. This role will embed directly with our J&J Technology and MedTech Supply Chain teams providing the security posture and the end-to-end security portfolio/capability roadmap to improve identify and remediate cyber security vulnerabilities.

You will work across ISRM demonstrating authentic leadership driving results and showing dedication to our Credo. Your scope includes regional cyber security responsibility for MedTech Manufacturing sites Distribution sites (Internal and External / 3PL) Application Security and Third-Party Risk Management.

Responsibilities:

• Champion a Secure-by-Design approach with stakeholders to embed security capabilities and services within business initiatives.

• Perform cybersecurity risk assessments of IT and OT assets within the manufacturing and distribution sites.

• Drive the OT cybersecurity capability adoption across sites to secure IT and OT assets and enable safe & secure innovation.

• Provide tailored security guidance (based on risk and complexity) by interpreting and applying the internal cybersecurity policy requirements and standards for innovative IT and OT initiatives.

• Partner with security business and technology teams to identify assist with the creation of mitigation and remediation plans and track the closure of cybersecurity risks.

• Provide regular cybersecurity posture updates to business function site leadership and regional teams.

• Create site-specific cybersecurity roadmaps to provide input into the cybersecurity business planning process and improve the cybersecurity posture of the sites

• Promote the importance of cybersecurity across the region and sites.

• Assist the Security Operations Center (SOC) with security incident investigation activities; work closely with business teams to support affected users and be the liaison with central investigation teams.

• Drive business understanding of critical cybersecurity regulations and ensuring solutions are compliant (CPC NIST NIS2 Safe Data Zero Trust etc.).

• Support the global deployment of security initiatives with awareness sessions identify alternative ways of working to avoid business disruptions and review exception requests

• Provide audit support as the liaison between corporate audit functions from pre-work to consulting remediation plans.

• Interpret gaps identified by the Third-Party Risk Management team and collaborate with business and technology stakeholders to ensure vendors remediate the gaps identified.

• Enhance Application Security used within the region by interpreting internal security and regulatory requirements such as SarbanesOxley (SOX) Payment Card Industry (PCI) Health Insurance Portability and Accountability Act (HIPAA) European Union Network and Information Security 2 (NIS2) Chinas Cybersecurity Law (CSL) etc.

Qualifications:

• 8 years of related experience in leadership and execution roles within Cybersecurity or Risk Management with background in Supply Chain required.

• Bachelors degree in computer science information technology business administration or another rigorous discipline is required. MBA preferred.

• 6 years of hands-on experience in delivering technology; and cybersecurity design and capabilities required.

• Direct working and/or supporting experience of Supply Chain applications and China Cybersecurity Law compliance is required.

• Understanding of IEC 62443 NIST 800-53 and 800-82 required.

• Ability to independently complete tasks accurately and thoroughly is required.

• Strong understanding of security data protection and capabilities in a manufacturing and/or distribution site is required.

• Excellent communication and collaboration skills able to network interface and influence at all levels of the organization cross-functionally and globally establishing oneself as an inspiring leader with expertise in space.

• Certifications in cybersecurity (CISM CISSP GICSP ISA-62443) audit (CISA) manufacturing or risk management (CRISC) are preferred.

• Strategic mindset to develop capability roadmaps that will enable proactive reliability through data & automation.

• Experience in working/securing various levels of enterprise architecture (data application host middleware network Infrastructure).

• Solid understanding of current security threats mitigation measures and security vendors/technologies.

• Leading diverse team members with varying cybersecurity experience and proficient in resource allocation and planning to meet business needs.

• Big picture perspective and attention to detail focus to align strategic and tactical security aspects.