Manager Cyber Security and Risk Management at Johnson & Johnson, Singapore

Job Category: Manager Cyber Security and Risk Management
Job Type: Full Time
Job Location: Singapore

Johnson & Johnson, through its operating companies, is the world’s most comprehensive and broadly-based manufacturer of health care products, as well as a provider of related services, for the consumer, pharmaceutical, and medical device markets. We strive to provide scientifically sound, high quality products and services to help heal, cure disease and improve the quality of life.

Do you want to be part of an organization that is thriving on a diverse company culture, celebrating the uniqueness of our employees and committed to inclusion? Then join us! We are proud to be an equal opportunity employer.

The Manager Cyber Security and Risk Management is a results-oriented self-starter who enjoys a fast-paced environment and is looking for opportunity to influence change in an established organization. The role will have responsibility for all aspects of identifying and managing security risk and serve as the focal point for all information protection matters for applicable scope. This role will support the Johnson & Johnson Aspac Commercial, Corporate and R&D unit and will be based in Singapore.

Key Responsibilities:

  • Responsible for driving cybersecurity activities and projects across one of the Sectors, including all security activities associated with external regulations and internal Johnson & Johnson policies and procedures such as Information Asset Protection Policies, as well as security regulations such as EU NIS Directive and related country legislation, HDS, MDR, GDPR, etc. and standards such as ISO27001, NEN, NIST, HiTrust
  • Ensure that J&J information assets are appropriately identified, valued, and protected by following and enforcing all local and worldwide security policies
  • Act as a liaison to the Business and IT to coordinate and lead security risk management activities as required
  • Proactively drive risk-based business strategies anticipating business needs
  • Participate in business planning to ensure cybersecurity capabilities are appropriately considered and included in plans
  • Plan and prioritize the integration of security measures in business projects during the design, development and deployment phases to ensure confidentiality, integrity and availability of applications and data are adequately protected against cybersecurity threats
  • Provide expert guidance in Cybersecurity & Risk Management to ensure that technology solutions meet all requirements and standards
  • Lead efforts to apply risk management processes in projects, identify risks, recommend solutions, validate remediation plans and facilitate implementation
  • Actively advise, assess and lead Business and IT partners in the development of secure information systems and solutions in line with organization’s cybersecurity architecture, IAPP policies and regulatory requirements
  • Work with IT, QA, Regulatory, CIA and business colleagues to ensure audit readiness and to prepare for internal and external audits
  • Lead activities for audit preparation, hosting and follow-up activities and to propose strategies to improve performance in audits
  • Facilitate education and training to the organization on cybersecurity procedures and controls
  • Provide leadership and drive employee engagement
  • Connect with and report valuable metrics to management and senior leadership
  • Timely reporting of security incidents or significant security problems to appropriate personnel
  • Act as the main point of contact for security issues for their area of influence



  • A Bachelor’s degree is required. A major in Cybersecurity or Computer Science is highly preferred

Experience and Skills:


  • A minimum of 8 years of progressive experience in Information Security & Risk Management and/or IT
  • Hands on Technology experience supporting Corporate Applications and/or Infrastructure area in Asia with capability to engage locally in 1 major Asian market such as China or Japan
  • Experience in design and implementation of enterprise (security) architecture, cloud security (e.g. AWS, Azure) and/or development of IT solutions or services
  • Experience in securing various levels of the enterprise architecture (data, application, host, middleware, network, Infrastructure)
  • Experience working in complex, fast-paced environments
  • Experience supporting, leading and influencing security assessments (e.g. SOC Type 2 reporting, PCI, ISO 27001)
  • Big Picture Thinking / Attention to Detail – align strategic and tactical
  • Previous experience developing effective and strong partnerships along with relationship building skills with business leaders and IT Partners
  • Results Orientation/Sense of Urgency – ability to drive to short timelines
  • Excellent interpersonal skills
  • Creative problem-solving skills
  • Customer focus (internal & external)
  • Superb communication and collaboration skills, able to network and influence various levels of the organization, cross sector, cross-functionally and globally
  • Proven ability to influence/collaborate to get to desired result


  • Experience with implementation or review of compliance with international security standards or regulations
  • Experience in leading people and/or projects
  • Security certifications such as CISSP, CCSP, ISSAP, CISM, etc.


  • Up to 10% travel may be expected

Interested in this opportunity? Apply at Manager Cyber Security and Risk Management (

Apply for this position

Allowed Type(s): .pdf, .doc, .docx