MANAGER SECURITY CONTRACT GOVERNANCE

Caring for the world, one person at a time has inspired and united the people of Johnson & Johnson for over 125 years.
We embrace research and science -- bringing innovative ideas, products, and services to advance the health and well-being of people.
With $95 billion in sales, Johnson & Johnson is the world's most comprehensive and broadly based manufacturer of health care products, as well as a provider of related services, for the consumer, pharmaceutical, and medical devices markets.
Employees of the Johnson & Johnson Family of Companies work with partners in health care to touch the lives of over a billion people every day, throughout the world.
If you have the talent and desire to touch the world, Johnson & Johnson has the career opportunities to help make it happen.
Johnson & Johnson is recruiting for a Manager Security Contract Governance, located in Warsaw, Poland or Sao Paulo dos Campos, Brazil.
The candidate will be responsible for leading the third-party information security contract governance process.
Engagements with a third party require a contract.
In order to protect J&J intellectual property and regulatory compliance, it is necessary to include information security requirements.
This is standard, templated language that is often edited, or “redlined” by the third party.
When this occurs, the contract is sent to information security for review and collaboration.
There are roughly 500 of these requests annually, and they range in complexity from simple approvals of minor changes to complex, multi-month negotiations with large suppliers.
The candidate will lead the end-to-end process which includes performing negotiation with suppliers, reviewing and accepting, rejecting, or editing redlines, maintaining the templated language to ensure it reflects current risk requirements, and applying innovative methods to streamline the governance processes.
This is an enterprise, global role that will require working directly with J&J colleagues and suppliers from around the world.
Key Responsibilities.
Triage and assign requests for reviews, lead the teams progress, maintain and report metrics.
Conduct continuous improvement to the review process.
Perform contract reviews and negotiation on all contract risk levels, representing Johnson & Johnson Information Security to third parties and regulators.
Document common requests and themes to be integrated in to process improvement and language updates.
In collaboration with Legal, Privacy, and Procurement, maintain and update templated security language, ensuring it is adaptable and fully covers J&J risk requirements.
Qualifications Education.
BA/BS or equivalent in Information Security, Information Technology, or Business Administration (or similar) degree required.
Experience and Skills.
Required.
Fluency with oral and written English, including understanding and interpreting “legalese” and technical language.
Information Security Multiple Domain Knowledge Knowledge of certification frameworks such as ISO , SOC2, HITRUST, how and when those are applied and what their impact is to the risk of doing business with a supplier who holds them.
8 years of related industry experience.
Preferred.
At least a basic understanding of NIST and NIST CSF.
Knowledge of French, Spanish, Dutch, or German desirable but not required.
Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.
For more information on how we support the whole health of our employees throughout their wellness, career and life journey, please visit www.
areers.
nj.
om.