Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Johnson & Johnson

Senior Director, GRC, IT Controls, Cyber Culture

Johnson & Johnson

Senior cybersecurity leader managing GRC function across DePuy Synthes, ensuring compliance and enhancing security culture. Leading strategic risk management initiatives in a health innovation organization.

Posted 7/14/2026full-timeFlorida, Massachusetts, New Jersey, Pennsylvania • 🇺🇸 United StatesSenior💰 $178,000 - $307,050 per yearWebsite

Core Competencies

Role fit
Core Competencies

Use this summary to align your resume positioning with the role.

Demonstrates extensive experience in building and maturing enterprise Governance, Risk, and Compliance (GRC) programs, with a strong focus on cybersecurity risk management, compliance frameworks, and IT controls. Proven ability to lead cross-functional teams and engage with business leaders to align security priorities with organizational objectives.

Highest-signal resume keywords
Enterprise GRC Program DevelopmentCybersecurity Risk ManagementSOX Control ActivitiesLeadership in Cyber Risk AdvisoryCISSP Certification

ATS Keywords

Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills
CybersecurityInformation SecurityTechnology Risk ManagementIT ControlsGRCRisk IdentificationCompliance FrameworksControl MonitoringAudit ReadinessRemediation Tracking
Soft Skills
Strategic ThinkingAnalytical SkillsCommunication Skills
Certifications & Qualifications
CISSPCISMCRISC
Industry Keywords
Governance ForumsRisk Management ProcessesCompliance OversightControl DesignContinuous ImprovementGlobal RegulationsAudit Practices

Tech Stack

Tools & technologies
Cyber Security

About the role

Key responsibilities & impact
  • Build and mature the enterprise GRC function, including governance forums, risk management processes, compliance oversight, control monitoring, issue management, and executive reporting.
  • Provide leadership and oversight for the BISO manager organization, ensuring consistent engagement with business leaders, effective cyber risk advisory support, and alignment of security priorities to business objectives.
  • Lead enterprise cyber risk management activities, including risk identification, assessment, mitigation planning, escalation, and reporting to senior leadership and governance bodies.
  • Oversee SOX cybersecurity and IT control activities, including implementation, operating effectiveness, evidence readiness, remediation tracking, and partnership with Finance, Internal Audit, External Audit, and IT control owners.
  • Establish and operationalize an enterprise IT controls and assurance framework that enables consistent control design, testing, monitoring, reporting, and continuous improvement across the organization.
  • Drive cybersecurity compliance with applicable global regulations, standards, and frameworks, ensuring the organization can demonstrate control effectiveness and audit readiness.

Requirements

What you’ll need
  • Bachelor’s degree in Information Security, Computer Science, Engineering, or a related field.
  • 12–14 years of progressive experience in cybersecurity, information security, technology risk management, IT controls, or GRC, including senior leadership roles.
  • Demonstrated experience building or maturing enterprise GRC programs in a regulated, global, or complex operating environment.
  • Deep knowledge of cybersecurity risk management, compliance frameworks, IT controls, SOX control expectations, assurance practices, and audit readiness.
  • Strong strategic, analytical, and communication skills, with the ability to translate technical risk, control gaps, and compliance obligations into business impact.
  • Certifications (preferred): CISSP, CISM, CRISC, or equivalent.
  • Language: English (fluent).

Benefits

Comp & perks
  • Retirement plan (pension)
  • Savings plan (401(k))
  • Long-term incentive program
  • Vacation –120 hours per calendar year
  • Sick time - 40 hours per calendar year;
  • Holiday pay, including Floating Holidays –13 days per calendar year
  • Work, Personal and Family Time - up to 40 hours per calendar year
  • Parental Leave – 480 hours within one year of the birth/adoption/foster care of a child
  • Bereavement Leave – 240 hours for an immediate family member: 40 hours for an extended family member per calendar year
  • Caregiver Leave – 80 hours in a 52-week rolling period
  • Volunteer Leave – 32 hours per calendar year
  • Military Spouse Time-Off – 80 hours per calendar year