Senior Security Consultant - Raritan, United States - Brooksource

Description

Security Quality & Compliance Consultant

Contract (1 Year)

Raritan, NJ (Hybrid, must be willing to go onsite 2-3x/week)

We are seeking an Information Security and Compliance consultant. As a Security Quality & Compliance consultant, you will work within the Information Security and Risk Management department. Your responsibilities will include providing security consulting services for Supply Chain, Make and Deliver Platforms related applications. In this role, you will be responsible for security & controls for global projects related to Supply Chain applications in the Supply Chain Lab areas and will require continuous collaboration and follow-ups with the business partners.

Minimum Qualifications

• Bachelor's Degree in Information Technology, Computer Science, or a related field
• Minimum 7 years of experience working with security and controls, consulting stakeholders throughout the application implementation process
• Broad knowledge of information security processes and principles is useful in explaining the business value of cybersecurity.
• Experienced in identifying and articulating issues/obstacles regarding application security issues
• Working knowledge of SAP business processes
• Familiarity with SOX compliance requirements
• Self-starter and proficient multitasker with excellent documentation, communication, and organizational skills

Responsibilities

• Certified Information Systems Security Professional (CISSP), CISM, CISA etc..
• Responsible for advancing cybersecurity of our Pharma systems, applications, and integrations across product lines and regions by identifying key risks and controls
• Orchestrate and deliver cybersecurity risk assessments of Supply Chain projects, applications, and the technologies that run them while maintaining awareness of the changing threat landscape
• Understand and promote risk management activities associated with external regulations and internal policies such as IAPP, GxP, and GDPR
• Bridge the gap between traditional Information Technology (IT) and business functions by relating cyber threats and vulnerabilities to business imperatives and communicating them to key business leaders
• Actively advise, assess, and lead Business and IT stakeholders in the development of secure information systems and solutions in line with the organization's cybersecurity architecture, IAPP policies, and regulatory requirements.
• We maintain connections across peer groups to continuously understand emerging security solutions that are ground-breaking enablers for mitigating supply chain risk at J&J
• We constantly strive to shape the administrative controls for cybersecurity through advisory and assurance services
• Support compliance assessments on regulatory (ie GxP or SOX)
• Make recommendations for application security including change, incident management, process enhancements, access management, and change management
• Consulting stakeholders about data classification and privacy, including data encryption and protection
• Ensures appropriate controls are implemented with SAP security and coordinates alignment with Internal Audit and IT Compliance
• Provide weekly metrics and reports tracking the entire portfolio, application assessment status, and Risk Acceptance status.