Manager- Cybersecurity Investigations

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at https://www.jnj.com

Job Function:

Technology Enterprise Strategy & Security

Job Sub Function:

Multi-Family Technology Enterprise Strategy & Security

Job Category:

People Leader

All Job Posting Locations:

Raritan, New Jersey, United States of America

Job Description:

Johnson and Johnson is recruiting for an Insider Risk Investigation Manager. This position will be based at our Raritan, NJ office.  The Insider Risk Investigation Manager will contribute to a dynamic growing team and play a key role in the success of the Insider Risk program within Information Security & Risk Management (ISRM).

At Johnson & Johnson, we believe good health is the foundation of vibrant lives, thriving communities and forward progress. That’s why for more than 135 years, we have aimed to keep people well at every age and every stage of life. Today, as the world’s largest and most broadly based healthcare company, we are committed to using our reach and size for good. We strive to improve access and affordability, create healthier communities, and put a healthy mind, body and environment within reach of everyone, everywhere.

Every day, our more than 140,000 employees across the world are blending heart, science and ingenuity to profoundly change the trajectory of health for humanity.

Key Responsibilities:

• Partner with expert teams such as HR, Audit, Legal, Physical Security, Cyberforensic teams, and J&J leadership to conduct investigation activities that support enterprise data protection and insider risk initiatives.
• Facilitate data value and business impact assessments of exfiltrated data to determine appropriate investigation actions.
• Interview subjects involved in data risk cases to establish activity root cause and intent, assess credibility, detect inconsistencies, and explore motives to determine appropriate action and remediation steps.
• Responsible for collection, analysis, and interpretation of relevant data activity, digital forensics, or other reports required for complete and thorough investigations.
• Produce timely case notes and statuses, metrics, and final case reports for assigned case load.
• Manage work consistently and accurately within team Case Management System.
• Contribute to accurate and comprehensive playbook and SOP documentation required for repeatable and defensible processes.
• Specify technical remediation requirements and provide specific guidance to investigation subjects.
• Recommend corrective actions required by subject or manager/team.
• Collaborate with Investigation Team on time sensitive, high priority cases.
• Escalate high risk events to leadership and stakeholders.
• Perform case debriefs to audiences with a mixed level of technical expertise including legal counsel and law enforcement.

Qualifications

Education:

• BA/BS degree is required.

Experience and Skills:

Required:

• 5+ years of proven experience in Insider Risk, Cybersecurity, or Technical Investigations.
• Demonstrated understanding of data security and data egress concepts and methods.
• Experience and proven ability to investigate and interview subjects as it relates to data exfiltration from a large organization.
• Minimum of 3 years of experience interviewing investigation subjects.
• Solid understanding and experience with Data Loss Prevention (DLP) systems and related security tools that supply Insider Risk alerts.
• Ability to directly manage or work with 3rd party firms and subjects to sanitize, recover, or securely remove data in a variety of systems, applications, and device types.
• Experience anticipating cyber forensic investigation needs, interpreting and analyzing cyber forensic reports from end user devices and network systems.
• Excellent listening skills and ability to detect and question implausible explanations and effectively challenge subjects with dubious intent.
• Ability to work independently and effectively in a dynamic corporate environment.
• Ability to adapt to frequent reprioritization of tasks based on risk factors.
• Familiarity and support of 18 U.S.C. 1831 & 1832.
• Consistently operate with confidentiality and communicate case information with careful discretion.

Preferred:

• Experience and understanding of protecting trade secrets and intellectual property, data security, and data exfiltration methods.
• Experience in Insider Risk and investigations programs within highly complex and/or global environments.
• Background and experience in law enforcement, corporate security, or intelligence with requisite skills & experience in corporate investigations, debriefing, and case management processes and techniques.
• Understanding of Privacy legislation and requirements differences globally.

#LI-Hybrid

#JNJTECH

#LI-RW1

Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.  

Johnson & Johnson is committed to providing an interview process that is inclusive of our applicants’ needs. If you are an individual with a disability and would like to request an accommodation, please contact us via https://www.jnj.com/contact-us/careers or contact AskGS to be directed to your accommodation resource.

Required Skills:

Preferred Skills:

Crisis Management, Cyber Security Assessments, Developing Others, Enterprise Application Integration (EAI), Enterprise IT Governance, Global Market, Inclusive Leadership, Information Security Management System (ISMS), Information Security Risk Management, Information Security Strategic Roadmaps, Information Technology Strategies, Interpersonal Influence, IT Security Administration, Leadership, Resource Allocation, Security Architecture Design, Security Monitoring, Team Management

The anticipated base pay range for this position is :

Additional Description for Pay Transparency: