Senior Analyst, Digital Security & Risk Management

Category: IT
Job Type: Full Time

Posted on:
Last Updated:

Caring for the world, one person at a time has inspired and united the people of Johnson & Johnson for over 130 years. We embrace research and science — bringing innovative ideas, products, and services to advance the health and well-being of people.

The Senior Analyst, Digital Security & Risk Management is part of a dynamic technical team that conducts evidence-based comprehensive security assessments of all new publicly facing digital assets to ensure they meet or exceed minimum security standards as defined by J&J’s Information Security and Risk Management organization.

They share the responsibility for the security, risk management, and compliance of all Johnson & Johnson public-facing digital assets, including websites, social media, and mobile applications.

Key Responsibilities:

Be a part of the Digital Asset Risk Management team that is responsible for the security, risk management, and compliance of all Johnson & Johnson public-facing digital assets, including websites and mobile applications.
You will carry out security testings of websites and mobile applications to discover vulnerabilities and communicate findings back to development teams
Perform security testing using a mix of automated commercial tools and manual processes
Assist with the design and implementation of new security solutions to help drive significant changes to the overall security program.
Drive day-to-day security standard methodologies by serving as an authority in Digital security.
Improve automation of tools and process that optimize day-to-day workflow within the team by crafting solutions and participating in small development projects as required.
Maintain a comprehensive set of assessment risk metrics that can be used to make program decisions and measure the effectiveness of assessment and risk reduction initiatives.
Serve as a partner and/or consultant where digital security leadership or expertise is required in the development or maintenance of key IT or business initiatives.
Collaborate with various partners, including Privacy, Legal, Trademark, etc.
Continually educating business partners on J&J internal guidelines & policies and on the threat landscape, by providing appropriate mentorship, education, awareness training, and regular communication to all relevant partners


A bachelor’s degree in a technical or related field is required. A Master’s degree is helpful.
Minimum IT experience of 5 years is needed.
Validated experience in the provision of comprehensive support across Information Security/Risk Management is required.
Required at least 2 years of experience working with a global team.
Exposure to scripting to automate manual processes is required. (Technologies include, but not limited to, Apache, PHP, MySQL, and SharePoint.)
Experience performing risk-based security assessment reviews on websites/mobile applications is preferred.
Knowledge of web architecture components (including but not limited to web server, HTML, JavaScript, SSL, DNS) is preferred.
Working knowledge of mobile application platform/components (iOS, Android, APIs) is preferred.
Web site and/or mobile application development experience preferred.
Experience with vulnerability scanning tools is preferred.
A CISM or CISSP certification is preferred.
Confirmed analytical and problem-solving skills, as well as the desire to assist others in solving issues
Strong interpersonal skills with a strong interest in the application security domain
Strong presentation skills and a proven capability to communicate threats and facilitate progress towards long-term remediation
Highly motivated with the willingness to take ownership/responsibility for their work and ability to work in a team environment.
Good communication skill, able to network, interface and influence beyond his/her level of the organization, cross-sector, cross-functionality and regionally
Result Orientation/Sense of Urgency – aim to work towards tight timelines
Customer Focus (Internal/External)
Inform your supervisor upfront.
If you are interested in the position and match the above criteria, please apply online!

What’s in it for you…?

“Caring for the world, one person at a time…”

As an employee we consider you as our most valuable asset. We take your career seriously. As part of a global team in an innovative environment your development is key and our day-to-day responsibility. Through e-university, on the job training, various projects and programs, we ensure your personal growth. Our benefits make sure we care for you and your family now and in the future! We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

   I confirm I have read the Privacy Policy, Terms and Conditions & Cookie Information and agree to join the community.