Principal – Third Party Cyber Risk Assessment
Listed on 2026-06-24
-
IT/Tech
Cybersecurity, Information Security
Principal – Third Party Cyber Risk Assessment
Raritan, New Jersey, United States – Salary range: $102,000 to $177,100. Posted 7 weeks ago.
Role OverviewThe Information Security & Risk Management (ISRM) Risk Assessment Center of Excellence (CoE) at Johnson & Johnson Services, Inc. seeks a Principal – Third Party Cyber Risk Assessment. The role is based in Raritan, NJ, with internal openings in São José dos Campos, São Paulo, Brasil and Warsaw, Poland.
Job DescriptionAs a senior technical authority and thought leader, you will conduct third‑party cyber risk assessments for Johnson & Johnson’s global ecosystem of vendors, SaaS providers, and strategic partners. You will work with a diverse, global team of cyber security professionals to identify, evaluate, and mitigate risks.
Key Responsibilities- Perform and lead third‑party risk assessments, risk rankings, and collaborate on remediation strategies.
- Conduct deep technical reviews of third‑party security controls and evidence artifacts to assess design, implementation, and operating effectiveness.
- Evaluate complex risk scenarios involving sensitive data types, regulatory obligations, and cross‑border data flows.
- Identify, document, and rate third‑party cyber issues, ensuring consistent severity determination and alignment to ISRM standards.
- Drive automation and process improvements through relevant projects and operations.
- Communicate assessment results to senior leaders and provide input on remediation plans.
- Define and implement process improvements to enhance third‑party cyber risk assessment practices.
- Provide consulting support to the broader cybersecurity team on third‑party risk understanding and remediation.
- Lead and mentor junior team members, support ongoing learning, and manage special projects.
- Bachelor’s degree in Computer Science, Engineering, Information Security/Cybersecurity or equivalent required.
- Advanced degree preferred.
- Security certifications such as CISSP, CCSP, CISA, CRISC preferred.
- 5+ years of direct third‑party cybersecurity risk assessment experience.
- 5+ years using Service Now GRC tool to support security risk objectives.
- Proficiency in conducting and leading third‑party risk assessments, including data classification, risk scoring, and mitigation planning.
- Ability to translate technical findings into business impact for key partners.
- Strong analytical and problem‑solving skills.
- Strong interpersonal skills to build and maintain relationships with internal partners.
- Knowledge of regulatory requirements (SOX
404, Privacy, HIPAA, GxP, cyber regulations). - Experience assessing third‑party risk in a large, multinational organization.
- Experience identifying key security risks, controls, and providing consulting throughout the vendor lifecycle.
- Familiarity with security standards and control frameworks (FAIR, HITRUST, ISO
27001, NIST, SOC 2). - Demonstrated record of collaborating with virtual, global teams.
- Business Process Design, Crisis Management, Critical Thinking, Information Security Auditing, Information Security Management System (ISMS), Information Technology (IT) Security Assessments, Information Technology Strategies, Mentorship, Organizing, Presentation Design, Process Optimization, Root Cause Analysis, Security Architecture Design, Security Policies, Technical Credibility, Vulnerability Management.
Base pay range: $102,000 to $177,100. Benefits include medical, dental, vision, life insurance, short‑ and long‑term disability, business accident insurance, and group legal insurance. Eligible employees participate in a consolidated retirement plan (401(k)) and receive vacation (120 hours per calendar year), sick time (40 hours per calendar year), holidays (13 days per calendar year), personal and family time (up to 40 hours per calendar year), parental leave (480 hours within one year), condolence leave (30 days for immediate family), extended family leave (5 days), caregiver leave (10 days), volunteer leave (4 days), and military spouse time‑off (80 hours).
EqualOpportunity
Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status, or any other characteristic protected by federal, state, or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities under VEVRAA and Section 503 of the Rehabilitation Act.
#J-18808-Ljbffr(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).