Senior Product Security Manager

Johnson & Johnson

4.2

(92)

Multiple Locations

Why you should apply for a job to Johnson & Johnson:

  • Ranked as one of the Best Companies for Women in 2020
  • 4.2/5 in overall job satisfaction
  • 4.2/5 in supportive management
  • 71% say women are treated fairly and equally to men
  • 88% would recommend this company to other women
  • 85% say the CEO supports gender diversity
  • Ratings are based on anonymous reviews by Fairygodboss members.
  • Global parental leave for all new parents (maternal, paternal, adoptive or surrogacy-assisted).
  • Global exercise reimbursement.
  • Two weeks off (one of them fully paid) for volunteer work.
  • #2406179674W

    Position summary

    Manager for J&J's MedTech Surgery platforms owns the development and implementation strategy of the global J&J ISRM product cybersecurity standards. As the domain expert for cybersecurity, you will provide leadership oversight and guide the team throughout new product's development phases, review of product security requirements and recommendations of security design solutions, complete quality documentation, threat modelling, penetration testing, software architecture review and design recommendations, code analysis and other security testing work as needed.

    Additionally, post market responsibilities for MedTech Surgery marketed devices include monitoring for new vulnerabilities, assisting with patching and remediation plans, incident response support, responding to customer security questionnaires and reviewing security language within contractual agreements.

    Key Responsibilities:

    • A core member of the MedTech Surgery Product Security Team collaborating with multi-functional teams to achieve the best patient outcomes through establishing relationships with various partners.

    • Champion Product Security strategy and objectives within MedTech Surgery.

    • Partner with internal organizations to improve existing processes and policies.

    • Build and present Product Security metrics to management.

    • Responsible and accountable to implement Product Security governance model in collaboration with various partners for MedTech Surgery pre and post market medical devices.

    • Perform automated code scanning and coordinate formal security testing

    • Support customer cybersecurity questionnaires and contractual language for post-market medical devices in close collaboration with a deployment team.

    • Experience using SCA, binary, or other scanning tools or methodologies to compile a Software Bill of Materials (SBOM) and Manufacturer Disclosure Statement for Medical Device Security (MDS2).

    • Supporting and driving the incident management process

    • Other MedTech cybersecurity related duties as needed.

    Qualifications

    Required:

    • Bachelor's degree or equivalent experience

    • A minimum of 10 years of dynamic experience in leadership roles within information technology or cybersecurity functions

    • Threat modeling experience

    • Data privacy experience, including GDPR and CCPA

    • Understanding of HIPAA/HITRUST & ISO 27001

    • Experience in penetration testing, vulnerability scanning, CVSS and/or other general security testing principles

    • Ability to work autonomously and proactively seek out security opportunities within MedTech Surgery

    • Knowledge of traditional and real-time operating systems (i.e. QNX, Windows Embedded) hardening techniques

    • Ability to build and deliver cybersecurity awareness campaigns and other communications

    • Ability to translate business partner needs into cybersecurity solutions

    • Ability to provide secure coding recommendations

    • Ability to lead large projects and demonstrable ability to supervise to project plan timelines from a security perspective

    • Ability to write technical security requirements for embedded systems and web platforms

    • Creative problem-solving skills

    • Customer focus (internal & external)

    • Superb communication skills, ability to network, interface and influence at all levels of the organization, cross sector, cross-functionally, and globally.

    • Demonstrated strong leadership skills, business insight and technical skills.

    Preferred:

    • Experience leading or participating in formal security audits (i.e. HITRUST, SOC2, FedRAMP)

    • Familiarity with FDA and/or other global regulatory cybersecurity guidance requirements and submission process

    • Experience with web applications and server hardening (i.e. AWS, Azure) including knowledge of OWASP Top 10 and blue teaming techniques

    • Software development experience

    • CISSP or other security certification

    • MS and/or advanced degree

    Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

    For more information on how we support the whole health of our employees throughout their wellness, career, and life journey, please visit https://www.careers.jnj.com .

    The anticipated base pay range for this position is $118,000 to $203,550.

    The Company maintains highly competitive, performance-based compensation programs. Under current guidelines, this position is eligible for an annual performance bonus in accordance with the terms of the applicable plan. The annual performance bonus is a cash bonus intended to provide an incentive to achieve annual targeted results by rewarding for individual and the corporation's performance over a calendar/ performance year. Bonuses are awarded at the Company's discretion on an individual basis.

    Employees may be eligible to participate in Company employee benefit programs such as health insurance, savings plan, pension plan, disability plan, vacation pay, sick time, holiday pay, and work, personal and family time off in accordance with the terms of the applicable plans. Additional information can be found through the link below.

    For additional general information on company benefits, please go to:

    • https://https://www.careers.jnj.com/employee-benefits

    #JNJTech

    Why you should apply for a job to Johnson & Johnson:

  • Ranked as one of the Best Companies for Women in 2020
  • 4.2/5 in overall job satisfaction
  • 4.2/5 in supportive management
  • 71% say women are treated fairly and equally to men
  • 88% would recommend this company to other women
  • 85% say the CEO supports gender diversity
  • Ratings are based on anonymous reviews by Fairygodboss members.
  • Global parental leave for all new parents (maternal, paternal, adoptive or surrogacy-assisted).
  • Global exercise reimbursement.
  • Two weeks off (one of them fully paid) for volunteer work.