Director, Product Security Program Operations

J&J Family of Companies - Director, Product Security Program Operations

Location: Salt Lake City, Utah (Remote options available)

Description

Johnson and Johnson is currently recruiting for a Director, Product Security Program Operations within the Johnson & Johnson Technology (JJT) organization.

The Director, Product Security Program Operations will be responsible for implementation of the ISRM enterprise Product Security strategy and framework. This includes identifying key strategy and goals, collaborating with internal organizations on existing process and policy enhancements, creating and communicating metrics to MedTech leadership, identifying communications plans and raising overall awareness of the capability. Specific responsibilities include supporting MedTech business units throughout a new product’s development phases, reviewing product security requirements and recommending security design solutions, and ensuring the franchises meet regulatory expectations in the QMS.

Key Responsibilities:

1. Position J&J as a leading voice and expert in medical device product security across all MedTech business units.
2. Ensure the ISRM product security program is integrated into all business unit Quality Management systems.
3. Create, publish and regularly review vulnerability management metrics to drive timely patching across the portfolio of software enabled medical devices and connected digital health solutions.
4. Oversee internal penetration testing capability, including product security lab environment.
5. Build trust and relationships with global stakeholders, government agencies, and regulators, to ensure confidence in program and products.
6. Drive and shape messaging, policies, and strategic initiatives related to product security.
7. Drive global harmonization of requirements to streamline a shift left mentality.
8. Monitor global regulatory environment trends and changing requirements for product security.
9. Build relationships and internal network to share information and lead initiatives to carry out strategy.
10. Support ongoing SOC-2, HIPAA and other internal and external assessments and certifications.
11. Other MedTech cybersecurity related duties as needed.

Qualifications

Education:

• 10 years of experience with a bachelor’s degree or 8 years of experience with an advanced degree.

Experience and Skills:

Required:

• 5 Years of Management Experience.
• Experience with technical regulatory topics and strong working knowledge of device regulatory requirements.
• The ideal candidate is a leader in the medical device regulatory, healthcare, and cybersecurity policy space.
• Ability to synthesize and present on complex technical topics.
• Strong networking and diplomacy skills, ability to build and foster relationships with internal and external regulatory decision makers and industry networks globally.
• Understanding of Quality Design Control processes and FDA submission processes.
• Experience with web applications and server hardening (i.e. AWS, Azure) including knowledge of OWASP Top 10 and blue teaming techniques.
• Hands-on experience with software security tools and platforms like Checkmarx, Black Duck, Jfrog Xray, etc.
• Hands-on experience with vulnerability assessment tools Qualys, Nexpose, etc.
• Innovative and strategic thinker.
• Excellent written and verbal communication skills.
• Experience working in a highly regulated industry.

Preferred:

• Experience leading or participating in formal audits (i.e. FDA, TUV, MDR).
• Knowledge of product or medical device security or MDDS platforms.
• Working knowledge of microservices architecture and API security.
• Experience working within Agile methodology.

Other:

• Proficiency in English.
• Limited travel required, up to 25%, including international travel.

Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

For more information on how we support the whole health of our employees throughout their wellness, career, and life journey, please visit .

The anticipated base pay range for this position is $142,000 to $244,950.

The Company maintains highly competitive, performance-based compensation programs. This position is eligible for an annual performance bonus in accordance with the terms of the applicable plan.

Employees and/or eligible dependents may be eligible to participate in the following Company sponsored employee benefit programs: medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance.

Employees may be eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)).

This position is eligible to participate in the Company’s long-term incentive program.

Employees are eligible for the following time off benefits:

• Vacation – up to 120 hours per calendar year.
• Sick time - up to 40 hours per calendar year; for employees who reside in the State of Washington – up to 56 hours per calendar year.
• Holiday pay, including Floating Holidays – up to 13 days per calendar year of Work, Personal and Family Time - up to 40 hours per calendar year.

Additional information can be found through the link below: .

#JNJTech

Primary Location: NA-US-New Jersey-Raritan

Other Locations: NA-United States, NA-US-California-Milpitas

Organization: Johnson & Johnson Services Inc. (6090)