Director, Product Security

At Johnson & Johnsonwe believe health is everything. Our strength in healthcare innovation empowers us to build aworld where complex diseases are prevented treated and curedwhere treatments are smarter and less invasive andsolutions are our expertise in Innovative Medicine and MedTech we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow and profoundly impact health for more at

As guided by Our Credo Johnson & Johnson is responsible to our employees who work with us throughout the world. We provide an inclusive work environment where each person is considered as an individual. At Johnson & Johnson we respect the diversity and dignity of our employees and recognize their merit.

Job Function:

Technology Enterprise Strategy & Security

Job Sub Function:

Security & Controls

Job Category:

People Leader

All Job Posting Locations:

Alabama (Any City) Alabama (Any City) Alaska (Any City) Arizona (Any City) Arkansas (Any City) California (Any City) Colorado (Any City) Connecticut (Any City) Delaware (Any City) Florida (Any City) Georgia (Any City) Hawaii (Any City) Idaho (Any City) Illinois (Any City) Indiana (Any City) Iowa (Any City) Irvine California United States of America Kansas (Any City) Kentucky (Any City) Louisiana (Any City) Maine (Any City) Maryland (Any City) Massachusetts (Any City) Michigan (Any City) Minnesota (Any City) 26 more

Job Description:

Johnson & Johnson MedTech is currently recruiting a Director Product Security for the Circulatory and Restoration Business Unit and the Central Product Security Services within the Information and Risk Management (ISRM) organization. This role is open to remote candidates in the US.

This position provides product security leadership for the Circulatory and Restoration business segments of J&J MedTech and for Product Security Central Engineering Services. The ideal candidate is a leader with Quality Regulatory R&D and Commercial awareness able to simplify complex security topics to various audiences. This role leads a team of cybersecurity managers and engineers with responsibility for further developing and operating a comprehensive business unit level product security program.

Key Responsibilities:

• Define and execute the Business Units product security strategy aligned with FDA/MDR/524B expectations and QMS requirements.

• Lead and grow a global product security team fostering collaboration that balances technical rigor with business needs.

• Oversee security integration across medical devices software mobile applications embedded devices and cloud environments

• Partner with Regulatory Quality Legal Privacy and Commercial teams to ensure cybersecurity requirements are built into Class I II and III devices supporting PMA and 510(k) submissions.

• Champion secure SDLC DevSecOps SBOM generation/validation and vulnerability management across device and software platforms.

• Lead emerging technologies (AI and Quantum Cryptography) for medical devices and that will be impacted by cybersecurity. Make internal and external policy recommendations to mitigate threats and vulnerabilities.

• Lead post-market security activities including vulnerability disclosures CAPAs routine cyber patching and incident response.

• Operationalize implementation of J&Js enterprise level Product Security Quality Standards and framework throughout the MedTech portfolio of medical devices and supporting platforms

• Act as senior product security SME with customers hospital IT/IS staff and clinicians translating technical requirements into clear business and clinical impact.

• Represent product security in FDA and international regulatory inspections reinforcing trust in our devices.

• Advance Product Security J&J enterprise Governance and Quality efforts including J&J Quality Standards for Product Security and ISRM Product Security Framework.

• Lead product security Quality and Regulatory cyber efforts within J&J and through key industry forums (e.g. MDIC AdvaMed Health-ISAC) to drive alignment and industry collaboration.

• Oversee centralized Product Security penetration testing function serving business unit product security teams to provide real-word risk identification and remediation across MedTech product portfolios.

• Scaling scale centralized DevSecOps function serving business unit product security teams that integrate security tooling secure development controls and vulnerability management processes into CI/CD pipelines and engineering workflows.
  

Qualifications:

• Bachelors degree in STEM Engineering Computer Science Cybersecurity or related field or equivalent work experience.

• Strong R&D Regulatory or Quality experience in medical devices is highly preferred

• 15 years of MedTech experience in Quality R&D engineering product development medical devices or product security with 5 years in leadership.

• Experience with Class I Class II and Class III medical devices including 510(k) and PMA submissions. Experience with medical devices and/or connected product solutions.

• Knowledge of hardware and software security including secure screws tamper seals physical port blocking enclosure access detection secure boot and system integrity trusted hardware secure coding identity and access management PKI integrating security into the development lifecycle (DevSecOps) and manufacturing lifecycle

• Experience with medical device cybersecurity regulatory expectations and risk management framework including FDA cybersecurity guidance section 524B of the FD&C Act for cyber devices ISO/IECNIST CSF NIST 800-175 FIPS 140-3 and IEC 62443 and global frameworks.

• Demonstrated success bridging Engineering Quality Regulatory Legal Privacy and Commercial functions.

• Certifications (nice to have): CISSP CSSLP CISM CISA or equivalent.

Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity age national origin disability protected veteran status or other characteristics protected by federal state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.

Johnson & Johnson is committed to providing an interview process that is inclusive of our applicants needs. If you are an individual with a disability and would like to request an accommodation external applicants please contact us via internal employees contact AskGS to be directed to your accommodation resource.

#JNJTech

#LI-Remote

Required Skills:

Hardware Security Medical Device Security Product Security Software Security

Preferred Skills:

The anticipated base pay range for this position is :

$150000.00 - $258750.00

Additional Description for Pay Transparency:

Subject to the terms of their respective plans employees are eligible to participate in the Companys consolidated retirement plan (pension) and savings plan (401(k)).



This position is eligible to participate in the Companys long-term incentive program.



Subject to the terms of their respective policies and date of hire employees are eligible for the following time off benefits:

Vacation 120 hours per calendar year

Sick time - 40 hours per calendar year; for employees who reside in the State of Colorado 48 hours per calendar year; for employees who reside in the State of Washington 56 hours per calendar year

Holiday pay including Floating Holidays 13 days per calendar year

Work Personal and Family Time - up to 40 hours per calendar year

Parental Leave 480 hours within one year of the birth/adoption/foster care of a child

Bereavement Leave 240 hours for an immediate family member: 40 hours for an extended family member per calendar year

Caregiver Leave 80 hours in a 52-week rolling period10 days

Volunteer Leave 32 hours per calendar year

Military Spouse Time-Off 80 hours per calendar year