The Director, Security & Risk Management Business Services, Asia Pacific will play an integral role in security and risk management related activities in the business services provided by the organization. He/she will have regional responsibility for leading the Information Security & Risk Management (ISRM) business services function for the Asia Pacific region. The Director will serve as the focal point for all information asset protection matters in the Johnson & Johnson Operating Company, Sector organization, or region for which he or she is responsible. The Director will be Accountable for promoting information security within the Operating Company or Sector, including ensuring processes, procedures and other activities are defined and implemented to meet the requirements of the Information Asset Protection Policies (IAPPs). Serves as the ISRM liaison and have direct interaction with sector personnel, IT and business leaders.
Major Duties and Responsibilities
In order of importance, briefly describe, in sentence form, the essential functions/major responsibilities of this position (principal duties and responsibilities of the position) as it exists today. Describe the job, not the person in the job. Each item listed below should be an essential function/major responsibility of the position, not a day-to-day activity.
Typically, job descriptions should contain no more than seven or eight major responsibilities ranked in order of highest percentage time to least.
Tasks/Duties/Responsibilities
20% -Drive risk based business strategy development and implementation for the business unit. Responsible for business partner relationships with Senior IT and Business Leaders and key internal and external stake holders. Proactively drive risk based business strategies anticipating business needs. Participate in business planning to ensure Information security and risk management capabilities are planned for. Ensure on the ground secure and compliant deployment of key IT initiatives
Approximate time spent
20% -Ensure that security is integrated into projects managed by the business and help integrate security and risk management activities during the design, development and deployment phases. Lead the application of risk management processes in the business projects to identify and track risks, recommend solutions, validate remediation plans and facilitate implementation
15% -Influence IT and business to help drive secure and compliant environment that ensures availability, integrity and confidentiality of our assets. Serve as an accountable and empowered Senior Leader to address Information Security & Risk Management escalations or issues
25% -Lead the Asia Pacific ISRM business service team that will serve as business risk officers and provide risk assurance activities to the regional and local business. Responsible for driving IT risk assurance activities across the region, including all information security and risk management activities associated with external regulations and internal Johnson & Johnson policies and procedures such as Sarbanes Oxley, managing the internal and external audits, Information security, Advisory role on project planning and deployment
10% -Implement and communicate key metrics for Information security and risk management to senior management. Ensure proactive tracking and closure of management action plan, CAPA etc. with business partners
10% -Lead and participate in industry / sector organizations helping to shape industry standards and best practices as they relate to security and risk management business services.
Other Duties
• Provide periodic updates to senior information technology and business leadership on security and risk management related metrics and program in business projects.
• Conduct training and awareness campaigns related to security and risk management for all business leads across J&J.
• Serve as a thought leader in identification and integration of security requirements and provide advice to executive management including Chief Information Officer (CIO) and business leads.
• Develop effective working partnership with senior management.
• Mentor talent and help them grow in their careers.
• Collaborate with other leaders and staff within security and risk management to help ensure each function is executed in an efficient manner.
Required Knowledge, Skills And Abilities
• Bachelor’s degree or equivalent.
• A minimum of 10 years of progressive experience in leadership roles with a focus on security and risk management.
• Track record in managing security and risk management activities in projects to deliver results.
• Experience in integrating security requirements in large and complex projects.
• Experience working with multiple corporate risk leaders as well as the sectors within Life Sciences.
• Experience managing large organizational budget and portfolio.
• Strong people management and development skills in a large, globally diverse organization.
• Global experience (with multiple countries, regions) and associated cultural awareness.
• Strategic thinking – perspective on how organizational change will impact business models.
• Attention to Detail – align strategic and tactical.
• Results Orientation/Sense of Urgency – ability to drive to tight timelines.
• Excellent interpersonal skills.
• Strong analytical skills.
• Creative problem solving skills.
• Customer focus (internal and external).
• Excellent communication skills, able to network, interface and influence at all levels of the organization, cross sector, cross-functionally and globally.
• Proven ability to influence/collaborate to get to desired result.
• Strong leadership skills.
• Knowledge of key business processes preferred.
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar
Percentage Traveled: 10%-20%
8+ years of experience managing people
Pass it on for Referral Bonus. Not the right role for you, but know someone we should meet? Share with him to earn $1,000 referral bonus.
Subscribe to us
100% Free.
close