At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at jnj.com
As guided by Our Credo, Johnson & Johnson is responsible to our employees who work with us throughout the world. We provide an inclusive work environment where each person is considered as an individual. At Johnson & Johnson, we respect the diversity and dignity of our employees and recognize their merit.
Job Function:
FinanceJob Sub Function:
Internal AuditJob Category:
People LeaderAll Job Posting Locations:
New Brunswick, New Jersey, United States of AmericaJob Description:
Johnson & Johnson is recruiting for a Director – Digital Risk, Global Audit & Assurance located in New Brunswick, NJ.
Global Audit & Assurance is the organization’s Internal Audit function. Global Audit & Assurance’s mission is to become a best-in-class audit organization delivering data driven, risk-based audit and assurance projects, that develops talent and drives Johnson & Johnson compliance.
In this highly visible role, you will be a member of the Audit Leadership Team (ALT) within GA&A (J&J’s internal audit department) and reporting to the VP who leads Technology Audit, Global SOX Program and Digital Innovation. You will serve as a domain expert and audit leader, partnering with peer Directors to deliver integrated, risk-based audits across the organization. You will have oversight responsibility for approximately 30% of Technology Audit team, leading a broad and growing team of professionals to execute and deliver on the department’s Audit Risk Assessment plan and supervising audit activities. Your specific focus will be providing domain level expertise on critical enterprise risks related to Cybersecurity, Artificial Intelligence, Privacy & Data Governance. You will contribute to shaping the on-going involvement of the Technology audit function, our delivery capabilities and the integrated execution of the Internal Audit function.
Key Responsibilities:Audit & Advisory Management
- Direct and supervise a global Technology audit team through the annual audit and advisory plan lifecycle (i.e., conducting on-going risk assessments to determine scope, executing risk-based audit procedures related to technology related risks, with specific focus in the domain areas of – Cybersecurity, Artificial Intelligence, Privacy & Data Governance
- Serve as a technical authority during audit planning, fieldwork and reporting phases, including performing quality reviews over work product and final reports.
- Work collaboratively with VP, Sr. Director and Director audit personnel to manage the overall audit plan execution and deliver on integrated (Finance & Technology) audits. Work collaboratively to deliver various department initiatives.
- Provide oversight and methodology guidance during assurance and advisory reviews over key and emerging risk topics and technology, including but not limited to, Cybersecurity, Artificial Intelligence, Privacy & Data Governance.
- Identify systematic issues across audits and partner with stakeholders to diagnose root causes and recommend scalable control improvements. Act as a control environment thought leader, not just issue validator.
- Rapidly assess unfamiliar, emerging technologies, propose right-sized audit plans, balancing risk precision vs. practicality in drawing audit conclusions.
- Working collaboratively with other Technology Directors, lead the development, documentation, and maintenance of department’s Technology audit program consistent with enterprise policies, procedures, and established standards & methods. Work closely with other audit directors and compliance/testing leaders, to obtain adequate knowledge from pre/post-implementation activities to enable on-going audit activities in risk-based reviews.
- Stay abreast of industry and regulatory compliance pronouncements and drive the process to implement relevant standards for the Technology audit organization with a particular focus on Cybersecurity, Artificial Intelligence and Privacy & Data Governance.
Stakeholder Management
- Serve as a trusted advisor across the Global Technology, Business and Compliance leadership, including VP level stakeholders, that support the Enterprise risks related to Cybersecurity, Artificial Intelligence, Privacy & Data Governance.
- Independent interaction to manage key messages related to the annual audit plan, including status and results/recommendations.
- Influence actionable change, considering audit results, to continuously improve the compliance posture of the organization and help achieve business strategy/results.
- Lead through times of significant enterprise process and technology transformation and promote adoption of new, digitized practices enabled by company transformation efforts.
- Foster high levels of trust and transparency with senior leaders throughout the organization
Talent Management
- Provide people leadership to the Technology Audit organization, in a high performing, positive and engaging working environment, representing the teams in the annual performance review cycle and any applicable talent councils.
- Direct supervision and responsibility over a team of managers and their direct reports (~10 FTE with potential to grow).
- Partner and oversee select third party SMEs that may be engaged to support audit activities.
- Take ownership and collaborate across the department to help uplift current and future technical capabilities of the Internal Audit function and the talent pipeline.
- Serve as an Audit Leadership team member or sponsor for various pillar teams or Audit Risk Management teams related to key risk topics (e.g., Cybersecurity, Disruptive Technology and Privacy).
Education:
- A minimum of a bachelor's degree (BA/BS) is required. An advanced degree (MBA or MS) is a plus. Ideal concentrations – Accounting, Finance, Technology related disciples.
Required:
Professional Experience
- A minimum of 12 years of process & risk experience with focus on technology audit, assurance or compliance-related experience, including cyber risk, data/AI risk or related disciplines is required.
- Professional Services training and experience from a “Big 4” firm is preferred.
Leadership Characteristics
- Proven ability to establish and foster collaborative relationships with key stakeholders both within and external to the department, including experience working with senior level executives through staff.
- Strong communication and interpersonal skills; ability to properly frame key messages and communications based on audience, particularly senior level executives and stakeholders.
- Strong analytical skills, proven ability to approach challenges with a strategic mindset.
- Ability to lead the Technology organization and empower the team through times of change
- Ability to influence/impact decisions, collaborate and build trust amongst senior business and technology leaders, direct reports and GA&A colleagues.
- Self-motivated, change agile; capacity to work with autonomy managing high levels of complexity, ambiguity and uncertainty.
- Proactivity and solution oriented, can-do attitude.
- Strong eagerness to maintain and improve processes in a dynamic environment with a focus on digitization and simplification.
- Exceptional time management and communication skills. Demonstrated ability to manage multiple conflicting customer and stakeholder demands.
- Passion for people and their development/career progression.
Technical Skills:
- Prior experience in developing and executing the technology components of an annual audit plan by coordinating various audits of internal controls over financial reporting and operational risks are required.
- Proven experience with auditing Cybersecurity risks, AI governance and emerging risks and privacy frameworks.
- Experience with artificial intelligence tools and technologies is required.
- Proven experience in Advisory or oversight roles (not just execution), supporting complex, cross-functional audits.
- Strong understanding of IT & Information technology General Controls Frameworks and standards such as NIST, ISO, SANS, COBIT, ITIL, COSO and regulations such as SOX, various Global Privacy standards, HIPAA is required.
- Strong understanding of business process fundamentals, including controls and related risks is required.
- Experience with the design, development, and implementation of internal controls for to address risks is required.
- Extensive experience financial and operational risk identification and validation.
- Knowledge and audit experience with risks related to cybersecurity, artificial intelligence, and data privacy/governance is required.
- Professional certification (e.g. CISA, CIA, CPA, CIRSC, CISSP) is strongly preferred.
- Experience with auditing SAP products and associated risks and internal controls is strongly preferred.
- Professional experience in roles supporting a Pharmaceutical / Innovative Medicine or Medical Technology company is strongly preferred.
- English fluency (written and verbal) is required; fluency in multiple languages is a plus.
- The position requires up to 30% of domestic and international travel.
Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.
Johnson & Johnson is committed to providing an interview process that is inclusive of our applicants’ needs. If you are an individual with a disability and would like to request an accommodation, external applicants please contact us via https://www.jnj.com/contact-us/careers . internal employees contact AskGS to be directed to your accommodation resource.
If you are under 18 years of age, you (the candidate) may need to obtain the necessary working papers or other documentation required by state law to start the assignment, as well as get a parent’s consent for the background check.
