As a Principal – Third Party Cyber Risk Assessment at Johnson & Johnson’s Information Security & Risk Management (ISRM) team in Raritan, NJ or São José dos Campos, Brazil/Warsaw, Poland, you will serve as a senior technical authority and thought leader for third-party cyber risk assessments. Your daily responsibilities include leading and performing comprehensive risk assessments, evaluating security controls, and collaborating on remediation strategies with global partners. You will leverage ServiceNow GRC tools to enhance process efficiency and communicate complex findings to senior leadership. Ideal candidates possess 5+ years of experience in third-party cybersecurity risk assessment, proficiency in regulatory requirements like SOX404 and HIPAA, and familiarity with security standards such as NIST and ISO27001. This role demands strong analytical skills, technical credibility, and the ability to mentor junior team members while driving process improvements within a dynamic multinational environment.
Perform and lead third-party risk assessments and remediation strategies.
Conduct deep technical reviews of third-party security controls and evidence artifacts.
Evaluate complex cyber risks involving sensitive data and regulatory obligations.
Identify and document third-party cyber issues with consistent severity determination.
Drive automation and process improvements for third-party risk assessment processes.
What we're looking for
5+ years of direct third-party cybersecurity risk assessment experience.
Proficiency in conducting and leading third-party risk assessments using ServiceNow GRC tool.
Strong analytical skills to evaluate complex cyber risks involving sensitive data types and regulatory obligations.
Ability to translate technical findings into business impact for key partners.
Experience with security standards and control frameworks such as FAIR, HITRUST, ISO27001, NIST, SOC 2.
Market check
Salary context
This
$102,000–$177,100
range sits above
27%
of similar postings on FindRole.
Peer median band
$119,000–$198,000
Median floor and ceiling across peers.
Typical midpoint (25–75%)
$137,650–$184,900
Middle half of comparable postings.
Based on 239 comparable postings.*
* 240 is the maximum number of comparable postings sampled.
Employer
About Johnson & Johnson
Johnson & Johnson is a multinational corporation operating in three main segments: consumer health products, pharmaceuticals, and medical devices, known for brands like Tylenol, Band-Aid, and Janssen. Industry: Pharmaceuticals & Medical Devices
Johnson & Johnson currently has
46 open roles
on FindRole.
Listed pay typically runs
$122,000–$211,025
across 45 roles with salary data.
NIST 800-53
DevSecOps
CI/CD
Cloud application security
Application security testing
Agile management
Gen AI systems security
U.S. Citizenship
National Security Clearance
Splunk
SIEM
Python
PowerShell
Linux
Windows
Network security controls
routers
switches
firewalls
DoD 8570 Certification IAT Level II
DoD 8570 Certification IAT Level III