Director, Product Security

At Johnson & Johnsonwe believe health is everything. Our strength in healthcare innovation empowers us to build aworld where complex diseases are prevented treated and curedwhere treatments are smarter and less invasive andsolutions are our expertise in Innovative Medicine and MedTech we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow and profoundly impact health for more at .

As guided by Our Credo Johnson & Johnson is responsible to our employees who work with us throughout the world. We provide an inclusive work environment where each person is considered as an individual. At Johnson & Johnson we respect the diversity and dignity of our employees and recognize their merit.

Job Function:

Job Sub Function:

Job Category:

All Job Posting Locations:

Job Description:

DePuy Synthesis recruiting for a(n) Director Product Security; this Hybrid positionwill be in Raynham MA (USA). Alternate Hybrid locations may be considered at Raritan NJ (USA) West Chester PA (USA) Warsaw IN (USA) Palm Beach Gardens FL (USA) OR Pune India.

Please note that this role is available across multiple countries and may be posted under different requisition numbers to comply with local requirements. While you are welcome to apply to any or all of the postings we recommend focusing on the specific country(s) that align with your preferred location(s):

Raynham MA (USA) - Requisition Number: R-072543

Pune India - Requisition Number:R-073299

Remember whether you apply to one or all of these requisition numbers your applications will be considered as a single submission.

Johnson & Johnson announced plans to separate our Orthopedics business toestablisha standalone orthopedics companyoperatingas DePuy Synthes. The process of the planned separation isanticipatedto be completed within 18 to24 months subject to legal requirements including consultation with works councils and other employee representative bodies as may berequired regulatory approvals and other customary conditions and approvals. Should you accept this position it isanticipatedthat following conclusion of the transaction you would be an employee of DePuySynthesand your employment would be governed by DePuy Synthes employment processes programs policies and benefit that case details of any planned changes would be provided to you by DePuy Synthes atan appropriate timeand subject to any necessary consultation processes.

Job Overview:

The Director ProductSecurityis a senior leadership role responsible for defining and executing the global product security strategy for DePuy Synthes medical device and digital product portfolio. This role ensures that cybersecurity is embedded across the product lifecyclefrom design and development through deployment and postmarket supportwhile enabling innovation regulatory compliance and patient safety. As part of Global Services Enablement this leader partners closely with R&D Quality Regulatory IT and external stakeholders to strengthen security capabilities at scale and protect patients customers and the business and reports into the DePuy Synthes Technology organization.

Key Responsibilities:

Define and lead the global product security strategy aligned with DePuy Synthes businessobjectivesand regulatory requirements.

• Establish and oversee product security governance standards and securedevelopmentlifecycle practices across hardware software and connected medical devices.

• Partner with R&D Quality Regulatory Affairs and IT to integrate cybersecurity risk management into product design development and postmarket activities.

• Lead global teams and external partners delivering product security services tools and capabilities that enable scalable and consistent execution.

• Oversee vulnerability management threat modeling penetration testing and incident response activities related to product security.

• Ensure compliance with global cybersecurity and medical device regulations standards and guidance (e.g. FDA ISO IEC).

• Provide executivelevel reporting and insights on product security risks trends and performance to senior leadership.

• Build a strong product security culture through training awareness and continuous improvement initiatives.

Qualifications:

Education:

• Required:Bachelors degree in Computer Science Engineering Information Security ora relatedtechnical field.

• Preferred: Masters degree in Cybersecurity Engineering or Business Administration.

Experience and Skills:

Required:

• 10-12 yearsofexperience in cybersecurity or product security leadership roles including global scope and matrixed environments.

• Demonstrated experience securing complex softwareenabled or connected products preferably within regulated industries.

• Strong knowledge of secure product development vulnerability management and cybersecurity risk management frameworks.

• Proven ability to lead and develop highperforming global teams and servicebased operating models.

• Executivelevel communication and stakeholder management skills with the ability to influence across functions.

Preferred:

• Experience in medical devices healthcare technology or life sciences.

• Familiarity with FDA cybersecurity guidance IEC 62304 ISO 14971 and related standards.

• Experience enabling cybersecurity capabilities within shared services or global enablement models.

• Background in cloud embedded systems or IoT security.

Other:

• Languages: English (fluent).Additionallanguages are a plus.

• Travel: Up to 20% domestic and international.

• Certifications (preferred): CISSP CISM CSSLP or equivalent.

For more information on how we support the whole health of our employees throughout their wellnesscareerand life journey please visit.

Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity age national origin disability protected veteran status or other characteristics protected by federal state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.

Johnson & Johnson is committed to providing an interview process that is inclusive of our applicants needs. If you are an individual with a disability and would like to request an accommodation external applicants please contact us via internal employees contact AskGS to be directed to your accommodation resource.

#DePuySynthesCareers

#LI-Hybrid

Required Skills:

Preferred Skills: