Senior Product Security Manager

Senior Product Security Manager - 2406179674WDescriptionJohnson & Johnson’s MedTech Product Security team is recruiting for an experienced Product Security Senior Manager to be based at any of our MedTech Surgery sites Cincinnati, OH or Raritan, NJ.

Remote work options may be considered on a case-by-case basis and if approved by the Company. This may require up to 20% travel.

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal.

Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity.

Learn more at .The Senior Product Security Program Manager for J&J’s MedTech Surgery platforms owns the development and implementation strategy of the global J&J ISRM product cybersecurity standards.

As the domain expert for cybersecurity, you will provide leadership oversight and guide the team throughout new product’s development phases, review of product security requirements and recommendations of security design solutions, complete quality documentation, threat modelling, penetration testing, software architecture review and design recommendations, code analysis and other security testing work as needed.

Additionally, post market responsibilities for MedTech Surgery marketed devices include monitoring for new vulnerabilities, assisting with patching and remediation plans, incident response support, responding to customer security questionnaires and reviewing security language within contractual agreements.

Key Responsibilities : A core member of the MedTech Surgery Product Security Team collaborating with multi-functional teams to achieve the best patient outcomes through establishing relationships with various partners.

Champion Product Security strategy and objectives within MedTech Surgery.Partner with internal organizations to improve existing processes and policies.

Build and present Product Security metrics to management.Responsible and accountable to implement Product Security governance model in collaboration with various partners for MedTech Surgery pre and post market medical devices.

Perform automated code scanning and coordinate formal security testingSupport customer cybersecurity questionnaires and contractual language for post-market medical devices in close collaboration with a deployment team.

Experience using SCA, binary, or other scanning tools or methodologies to compile a Software Bill of Materials (SBOM) and Manufacturer Disclosure Statement for Medical Device Security (MDS2).

Supporting and driving the incident management processOther MedTech cybersecurity related duties as needed.QualificationsRequired : Bachelor’s degree or equivalent experienceA minimum of 10 years of dynamic experience in leadership roles within information technology or cybersecurity functionsThreat modeling experienceData privacy experience, including GDPR and CCPAUnderstanding of HIPAA / HITRUST & ISO 27001Experience in penetration testing, vulnerability scanning, CVSS and / or other general security testing principlesAbility to work autonomously and proactively seek out security opportunities within MedTech SurgeryKnowledge of traditional and real-time operating systems (i.

e. QNX, Windows Embedded) hardening techniquesAbility to build and deliver cybersecurity awareness campaigns and other communicationsAbility to translate business partner needs into cybersecurity solutionsAbility to provide secure coding recommendationsAbility to lead large projects and demonstrable ability to supervise to project plan timelines from a security perspectiveAbility to write technical security requirements for embedded systems and web platformsCreative problem-solving skillsCustomer focus (internal & external)Superb communication skills, ability to network, interface and influence at all levels of the organization, cross sector, cross-functionally, and globally.

Demonstrated strong leadership skills, business insight and technical skills.Preferred : Experience leading or participating in formal security audits (i.

e. HITRUST, SOC2, FedRAMP)Familiarity with FDA and / or other global regulatory cybersecurity guidance requirements and submission processExperience with web applications and server hardening (i.

e. AWS, Azure) including knowledge of OWASP Top 10 and blue teaming techniquesSoftware development experienceCISSP or other security certificationMS and / or advanced degreeJohnson & Johnson is an Affirmative Action and Equal Opportunity Employer.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

For more information on how we support the whole health of our employees throughout their wellness, career, and life journey, please visit www.

careers.jnj.com .The anticipated base pay range for this position is $118,000 to $203,550.The Company maintains highly competitive, performance-based compensation programs.

Under current guidelines, this position is eligible for an annual performance bonus in accordance with the terms of the applicable plan.

The annual performance bonus is a cash bonus intended to provide an incentive to achieve annual targeted results by rewarding for individual and the corporation’s performance over a calendar / performance year.

Bonuses are awarded at the Company’s discretion on an individual basis.Employees may be eligible to participate in Company employee benefit programs such as health insurance, savings plan, pension plan, disability plan, vacation pay, sick time, holiday pay, and work, personal and family time off in accordance with the terms of the applicable plans.

Additional information can be found through the link below.For additional general information on company benefits, please go to : #JNJTechPrimary Location NA-US-Ohio-CincinnatiOther Locations NA-United States, NA-US-New Jersey-RaritanOrganization Ethicon Inc.

6045)Job Function Product Safety Risk ManagementReq ID : 2406179674W