Senior Product Security Manager

Sacramento, CA, United States

Senior Product Security Manager - 2406179674W

Description

Johnson & Johnson’s MedTech Product Security team is recruiting for an experienced Product Security Senior Manager to be based at any of our MedTech Surgery sites – Cincinnati, OH or Raritan, NJ. Remote work options may be considered on a case-by-case basis and if approved by the Company. This may require up to 20% travel.

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at https://www.jnj.com/ .

The Senior Product Security Program Manager for J&J’s MedTech Surgery platforms owns the development and implementation strategy of the global J&J ISRM product cybersecurity standards. As the domain expert for cybersecurity, you will provide leadership oversight and guide the team throughout new product’s development phases, review of product security requirements and recommendations of security design solutions, complete quality documentation, threat modelling, penetration testing, software architecture review and design recommendations, code analysis and other security testing work as needed.

Additionally, post market responsibilities for MedTech Surgery marketed devices include monitoring for new vulnerabilities, assisting with patching and remediation plans, incident response support, responding to customer security questionnaires and reviewing security language within contractual agreements.

Key Responsibilities:

A core member of the MedTech Surgery Product Security Team collaborating with multi-functional teams to achieve the best patient outcomes through establishing relationships with various partners.

Champion Product Security strategy and objectives within MedTech Surgery.

Partner with internal organizations to improve existing processes and policies.

Build and present Product Security metrics to management.

Responsible and accountable to implement Product Security governance model in collaboration with various partners for MedTech Surgery pre and post market medical devices.

Perform automated code scanning and coordinate formal security testing

Support customer cybersecurity questionnaires and contractual language for post-market medical devices in close collaboration with a deployment team.

Experience using SCA, binary, or other scanning tools or methodologies to compile a Software Bill of Materials (SBOM) and Manufacturer Disclosure Statement for Medical Device Security (MDS2).

Supporting and driving the incident management process

Other MedTech cybersecurity related duties as needed.

Qualifications

Required:

Bachelor’s degree or equivalent experience

A minimum of 10 years of dynamic experience in leadership roles within information technology or cybersecurity functions

Threat modeling experience

Data privacy experience, including GDPR and CCPA

Understanding of HIPAA/HITRUST & ISO 27001

Experience in penetration testing, vulnerability scanning, CVSS and/or other general security testing principles

Ability to work autonomously and proactively seek out security opportunities within MedTech Surgery

Knowledge of traditional and real-time operating systems (i.e. QNX, Windows Embedded) hardening techniques

Ability to build and deliver cybersecurity awareness campaigns and other communications

Ability to translate business partner needs into cybersecurity solutions

Ability to provide secure coding recommendations

Ability to lead large projects and demonstrable ability to supervise to project plan timelines from a security perspective

Ability to write technical security requirements for embedded systems and web platforms

Creative problem-solving skills

Customer focus (internal & external)

Superb communication skills, ability to network, interface and influence at all levels of the organization, cross sector, cross-functionally, and globally.

Demonstrated strong leadership skills, business insight and technical skills.

Preferred:

Experience leading or participating in formal security audits (i.e. HITRUST, SOC2, FedRAMP)

Familiarity with FDA and/or other global regulatory cybersecurity guidance requirements and submission process

Experience with web applications and server hardening (i.e. AWS, Azure) including knowledge of OWASP Top 10 and blue teaming techniques

Software development experience

CISSP or other security certification

MS and/or advanced degree

Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

For more information on how we support the whole health of our employees throughout their wellness, career, and life journey, please visit www.careers.jnj.com .

The anticipated base pay range for this position is $118,000 to $203,550.

The Company maintains highly competitive, performance-based compensation programs. Under current guidelines, this position is eligible for an annual performance bonus in accordance with the terms of the applicable plan. The annual performance bonus is a cash bonus intended to provide an incentive to achieve annual targeted results by rewarding for individual and the corporation’s performance over a calendar/ performance year. Bonuses are awarded at the Company’s discretion on an individual basis.

Employees may be eligible to participate in Company employee benefit programs such as health insurance, savings plan, pension plan, disability plan, vacation pay, sick time, holiday pay, and work, personal and family time off in accordance with the terms of the applicable plans. Additional information can be found through the link below.

For additional general information on company benefits, please go to:

https://www.careers.jnj.com/employee-benefits

#JNJTech

Primary Location NA-US-Ohio-Cincinnati

Other Locations NA-United States, NA-US-New Jersey-Raritan

Organization Ethicon Inc. (6045)

Job Function Product Safety Risk Management

Req ID: 2406179674W