Sr. Director, Dep CISO GRC & Security, Orthopedics

At Johnson & Johnsonwe believe health is everything. Our strength in healthcare innovation empowers us to build aworld where complex diseases are prevented treated and curedwhere treatments are smarter and less invasive andsolutions are our expertise in Innovative Medicine and MedTech we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow and profoundly impact health for more at

As guided by Our Credo Johnson & Johnson is responsible to our employees who work with us throughout the world. We provide an inclusive work environment where each person is considered as an individual. At Johnson & Johnson we respect the diversity and dignity of our employees and recognize their merit.

Job Function:

Job Sub Function:

Job Category:

All Job Posting Locations:

Job Description:

Johnson & Johnson announced plans to separate our Orthopaedics business to establish a standalone Orthopaedics company operating as DePuy Synthes. The process of the planned separation is anticipated to be completed within 18 to 24 months subject to legal requirements including consultation with works councils and other employee representative bodies as may be required regulatory approvals and other customary conditions and approvals. Should you accept this position it is anticipated that following conclusion of the transaction you would be an employee of DePuy Synthes and your employment would be governed by DePuy Synthes employment processes programs policies and benefit that case details of any planned changes would be provided to you by DePuy Synthes at an appropriate time and subject to any necessary consultation processes.

About DePuy Synthes

DePuy Synthes is a global leader in Orthopaedics advancing patient care through innovative solutions across joint reconstruction trauma spine sports medicine and related surgical technologies. As DePuy Synthes separates from Johnson & Johnson to become the worlds largest most comprehensive Orthopaedics-focused company the organization is entering a defining chapterestablishing its own corporate identity voice culture and reputation while continuing to serve patients customers and healthcare systems around the world.

Job Overview

This role serves as a senior cybersecurity leader and trusted advisor to the CISO with enterprise accountability for Governance Risk & Compliance (GRC) and Product Security across DePuy Synthes. The Sr. Director Deputy CISO will shape and execute cybersecurity strategy that protects patients products data and operations while enabling innovation and growth in a regulated medical technology environment. This is a highly visible leadership role with direct impact on product safety regulatory readiness and enterprise risk posture and reports into the DePuy Synthes Technology organization.

Key Responsibilities

Provide strategic leadership and operational oversight for enterprise GRC and Product Security programs ensuring alignment with business priorities and regulatory requirements.
Partner with the CISO to define and execute the cybersecurity strategy serving as a delegate and decision authority as needed.
Lead enterprise risk management activities including cyber risk identification assessment mitigation and reporting to executive leadership.

Own the enterprise cyber security policy lifecyclefrom creation and implementation to continuous reviewensuring clarity compliance and alignment with organizational goals.
Oversee cybersecurity compliance with global regulations standards and frameworks relevant to medical devices and digital health solutions.

Establish and maintain product security governance across the product lifecycle from design and development through postmarket support.
Drive securebydesign principles and threat modeling in partnership with R&D Engineering Quality and Regulatory teams.
Lead and develop highperforming cybersecurity leaders and teams fostering a culture of accountability collaboration and continuous improvement.
Provide executivelevel reporting on cybersecurity risk compliance status and program effectiveness to senior leadership and governance bodies.

Qualifications

Education

Required: Bachelors degree in Information Security Computer Science Engineering or a related field.
Preferred: Masters degree (MS MBA or equivalent) in Cybersecurity Information Systems or Business.

Experience and Skills

Required:
1214 years of progressive experience in cybersecurity information security or technology risk management including senior leadership roles.
Demonstrated experience leading GRC and Product Security programs in a regulated environment (medical device healthcare or life sciences strongly preferred).
Deep knowledge of cybersecurity risk management compliance frameworks and regulatory expectations.
Experience building mentoring and leading seniorlevel cybersecurity teams.
Strong strategic analytical and communication skills with the ability to translate technical risk into business impact.

Preferred:
Experience supporting product security for connected softwareenabled or digital medical devices.
Familiarity with global regulatory bodies and standards impacting product cybersecurity.
Experience operating in complex global organizations undergoing transformation or separation.
Background in incident response governance vulnerability disclosure and postmarket surveillance.
Demonstrated success driving cybersecurity maturity and cultural change at scale.

Proven ability to influence executive stakeholders and partner effectively across IT R&D Quality Legal and Regulatory functions.

Other:
Language: English (fluent)
Travel: Up to 20% domestic and international
Certifications (preferred): CISSP CISM CRISC or equivalent

For more information on how we support the whole health of our employees throughout their wellness career and life journey please visit .

Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity age national origin disability protected veteran status or other characteristics protected by federal state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.

Johnson and Johnson is committed to providing an interview process that is inclusive of our applicants needs. If you are an individual with a disability and would like to request an accommodation please email the Employee Health Support Center () or contact AskGS to be directed to your accommodation resource.

Required Skills:

Preferred Skills:

The anticipated base pay range for this position is :

Additional Description for Pay Transparency:

Exec