Johnson & Johnson Careers


Cincinnati, Ohio; United States
Information Security

Job Description

Requisition ID: 2804180925

The Product Security team within Johnson & Johnson’s Information Security & Risk Management (ISRM) is recruiting for a Product Security Senior Manager responsible for supporting the design and development, testing and post market management of Products, specifically Software as a Medical Device, manufactured by the Johnson & Johnson Family of Companies globally. In this position, the preferred location is Fort Washington, PA or at a J&J location within United States. 

Caring for the world, one person at a time has inspired and united the people of Johnson & Johnson for over 125 years. We embrace research and science -- bringing innovative ideas, products and services to advance the health and well-being of people. Employees of the Johnson & Johnson Family of Companies work with partners in health care to touch the lives of over a billion people every day, throughout the world.

The Senior Manager will join the Johnson & Johnson Product Security team, whose overall mission is to ensure all products of the Johnson & Johnson Family of Companies are built on Cybersecurity best practices and Cybersecurity Risks in marketed products are properly managed to support our customer’s safety and security.

The main responsibility of this role is to help ensure software, hardware, and related components in products of the J&J Family of Companies are protected from cyber-attacks. In this role, you will be a part of a growing team, and will be integral in the future of crafting the product security practices for Johnson & Johnson. Your responsibilities will include identifying and managing key strategies and goals, partnering with internal organizations on process and policy enhancements, creating and presenting metrics to senior management, identifying communications plans and raising overall awareness of the capability. This is essential for patient safety and confidence in Johnson & Johnson products.

  • Engages in Credo-based decision-making
  • Identify and drive Product Security strategy and goals
  • Partner with internal organizations to enhance existing processes and policies
  • Create and present Product Security metrics to senior management
  • Identify communications plans and raise awareness of Product Security capability
  • Partner with external organizations and industry groups to represent Johnson & Johnson
  • Provide Cybersecurity Engineering SME support for Product Security Officers and Product Development Teams
  • Architect effective security strategies for Healthcare Technology solutions, specifically Software as a Medical Device (SaMD)
  • Replicate the actual techniques and tools used by malicious attackers to model potential threats

  • A minimum of a Bachelor’s degree is required; preferably in computer science, risk management, security, or a related major
  • A minimum of 8 years of relevant experience is required
  • A minimum of 3 years of Product Security experience is required
  • Expert knowledge of Product Security and proven ability to influence/collaborate to get to desired result
  • CISSP required
  • Highly effective internal and external communicator with exceptional oral, written and presentation skills is required
  • Willingness and the ability to learn in a dynamic environment is required
  • A real passion for, and knowledge of, leading and new technologies is required
  • An understanding of Software as a Medical Device, embedded system security, application security mechanisms, such as authentication and authorization techniques, data validation, and the proper use of encryption is required
  • An understanding of, and the ability to recognize, various types of application, infrastructure, and protocol security vulnerabilities is required
  • Knowledge of OWASP Top 10, CVSS, and CVE is required
  • Proven analytical and problem-solving skills, as well as the desire to assist others in solving issues is required
  • Highly motivated with the willingness to take ownership / responsibility for their work as well as the ability to work alone or as part of a team is required
  • This position may sit in Fort Washington, PA, Raritan, NJ or Cincinnati, OH (or any location within US) and will require up to 20% travel

Thriving on a diverse company culture, celebrating the uniqueness of our employees and committed to inclusion, we are proud to be an equal opportunity employer.

Primary Location
United States-Ohio-Cincinnati-
Other Locations
North America-United States
Depuy Orthopaedics. Inc. (6029)
Job Function
Information Security
Requisition ID