Johnson & Johnson Careers

Product Security Senior Manager

Raritan, New Jersey; Cincinnati, Ohio; Mountain View, California
Information Security

Job Description

Requisition ID: 1432190405

The Product Security team within Johnson & Johnson’s Information Security & Risk Management (ISRM) is recruiting for a Digital Surgery and Product Security Senior Manager responsible for supporting the design and development, testing and post market management of Products manufactured by the Johnson & Johnson Family of Companies globally. In this position, the preferred location is Mountain View, CA, Raritan, NJ or Cincinnati, OH.

Caring for the world, one person at a time has inspired and united the people of Johnson & Johnson for over 130 years. We embrace research and science -- bringing innovative ideas, products and services to advance the health and well-being of people.

With $81.6 billion in 2018 sales, Johnson & Johnson is the world's most comprehensive and broadly-based manufacturer of health care products, as well as a provider of related services, for the consumer, pharmaceutical, and medical devices markets. There are more than 250 Johnson & Johnson operating companies employing over 125,000 people and with products touching the lives of over a billion people every day, throughout the world. If you have the talent and desire to touch the world, Johnson & Johnson has the career opportunities to help make it happen.

The Senior Manager will join the Johnson & Johnson Product Security team, whose overall mission is to ensure all products of the Johnson & Johnson Family of Companies are built on Cybersecurity best practices and Cybersecurity Risks in marketed products are properly managed to support our customer’s safety and security.

The main responsibility of this role is to help ensure software, hardware, and related components in products of the J&J Family of Companies are protected from cyber-attacks. In this role, you will be a part of a growing team, and will be integral in the future of crafting the digital surgery and product security practices for Johnson & Johnson. Your responsibilities will include identifying and managing key strategies and goals, partnering with internal organizations on process and policy enhancements, creating and presenting metrics to senior management, identifying communications plans and raising overall awareness of the capability. This is essential for patient safety and confidence in Johnson & Johnson products.

  • Engages in Credo-based decision-making
  • Identify and drive Digital Surgery and Product Security strategy and goals
  • Partner with internal organizations to enhance existing processes and policies
  • Create and present metrics to senior management
  • Partner with external organizations and industry groups to represent Johnson & Johnson
  • Provide Cybersecurity Engineering SME support for Digital Surgery and Product Development Teams
  • Architect effective security strategies for Healthcare Technology solutions, specifically Software as a Medical Device (SaMD), Medical Device Data Systems, and backed infrastructure
  • Model and mitigate threats based on actual techniques and tools used by malicious attackers

  • A minimum of a Bachelor’s degree is required; preferably in computer science, risk management, security, or a related major
  • A minimum of 8 years of relevant experience is required
  • A minimum of 3 years of Product Security experience is recommended
  • CISSP, or similar certification preferred
  • Highly effective internal and external communicator with exceptional oral, written and presentation skills is required
  • Willingness and the ability to learn in a dynamic environment is required
  • A real passion for, and knowledge of, leading and new technologies is required
  • An understanding of Software as a Medical Device, embedded system security, application security mechanisms, such as authentication and authorization techniques, data validation, and the proper use of encryption is required
  • An understanding of, and the ability to recognize, various types of application, infrastructure, and protocol security vulnerabilities is required
  • Knowledge of OWASP Top 10, CVSS, and CVE is required
  • knowledge of continuous integration and continuous delivery security pipeline is required.
  • Proven analytical and problem-solving skills, as well as the desire to assist others in solving issues is required
  • Highly motivated with the willingness to take ownership / responsibility for their work as well as the ability to work alone or as part of a team is required
  • This position may sit in Mountain View, CA, Raritan, NJ or Cincinnati, OH (or any location within US) and will require up to 20% travel

Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

Primary Location
United States-New Jersey-Raritan-
Other Locations
North America-United States-Ohio-Cincinnati, North America-United States-California-Mountain View
Depuy Orthopaedics. Inc. (6029)
Job Function
Information Security
Requisition ID