FREE ACCESS
5,000–10,000 jobs/day
See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.

Senior Director, GRC, IT Controls, Cyber Culture
Johnson & JohnsonSenior cybersecurity leader overseeing Governance, Risk & Compliance at DePuy Synthes. Building security awareness and driving implementation of IT controls across the organization.
Posted 7/15/2026full-timeRaritan • Florida, Massachusetts, New Jersey, Pennsylvania • 🇺🇸 United StatesSenior💰 $178,000 - $307,050 per yearWebsite
Core Competencies
Role fitCore Competencies
Use this summary to align your resume positioning with the role.
Demonstrates expertise in enterprise GRC program development, cybersecurity risk management, and compliance oversight, with a strong focus on aligning security priorities with business objectives. Proven ability to lead high-performing teams and provide strategic insights to senior leadership on cybersecurity risks and compliance status.
Highest-signal resume keywords
Enterprise GRC Program DevelopmentCybersecurity Risk ManagementCompliance FrameworksIT Controls and AssuranceLeadership in Cybersecurity Teams
ATS Keywords
Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills
Risk IdentificationRisk AssessmentMitigation PlanningControl MonitoringSOX ComplianceAudit ReadinessCybersecurity Policy LifecycleExternal Cybersecurity AssessmentsControl EffectivenessContinuous Improvement
Soft Skills
Strategic CommunicationAnalytical SkillsCollaborationAccountabilityLeadership
Certifications & Qualifications
CISSPCISMCRISC
Industry Keywords
Governance Risk and ComplianceCyber Risk AdvisorySecurity GovernanceRegulated EnvironmentGlobal Compliance Standards
Tech Stack
Tools & technologiesCyber Security
About the role
Key responsibilities & impact- Build and mature the enterprise GRC function, including governance forums, risk management processes, compliance oversight, control monitoring, issue management, and executive reporting.
- Provide leadership and oversight for the BISO manager organization, ensuring consistent engagement with business leaders, effective cyber risk advisory support, and alignment of security priorities to business objectives.
- Lead enterprise cyber risk management activities, including risk identification, assessment, mitigation planning, escalation, and reporting to senior leadership and governance bodies.
- Own the enterprise cybersecurity policy and standards lifecycle - from creation and implementation to continuous review - ensuring clarity, compliance, and alignment with organizational goals.
- Oversee SOX cybersecurity and IT control activities, including implementation, operating effectiveness, evidence readiness, remediation tracking, and partnership with Finance, Internal Audit, External Audit, and IT control owners.
- Establish and operationalize an enterprise IT controls and assurance framework that enables consistent control design, testing, monitoring, reporting, and continuous improvement across the organization.
- Lead oversight of external cybersecurity assessments and assurance requests, including cyber insurance questionnaires, ESG-related cybersecurity inputs, customer or partner assessments, and other third-party reviews requiring enterprise cyber risk and control representation.
- Drive cybersecurity compliance with applicable global regulations, standards, and frameworks, ensuring the organization can demonstrate control effectiveness and audit readiness.
- Lead security awareness, behavior, and culture initiatives that improve workforce accountability, reduce human-centric risk, and embed secure practices into day-to-day business operations.
- Lead and develop high-performing cybersecurity leaders and teams, fostering a culture of accountability, collaboration, disciplined execution, and continuous improvement.
- Provide executive-level reporting on cybersecurity risk, compliance status, control effectiveness, assurance outcomes, and program maturity to senior leadership and governance bodies.
Requirements
What you’ll need- Bachelor’s degree in Information Security, Computer Science, Engineering, or a related field.
- 12–14 years of progressive experience in cybersecurity, information security, technology risk management, IT controls, or GRC, including senior leadership roles.
- Demonstrated experience building or maturing enterprise GRC programs in a regulated, global, or complex operating environment.
- Experience leading BISO, cyber risk advisory, security governance, or business aligned cybersecurity teams.
- Deep knowledge of cybersecurity risk management, compliance frameworks, IT controls, SOX control expectations, assurance practices, and audit readiness.
- Experience overseeing external cybersecurity assessments, including cyber insurance, ESG-related cybersecurity reporting, customer or partner assessments, and third-party assurance requests.
- Strong strategic, analytical, and communication skills, with the ability to translate technical risk, control gaps, and compliance obligations into business impact.
- Preferred: Master’s degree (MS, MBA, or equivalent) in Cybersecurity, Information Systems, or Business.
- Certifications (preferred): CISSP, CISM, CRISC, or equivalent.
- Fluent in English.
Benefits
Comp & perks- Subject to the terms of their respective plans, employees are eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)).
- This position is eligible to participate in the Company’s long-term incentive program.
- Subject to the terms of their respective policies and date of hire, employees are eligible for the following time off benefits:
- Vacation –120 hours per calendar year
- Sick time - 40 hours per calendar year; for employees who reside in the State of Colorado –48 hours per calendar year; for employees who reside in the State of Washington –56 hours per calendar year
- Holiday pay, including Floating Holidays –13 days per calendar year
- Work, Personal and Family Time - up to 40 hours per calendar year
- Parental Leave – 480 hours within one year of the birth/adoption/foster care of a child
- Bereavement Leave – 240 hours for an immediate family member: 40 hours for an extended family member per calendar year
- Caregiver Leave – 80 hours in a 52-week rolling period
- 10 days Volunteer Leave – 32 hours per calendar year
- Military Spouse Time-Off – 80 hours per calendar year