Principal - Third Party Cyber Risk Assessment

Job Overview

Principal – Third Party Cyber Risk Assessment, part of the Information Security & Risk Management (ISRM) Risk Assessment Center of Excellence (CoE). The role is based in the United States with Raritan, NJ preferred, and is also available internally at São José dos Campos, São Paulo, Brazil and Warsaw, Poland.

Key Responsibilities

• Perform and lead third‑party risk assessments, risk rankings, and collaborate on remediation strategies as needed.
• Perform deep technical reviews of third‑party security controls, evidence artifacts, attestations, and independent reports to assess control design, implementation, and operating effectiveness.
• Evaluate complex risk scenarios involving sensitive data types, regulatory obligations, complex architectures, and cross‑border data flows.
• Identify, document, and risk‑rate third‑party cyber issues, ensuring consistent severity determination and alignment to ISRM standards.
• Drive automation and process improvements as identified and through relevant projects and/or operations.
• Communicate cybersecurity third‑party risk assessment results to senior leaders and provide input on remediation plans.
• Enhance third‑party cyber risk assessment processes by defining and implementing process improvements.
• Offer consulting support to the larger cybersecurity team on third‑party risk assessment understanding and remediation.
• Lead and mentor junior members of the team, ensure ongoing learning, and support special projects as needed.

Qualifications

• Education: Bachelor’s degree in Computer Science, Engineering or Information Security/Cybersecurity or equivalent (required). Advanced degree preferred.
• Security certifications such as CISSP, CCSP, CISA, CRISC etc. preferred.
• Experience: 5+ years of direct third‑party cybersecurity risk assessment experience, including application of third‑party risk assessment concepts and internal controls (required).
• 5+ years using ServiceNow GRC tool to support security risk objectives (required).
• Proficiency in conducting and leading third‑party risk assessments, including data classification, risk scoring, and mitigation planning.
• Ability to translate technical findings into business impact for key partners.
• Strong analytical and problem‑solving skills.
• Strong interpersonal skills to build and maintain relationships with internal partners.
• Preferred: Foundational knowledge of regulatory requirements (e.g., SOX404, Privacy, HIPAA, GxP, cyber regulations).
• Preferred: Experience assessing third‑party risk in a large, dynamic, multinational organization.
• Preferred: Experience with security standards and control frameworks (e.g., FAIR, HITRUST, ISO27001, NIST, SOC 2).
• Preferred: Demonstrable record of effectively collaborating with virtual, global teams.

Locations & Requisition Numbers

• Raritan, NJ – R-072604
• São José dos Campos, São Paulo – R-073330
• Warsaw, Poland – (requisition number not provided)

Benefits

• Competitive salary range: zł251,000.00 - zł483,000.00.
• Annual bonus with set target (percentage of pay) based on performance.
• Vacation days, parental leave (minimum 12 weeks), bereavement leave, caregiver leave, volunteer leave, well‑being reimbursement.
• Insurance plans (varies by location).
• Service anniversary and recognition awards.

Equal Opportunity Employer

Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act. Johnson & Johnson is committed to providing an interview process that is inclusive of our applicants’ needs. If you are an individual with a disability and would like to request an accommodation, please contact us via or contact AskGS to be directed to your accommodation resource.