J&J Family of Companies
Director, Product Security Program Operations
J&J Family of Companies, Honolulu, Hawaii, United States, 96814
J&J Family of Companies - Director, Product Security Program Operations
Johnson and Johnson is currently recruiting for a
Director, Product Security Program Operations
within the Johnson & Johnson Technology (JJT) organization. This role will be based in Milpitas, CA, Raritan, NJ or remote US.At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated and cured, where treatments are smarter and less invasive and solutions are personal.The
Director, Product Security Program Operations
will be responsible for implementation of the ISRM enterprise Product Security strategy and framework. This includes identifying key strategy and goals, collaborating with internal organizations on existing process and policy enhancements, creating and communicating metrics to MedTech leadership, identifying communications plans and raising overall awareness of the capability. Specific responsibilities include supporting MedTech business units throughout a new product’s development phases, reviewing product security requirements and recommending security design solutions, ensuring the franchises meet regulatory expectations in the QMS.Key Responsibilities:Position J&J as a leading voice and expert in medical device product security across all MedTech business units.Ensure the ISRM product security program is integrated into all business unit Quality Management systems.Create, publish and regularly review vulnerability management metrics to drive timely patching across the portfolio of software enabled medical devices and connected digital health solutions.Oversee internal penetration testing capability, including product security lab environment.Build trust and relationships with global stakeholders, government agencies, and regulators, to ensure confidence in the program and products.Drive and shape messaging, policies, and strategic initiatives related to product security.Drive global harmonization of requirements to streamline a shift left mentality.Monitor global regulatory environment trends and changing requirements for product security.Build relationships and internal network to share information and lead initiatives to carry out strategy.Support ongoing SOC-2, HIPAA and other internal and external assessments and certifications.QualificationsEducation:10 years of experience with a bachelor’s degree or 8 years of experience with an advanced degree.Experience and Skills:Required:5 Years of Management Experience.Experience with technical regulatory topics and strong working knowledge of device regulatory requirements.The ideal candidate is a leader in the medical device regulatory, healthcare and cybersecurity policy space.Ability to synthesize and present on complex technical topics.Strong networking and diplomacy skills, ability to build and foster relationships with internal and external regulatory decision makers and industry networks globally.Understanding of Quality Design Control processes and FDA submission processes.Experience with web applications and server hardening (i.e. AWS, Azure) including knowledge of OWASP Top 10 and blue teaming techniques.Hands-on experience with software security tools and platforms like Checkmarx, Black Duck, Jfrog Xray, etc.Hands-on experience with vulnerability assessment tools Qualys, Nexpose, etc.Innovative and strategic thinker.Self-starter and proven leader.Demonstrated ability to be flexible and take a proactive approach to managing change.Excellent written and verbal communication skills.Experience working in a highly regulated industry.Preferred:Experience leading or participating in formal audits (i.e. FDA, TUV, MDR).Knowledge of product or medical device security or MDDS platforms.Working knowledge of microservices architecture and API security.Experience working within Agile methodology.Other:Proficiency in English.Limited travel required, up to 25%, including international travel.Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.For more information on how we support the whole health of our employees throughout their wellness, career and life journey, please visit www.careers.jnj.com.The anticipated base pay range for this position is $142,000 to $244,950.The Company maintains highly competitive, performance-based compensation programs. This position is eligible for an annual performance bonus in accordance with the terms of the applicable plan.Employees and/or eligible dependents may be eligible to participate in the following Company sponsored employee benefit programs: medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance.This position is eligible to participate in the Company’s long-term incentive program.Employees are eligible for the following time off benefits: Vacation – up to 120 hours per calendar year; Sick time - up to 40 hours per calendar year; Holiday pay – up to 13 days per calendar year.The compensation and benefits information set forth in this posting applies to candidates hired in the United States. Candidates hired outside the United States will be eligible for compensation and benefits in accordance with their local market.#JNJTechPrimary Location:
NA-US-New Jersey-RaritanOther Locations:
