|Date Posted||November 7, 2019|
Johnson & Johnson is currently recruiting for an IT Lead, ISRM ERP SC (JDE/SAP). This position can sit out of any J&J location in North America, Latin America or Europe/Middle East/Africa.
Caring for the world, one person at a time has inspired and united the people of Johnson & Johnson for over 130 years. We embrace research and science -- bringing innovative ideas, products and services to advance the health and well-being of people.
With $81.6 billion in 2018 sales, Johnson & Johnson is the world's most comprehensive and broadly-based manufacturer of health care products, as well as a provider of related services, for the consumer, pharmaceutical, and medical devices markets. There are more than 250 Johnson & Johnson operating companies employing over 125,000 people and with products touching the lives of over a billion people every day, throughout the world. If you have the talent and desire to touch the world, Johnson & Johnson has the career opportunities to help make it happen.
Are you a high energy individual looking for an exciting opportunity? If so, this may be the opportunity for you! ISRM is looking for a highly motivated individual to join our group and we hope that you will be the one!
As a part of the Information Security Risk Management Supply Chain group, the ISRM ERP (JDE/SAP) IT LEAD will be responsible for supporting the security program for Johnson and Johnson’s JDE/SAP technologies:
The role focuses on providing security consulting and assurance for assigned platforms, including:
- Performing risk calculators to identify high risk applications/projects; for those identified, performing application security questionnaires/assessments, identifying security gaps and appropriate remediation actions.
- Performing Incident trending to ensure security root causes are identified and remediated.
- Evaluating static & dynamic vulnerabilities to identify TLM/ALM & other security issues along with the appropriate remediation actions.
- Consult on new technologies relating to SAP.
- Providing assurance to in-line managers on the cyber security risk posture of the SAP and JDE ERPs capabilities and solutions within J&J’s global supply chain, including supporting assessments and design reviews of current and to-be solutions and environments, ranking risks and providing mentorship and guidance on remediation.
- Crafting strategy for security capabilities needed, influencing business funding and adoption and partnering in the selection and deployment of those capabilities.
- Monitoring the industry SAP landscape for emerging threats, technologies and capabilities.
- Actively monitoring existing ERP platforms to ensure security is built into all new platforms and associated tools and technologies.
- Provide security consulting and assurance for high risk projects and existing high-risk applications via secure architecture design reviews, secure coding, encryption, configuration, crafting security user stories, and providing security solution/remediation mentorship across the full information technology solution (application, database, infrastructure, networks, and interfaces with the grid, lake, warehouse).
- Actively monitor existing assigned platforms.
- Evaluate and ensure security is built into all platforms and associated tools and technologies.
- Support complex global network of TS, BTL, PLO, and compliance group partners, training them in security, gaining alignment and funding for projects, and influencing the direction of resources for security mitigation
- Assist in identifying SAP/JDE threats and vulnerabilities, and coding deficiency trends using research, DCAM, Nexpose, and Virtual Forge. Help to craft advising IT, ISRM, and Engineering teams on appropriate actions to address them.
- Continuously work with IT in the development of additional tools to ensure they provide the security information required.
- Perform periodic renewals of BPRAs, EBCSAs, and RAFs, ensuring connectivity is required based on SAP knowledge and risks identified with appropriate remediation plans.
- Support in crafting of metrics and dashboards to enable effective management of risk.
- A minimum of a bachelor’s degree is required.
- A minimum of 5 years of experience working in IT is required.
- A minimum of 3 years of experience with security and compliance is required.
- A minimum of 3 years of experience with SAP and/or JDE is required.
- A minimum of 2 years’ experience analyzing infrastructure and application architecture and operational processes to identify security gaps and crafting solutions is required.
- Knowledge and experience evaluating key security technologies and controls is required. (e.g. access control, change management, patch management, encryption technologies, etc.)
- Strong knowledge of the SAP and/or JDE security landscape including trends in process, tooling and threats is required.
- A certification in Information Security is preferred.
- Demonstrable track record of working within large projects and managing multiple challenging priorities is preferred.
- An attention to detail is required.
- Results orientated with the ability to apply a sense of urgency to drive to tight timelines is required.
- Excellent interpersonal skills and creative problem-solving skills are required.
- Ability to demonstrate superb communication skills, be able to network, get along with all levels of the organization is required.
- This position can sit out of any J&J location in North America, Latin America or Europe/Middle East/Africa and may require up to 10% travel.
Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.
United States-New Jersey-Raritan-
North America, Latin America, Europe/Middle East/Africa
Johnson & Johnson Services Inc. (6090)