Required Skills:
Preferred Skills:
Agility Jumps, Audit and Compliance Trends, Audit Reporting, Collaboration, Compliance Policies, Data Savvy, Developing Others, Fact-Based Decision Making, Financial Analysis, Financial Risk Management (FRM), Fraud Prevention Strategies, Inclusive Leadership, Internal Auditing, Internal Controls, Leadership, Program Management, Sarbanes-Oxley Compliance, Technical CredibilityThe anticipated base pay range for this position is :
$150,000.00 - $258,750.00Additional Description for Pay Transparency:
Subject to the terms of their respective plans, employees are eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)).This position is eligible to participate in the Company’s long-term incentive program.
Subject to the terms of their respective policies and date of hire, employees are eligible for the following time off benefits:
Vacation –120 hours per calendar year
Sick time - 40 hours per calendar year; for employees who reside in the State of Colorado –48 hours per calendar year; for employees who reside in the State of Washington –56 hours per calendar year
Holiday pay, including Floating Holidays –13 days per calendar year
Work, Personal and Family Time - up to 40 hours per calendar year
Parental Leave – 480 hours within one year of the birth/adoption/foster care of a child
Bereavement Leave – 240 hours for an immediate family member: 40 hours for an extended family member per calendar year
Caregiver Leave – 80 hours in a 52-week rolling period10 days
Volunteer Leave – 32 hours per calendar year
Military Spouse Time-Off – 80 hours per calendar year
For additional general information on Company benefits, please go to: - https://www.careers.jnj.com/employee-benefits
Skills Required
- Bachelor's degree (BA/BS)
- Minimum 12 years process and risk experience with focus on technology audit, assurance, or compliance
- Experience auditing cybersecurity, AI governance, and privacy/data governance risks
- Experience with artificial intelligence tools and technologies
- Proven experience developing and executing technology components of annual audit plans (ITGC, operational risks)
- Strong understanding of IT & information technology general controls frameworks and standards (NIST, ISO, SANS, COBIT, ITIL, COSO) and regulations (SOX, HIPAA, global privacy standards)
- Experience designing, developing, and implementing internal controls to address risks
- Proven advisory or oversight experience supporting complex, cross-functional audits
- Demonstrated leadership and stakeholder management with senior executives and ability to lead a team of managers (~10 FTE)
- Professional Services (Big 4) experience
- Advanced degree (MBA or MS)
- Professional certification (CISA, CIA, CPA, CIRSC, CISSP)
- Experience auditing SAP products and associated internal controls
- Experience in Pharmaceutical / Medical Technology industry
- English fluency (written and verbal); additional languages a plus
Johnson & Johnson Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Johnson & Johnson and has not been reviewed or approved by Johnson & Johnson.
-
Healthcare Strength — Healthcare coverage is characterized as comprehensive across medical, dental, and vision, with added supports like onsite clinics, fitness centers, and Employee Assistance resources. Mental-health services and wellbeing reimbursements are also described as meaningful components of the overall package.
-
Retirement Support — Retirement offerings are portrayed as a major differentiator, combining a 401(k) with employer matching and an employer-funded pension plan. Stock options and other long-term financial supports are also positioned as part of the broader rewards mix.
-
Parental & Family Support — Family-related benefits are presented as notably strong, including paid parental leave for all new parents and additional leave types for caregiving and bereavement. Financial assistance for adoption, fertility treatment, and surrogacy is highlighted as a significant support.
Johnson & Johnson Insights
What We Do
Profound Change Requires Boldness. Johnson & Johnson is the largest and most broadly based healthcare company in the world. We’re producing life-changing breakthroughs every day, and have been for the last 130 years. The combination of new technologies and your expertise enables amazing things to happen. Teams from J&J’s consumer business are creating digital tools to help people track the health of their skin. Those working in medical devices are 3-D printing artificial joints personalized for each patient, while researchers in pharmaceuticals use AI to discover lifesaving drugs. Imagine what the rest of our team of 134,000 people at 260 companies in more than 60 countries across the world is accomplishing. We redefine what it means to be a big company in today’s world. Social Media Community Guidelines: http://www.jnj.com/social-media-community-guidelines