NA-United States, NA-US-California-MilpitasOrganization:
Johnson & Johnson Services Inc. (6090)
#J-18808-Ljbffr
Johnson and Johnson is currently recruiting for a
Director, Product Security Program Operations
within the Johnson & Johnson Technology (JJT) organization. This role will be based in Milpitas, CA, Raritan, NJ or remote US.At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated and cured, where treatments are smarter and less invasive and solutions are personal.The
Director, Product Security Program Operations
will be responsible for implementation of the ISRM enterprise Product Security strategy and framework. This includes identifying key strategy and goals, collaborating with internal organizations on existing process and policy enhancements, creating and communicating metrics to MedTech leadership, identifying communications plans and raising overall awareness of the capability. Specific responsibilities include supporting MedTech business units throughout a new product’s development phases, reviewing product security requirements and recommending security design solutions, ensuring the franchises meet regulatory expectations in the QMS.Key Responsibilities:Position J&J as a leading voice and expert in medical device product security across all MedTech business units.Ensure the ISRM product security program is integrated into all business unit Quality Management systems.Create, publish and regularly review vulnerability management metrics to drive timely patching across the portfolio of software enabled medical devices and connected digital health solutions.Oversee internal penetration testing capability, including product security lab environment.Build trust and relationships with global stakeholders, government agencies, and regulators, to ensure confidence in the program and products.Drive and shape messaging, policies, and strategic initiatives related to product security.Drive global harmonization of requirements to streamline a shift left mentality.Monitor global regulatory environment trends and changing requirements for product security.Build relationships and internal network to share information and lead initiatives to carry out strategy.Support ongoing SOC-2, HIPAA and other internal and external assessments and certifications.QualificationsEducation:10 years of experience with a bachelor’s degree or 8 years of experience with an advanced degree.Experience and Skills:Required:5 Years of Management Experience.Experience with technical regulatory topics and strong working knowledge of device regulatory requirements.The ideal candidate is a leader in the medical device regulatory, healthcare and cybersecurity policy space.Ability to synthesize and present on complex technical topics.Strong networking and diplomacy skills, ability to build and foster relationships with internal and external regulatory decision makers and industry networks globally.Understanding of Quality Design Control processes and FDA submission processes.Experience with web applications and server hardening (i.e. AWS, Azure) including knowledge of OWASP Top 10 and blue teaming techniques.Hands-on experience with software security tools and platforms like Checkmarx, Black Duck, Jfrog Xray, etc.Hands-on experience with vulnerability assessment tools Qualys, Nexpose, etc.Innovative and strategic thinker.Self-starter and proven leader.Demonstrated ability to be flexible and take a proactive approach to managing change.Excellent written and verbal communication skills.Experience working in a highly regulated industry.Preferred:Experience leading or participating in formal audits (i.e. FDA, TUV, MDR).Knowledge of product or medical device security or MDDS platforms.Working knowledge of microservices architecture and API security.Experience working within Agile methodology.Other:Proficiency in English.Limited travel required, up to 25%, including international travel.Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.For more information on how we support the whole health of our employees throughout their wellness, career and life journey, please visit www.careers.jnj.com.The anticipated base pay range for this position is $142,000 to $244,950.The Company maintains highly competitive, performance-based compensation programs. This position is eligible for an annual performance bonus in accordance with the terms of the applicable plan.Employees and/or eligible dependents may be eligible to participate in the following Company sponsored employee benefit programs: medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance.This position is eligible to participate in the Company’s long-term incentive program.Employees are eligible for the following time off benefits: Vacation – up to 120 hours per calendar year; Sick time - up to 40 hours per calendar year; Holiday pay – up to 13 days per calendar year.The compensation and benefits information set forth in this posting applies to candidates hired in the United States. Candidates hired outside the United States will be eligible for compensation and benefits in accordance with their local market.#JNJTechPrimary Location:
NA-US-New Jersey-RaritanOther Locations:
NA-United States, NA-US-California-MilpitasOrganization:
Johnson & Johnson Services Inc. (6090)
#J-18808-Ljbffr