Sr. Manager, Information Security Officer

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at https://www.jnj.comJob FunctionTechnology Enterprise Strategy & SecurityJob Sub FunctionSecurity & ControlsJob CategoryScientific/TechnologyAll Job Posting Locations:Seoul, Korea, Republic ofJob DescriptionDo you want to be part of an organization that is thriving on a diverse company culture, celebrating the uniqueness of our employees and committed to inclusion? Then join us! We are proud to be an equal opportunity employer.We are searching for the best talent for Sr. Manager, Chief Information Security Officer.The Sr. Manager, CISO (Chief Information Security Officer) enables a framework of robust security and governance for assessing risks to eliminate threats and takes accountability for Korea business operations in the challenging business landscape and evolving compliance regulations.As a senior manager, the CISO is responsible for establishing and maintaining a company-wide information and security management program to oversee the protection of people, assets and technology from malicious attacks and to ensure that information assets are adequately protected to meet local privacy and security regulations. The CISO also serves as a focal point for all assurance activities related to the confidentiality, integrity and availability of customer/patient, business partner, employee and business information in compliance with the J&J Information Asset Protection Policies. A key element of the CISO's role is working with executive management to determine acceptable levels of risks for the organization.Key Responsibilities Appointed to local South Korea CISO for cross sector J&J Korea companies and will follow below roles and responsibilities as defined by South Korea Privacy and Security Laws:Establish, manage, and operate information security management system.Analyze, assess, and improve information security weaknesses.Prevent and respond to data breach or data incidents as a focal reporting point for any security related incidents.Prepare preventive information protection measures, design, and implement security measures, etc.Review of information security risk.Carry out other vital measures for information security as required by Korea PIPA and Network Act, including ISMS certification, annual information security public disclosure to the Ministry of Science & ICT, cybersecurity insurance. Leading the response to inquiries or investigations from Personal Information Protection Commission (PIPC), Korea Internet & Security Agency (KISA) or similar regulatory authorities. Review and assess changes in privacy and security laws, closely work with privacy and legal team Engage externally and participate in privacy and security legislation process. Collaborate with local legal team on regulatory requirements and engagement with the Regulator. Lead Korea Privacy & Security project by providing advice and security guidance. Alignment on Risk mitigation and reduction to meet local regulations. Participate in business planning to ensure cybersecurity capabilities are appropriately considered and included in plans. (budget, resources). Actively advise, assess and lead Business and IT Partners in the development of secure information systems and solutions in line with organization’s cybersecurity architecture, IAPP policies and regulatory requirements. Lead activities for security audit preparation, hosting and follow-up activities and to propose strategies to improve performance in audits. Facilitate education and training to the organization on cybersecurity procedures and controls. Provide leadership and drive employee engagement with ownership in the Information Security Committee. Connect with and report valuable metrics to management and senior leadership. Timely reporting of security incidents or significant security problems to appropriate personnel. Act as the main point of contact for security issues for their area of influence.QualificationsEducation:A Bachelor's degree is required. A major in Cybersecurity or Computer Science is highly preferred.RequiredExperience and Skills:a bachelor’s degree in information security or information technology and a minimum of 10 years of progressive experience in the information security or information technology sector.Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.Excellent written and verbal communication skills and high level of personal integrityInnovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teamsQualified as an ISMS (i.e., information security management systems) certification review member who has been certified by the pertinent certification body for information security management systems; orExperience in design and implementation of enterprise (security) architecture, cloud security (e.g. AWS, Azure) and/or development of IT solutions or services.Experience in securing various levels of the enterprise architecture (data, application, host, middleware, network, Infrastructure)Experience working in complex, fast-paced environmentsExperience supporting, leading and influencing security assessments (e.g. SOC Type 2 reporting, PCI, ISO 27001).Review Security Audits and assessments and consult to the project team and Sr. leaders on remediation of identified risks.Big Picture Thinking / Attention to Detail – align strategic and tacticalPrevious experience developing effective and strong partnerships along with relationship building skills with business leaders and IT PartnersResults Orientation/Sense of Urgency – ability to drive to short timelinesExcellent interpersonal skillsCreative problem-solving skillsCustomer focus (internal & external)Fluent in English and Korean (in verbal and written)Superb communication and collaboration skills, able to network and influence various levels of the organization, cross sector, cross-functionally and globallyProven ability to influence/collaborate to get to desired resultPreferredExperience with implementation or review of compliance with local/ international security standards or regulations.Experience in leading people and/or projectsSecurity certifications such as CISSP, CCSP, ISSAP, CISM, etc.OtherUp to 10% travel may be expectedLegal EntityVision CareJob TypeRegularApplication DocumentsFree-form resume AND cover letter is required (in Korean or English).Application DeadlineOpen until the position is filled.NotesPreference will be given to individuals subject to national veterans’ benefits and persons with disabilities upon submission of relevant documents as per applicable laws.Only candidates who pass the resume screening will be notified individually. However, notifications may be delayed due to company circumstances.If any false information is found in the application documents, the hiring may be canceled even after the offer is confirmed, and future applications may be restricted.Submitted documents will not be returned and will be deleted upon request.