LEAD, APPLICATION SECURITY

Lead, Application Security Johnson & Johnson is recruiting for an Information Security & Risk Management (ISRM) Application Security Lead, located in Warsaw, Poland.
Caring for the world, one person at a time has inspired and united the people of Johnson & Johnson for over 130 years.
We embrace research and science -- bringing innovative ideas, products, and services to advance the health and well-being of people.
At Johnson & Johnson, we believe good health is the foundation of vibrant lives, thriving communities and forward progress.
That’s why for more than 130 years, we have aimed to keep people well at every age and every stage of life.
Today, as the world’s largest and most broadly-based healthcare company, we are committed to using our reach and size for good.
We strive to improve access and affordability, create healthier communities, and put a healthy mind, body and environment within reach of everyone, everywhere.
Every day, our more than employees across the world are blending heart, science and ingenuity to profoundly change the trajectory of health for humanity.
Thriving on a diverse company culture, celebrating the uniqueness of our employees and committed to equity.
Proud to be an equal opportunity employer.
The Application Security Lead will be a member of a high-performing Information Security team which is responsible for Application Security strategy, technology, and engineering.
They will partner with other members of the global Application Security team to implement and mature security capabilities related to modern software development, Artificial Intelligence / Machine Learning, Citizen Development (Low Code / No Code), and applications built on SaaS (Software as a Service) and Cloud platforms.
The Application Security Lead will connect with Johnson & Johnson software development teams and business unit technology partners to shape practices related to DevSecOps, increase adoption of application security tooling, expand security capability features, ensure timely remediation of risk, and provide subject matter expertise related to securing applications.
Responsibilities.
Assist in implementing and maturing Application Security capabilities (e.
., DevSecOps, Citizen Development Security, SaaS Security, Artificial Intelligence / Machine Learning Security, etc.) Ensure compliance requirements are met through all deployment activities Provide guidance and consultancy for dev teams Drive increased adoption of application security capabilities Ensure timely remediation of risk Generate and collect metrics proving the value of Application Security capabilities Timely reporting of security incidents or significant security problems to appropriate personnel Connect with external vendors to ensure best in class implementation of cloud security capabilities Act as the main point of contact for security issues for their area of influence Qualifications Qualifications A Bachelor’s degree and a minimum of 4 years of progressive experience in the information security or information technology sector Proficiency in English language Experience with Product Ownership Knowledge of common information security management frameworks such as NIST, OWASP, SANS, CIS Understanding of the software development process Experience with DevSecOps tooling (e.
., Static Application Security Testing, Software Composition Analysis, Dynamic Application Security Test, etc.) Knowledge related to API Security and Infrastructure as Code Security Effective communication and collaboration skills Innovative thinking and leadership Experience working in complex, fast-paced environments Ability to drive to short timelines · Strong external networking experience Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.