Johnson & Johnson Careers
Product Security Incident Manager
Requisition ID: 0734180910
The Product Security team within Johnson & Johnson’s Information Security & Risk Management (ISRM) is recruiting for a Product Security Incident Manager to manage Cybersecurity events across Marketed Products of the Johnson & Johnson Family of Companies globally. In this position, you will have the option to sit at any J&J site within NJ or PA with a preferred location of Fort Washington, PA.
Caring for the world, one person at a time has inspired and united the people of Johnson & Johnson for over 125 years. We embrace research and science -- bringing innovative ideas, products and services to advance the health and well-being of people. Employees of the Johnson & Johnson Family of Companies work with partners in health care to touch the lives of over a billion people every day, throughout the world.
This Manager position will join the Johnson & Johnson Product Security team, whose overall mission is to ensure all products of the Johnson & Johnson Family of Companies are built on Cybersecurity best practices and that Cybersecurity Risks are properly managed in marketed products to support our customer’s safety and security.
The responsibilities of this role include leading the overall strategy, process, timelines, resources and progress for event handling pertaining to Products of the Johnson & Johnson Family of Companies. The successful candidate will work with Product Security Managers/Officers, product teams and functional groups on determining objectives, scope, analysis, actions and timelines for responding to security events. This is essential for patient safety and confidence in products of the Johnson & Johnson Family of Companies.
- Engages in Credo-based decision-making
- Identify and drive Product Security Incident Management strategy and goals
- Partner with internal organizations to enhance existing processes and policies
- Manage Product Security Post Market Management and Vulnerability Disclosure processes
- Create and/or present Product Security metrics to senior management
- Create and manage adhoc cross functional working groups to ensure timely and effective incident management
- Manage the ongoing assessment and testing program for marketed products
- Identify communications plans and raise awareness of Product Security capability
- Partner with external organizations and industry groups to represent Johnson & Johnson
- Engage with Government entities as necessary (e.g. US FDA, DHS ICS-CERT)
- A minimum of a Bachelor’s degree is required; preferably in computer science, risk management, security, or a related major
- A minimum of 6 year of relevant experience is required
- A minimum of 2 years of Product Security experience or proven ability to operate cross functionally to execute enterprise wide initiatives is required
- CERT-Certified Computer Security Incident Handler, GCIH, CISSP, preferred
- Highly effective internal and external communicator with exceptional oral, written and presentation skills is required
- Experience working with the US Federal Government is strongly preferred
- Willingness and the ability to learn in a dynamic environment is required
- A real passion for, and knowledge of, leading and new technologies is required
- An understanding of, and the ability to recognize, various types of application, infrastructure, and protocol security vulnerabilities is required
- Knowledge of OWASP Top 10, CVSS, and CVE is required
- Highly motivated with the willingness to take ownership / responsibility for your work as well as the ability to work alone or as part of a team is required
- This position will sit in either PA (preferably Fort Washington, PA), NJ or Washington, DC and will require up to 20% travel
Thriving on a diverse company culture, celebrating the uniqueness of our employees and committed to inclusion, we are proud to be an equal opportunity employer.
United States-Pennsylvania-Fort Washington
North America-United States-New Jersey, North America-United States-Pennsylvania, North America-United States-District of Columbia-Washington
Johnson & Johnson Services Inc. (6090)