Description:
Johnson and Johnson is currently recruiting for a
Director, Product Security Program Operations within the Johnson & Johnson Technology (JJT) organization. This role will be based in Milpitas, CA, Raritan, NJ or remote US.
At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated and cured, where treatments are smarter and less invasive and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow and profoundly impact health for humanity. Learn more at https://www.jnj.com/ .
The
Director, Product Security Program Operations will be responsible for implementation of the ISRM enterprise Product Security strategy and framework. This includes identifying key strategy and goals, collaborating with internal organizations on existing process and policy enhancements, creating and communicating metrics to MedTech leadership, identifying communications plans and raising overall awareness of the capability. Specific responsibilities include supporting MedTech business units throughout a new product’s development phases, review product security requirements and recommend security design solutions, ensure the franchises meet regulatory expectations in the QMS.
Key Responsibilities:
- Position J&J as a leading voice and expert in medical device product security across all MedTech business units
- Ensure the ISRM product security program is integrated into all business unit Quality Management systems
- Create, publish and regularly review vulnerability management metrics to drive timely patching across the portfolio of software enabled medical devices and connected digital health solutions
- Oversee internal penetration testing capability, including product security lab environment
- Build trust and relationships with global stakeholders, government agencies, and regulators, to ensure confidence in program and products
- Drive and shape messaging, policies, and strategic initiatives related to product security
- Drive global harmonization of requirements to streamline a shift left mentality
- Monitor global regulatory environment trends and changing requirements for product security
- Build relationships and internal network to share information and lead initiatives to carry out strategy
- This includes leveraging government affairs, regulatory, legal, quality, R&D and other key resources to support strategic policy initiatives
- Support ongoing SOC-2, HIPAA and other internal and external assessments and certifications.
- Other MedTech cybersecurity related duties as needed
Qualifications:
Education:
- 10+ years of experience with a bachelor’s degree or 8+ years of experience with an advanced degree
Experience and Skills:
Required:
- 5+ Years of Management Experience
- Experience with technical regulatory topics and strong working knowledge of device regulatory requirements
- The ideal candidate is one that is a leader in the medical device regulatory, healthcare and cybersecurity policy space
- Medical device technology may include areas such as artificial intelligence, software medical devices, among other related areas
- Ability to synthesize and present on complex technical topics
- Strong networking and diplomacy skills, ability to build and foster relationship with internal and external regulatory decision makers and industry networks globally
- Understanding of Quality Design Control processes and FDA submission processes.
- Experience with web applications and server hardening (i.e. AWS, Azure) including knowledge of OWASP Top 10 and blue teaming techniques
- Hands-on experience with software security tools and platforms like Checkmarx, Black Duck, Jfrog Xray, etc.
- Hands-on experience with vulnerability assessment tools Qualys, Nexpose, etc.
- Software development experience
- Innovative and strategic thinker
- Self-starter and proven leader
- Demonstrated ability to be flexible and take a proactive approach to managing change
- Excellent written and verbal communication skills
- Experience working in a highly regulated industry
Preferred:
- Experience leading or participating in formal audits (i.e. FDA, TUV, MDR)
- Knowledge of product or medical device security or MDDS platforms.
- Working knowledge of microservices architecture and API security.
- Experience working within Agile methodology
Other:
- Proficiency in English
- Limited travel required, up to 25%, including international travel.
Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.
For more information on how we support the whole health of our employees throughout their wellness, career and life journey, please visit www.careers.jnj.com.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
The anticipated base pay range for this position is $142,000 to $244,950.
The Company maintains highly competitive, performance-based compensation programs. Under current guidelines, this position is eligible for an annual performance bonus in accordance with the terms of the applicable plan. The annual performance bonus is a cash bonus intended to provide an incentive to achieve annual targeted results by rewarding for individual and the corporation’s performance over a calendar/performance year. Bonuses are awarded at the Company’s discretion on an individual basis.
Employees and/or eligible dependents may be eligible to participate in the following Company sponsored employee benefit programs: medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance.
- Employees may be eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)).
- This position is eligible to participate in the Company’s long-term incentive program.
- Employees are eligible for the following time off benefits:
- Vacation – up to 120 hours per calendar year
- Sick time - up to 40 hours per calendar year; for employees who reside in the State of Washington – up to 56 hours per calendar year
- Holiday pay, including Floating Holidays – up to 13 days per calendar year of Work, Personal and Family Time - up to 40 hours per calendar year
- Additional information can be found through the link below. https://www.careers.jnj.com/employee-benefits
The compensation and benefits information set forth in this posting applies to candidates hired in the United States. Candidates hired outside the United States will be eligible for compensation and benefits in accordance with their local market.
#JNJTech