×
Register Here to Apply for Jobs or Post Jobs. X

Sr. Director, GRC, IT Controls & Cyber Culture, Orthopedics

Job in Raritan, Somerset County, New Jersey, 08869, USA
Listing for: Johnson & Johnson MedTech
Full Time position
Listed on 2026-07-18
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, IT Project Manager
Salary/Wage Range or Industry Benchmark: 178000 - 307050 USD Yearly USD 178000.00 307050.00 YEAR
Job Description & How to Apply Below

Job Function: Technology Enterprise Strategy & Security

Job Sub Function: Security & Controls

Job Category: People Leader

All Job Posting Locations:

  • Raritan, New Jersey, United States of America
  • Raynham, Massachusetts, United States of America
  • Warsaw, Indiana, United States of America
  • West Chester, Pennsylvania, United States of America
  • West Palm Beach, Florida, United States
Job Overview

This role serves as a senior cybersecurity leader reporting to the CISO, with enterprise accountability for building, maturing, and operationalizing the Governance, Risk & Compliance (GRC) function across DePuy Synthes. The Sr. Director will oversee the BISO manager organization, establish scalable risk governance practices, strengthen security awareness and behavior‑based culture programs, and drive implementation of IT controls and an enterprise assurance framework.

The role will also oversee external cybersecurity assessments and disclosures, including cyber insurance, ESG‑related cybersecurity inputs, and other third‑party assurance activities. This highly visible leadership role will help ensure cybersecurity risk, compliance, control effectiveness, and cultural adoption are consistently managed across the enterprise in support of business priorities, regulatory expectations, and organizational resilience.

Key Responsibilities
  • Build and mature the enterprise GRC function, including governance forums, risk management processes, compliance oversight, control monitoring, issue management, and executive reporting.
  • Provide leadership and oversight for the BISO manager organization, ensuring consistent engagement with business leaders, effective cyber risk advisory support, and alignment of security priorities to business objectives.
  • Lead enterprise cyber risk management activities, including risk identification, assessment, mitigation planning, escalation, and reporting to senior leadership and governance bodies.
  • Own the enterprise cybersecurity policy and standards lifecycle – from creation and implementation to continuous review – ensuring clarity, compliance, and alignment with organizational goals.
  • Oversee SOX cybersecurity and IT control activities, including implementation, operating effectiveness, evidence readiness, remediation tracking, and partnership with Finance, Internal Audit, External Audit, and IT control owners.
  • Establish and operationalize an enterprise IT controls and assurance framework that enables consistent control design, testing, monitoring, reporting, and continuous improvement across the organization.
  • Lead oversight of external cybersecurity assessments and assurance requests, including cyber insurance questionnaires, ESG‑related cybersecurity inputs, customer or partner assessments, and other third‑party reviews requiring enterprise cyber risk and control representation.
  • Drive cybersecurity compliance with applicable global regulations, standards, and frameworks, ensuring the organization can demonstrate control effectiveness and audit readiness.
  • Lead security awareness, behavior and culture initiatives that improve workforce accountability, reduce human‑centric risk, and embed secure practices into day‑to‑day business operations.
  • Lead and develop high‑performing cybersecurity leaders and teams, fostering a culture of accountability, collaboration, disciplined execution, and continuous improvement.
  • Provide executive‑level reporting on cybersecurity risk, compliance status, control effectiveness, assurance outcomes, and program maturity to senior leadership and governance bodies.
Qualifications

Education

  • Required:

    Bachelor’s degree in Information Security, Computer Science, Engineering, or a related field.
  • Preferred:
    Master’s degree (MS, MBA, or equivalent) in Cybersecurity, Information Systems, or Business.

Required Experience and Skills

  • 12–14 years of progressive experience in cybersecurity, information security, technology risk management, IT controls, or GRC, including senior leadership roles.
  • Demonstrated experience building or maturing enterprise GRC programs in a regulated, global, or complex operating environment.
  • Experience leading BISO, cyber risk advisory, security governance, or business‑aligned…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary