Product Security Senior Manager
$120,000 - $207,000/Yr
Johnson & Johnson - Milpitas, CA
posted about 2 months ago
Full-time - Senior
Remote - Milpitas, CA
Chemical Manufacturing
About the position
The Product Security Senior Manager at Johnson & Johnson's MedTech division is responsible for implementing the enterprise Product Security strategy and framework across the Surgical Vision medical device portfolio. This role involves collaborating with internal teams to enhance processes, creating metrics for senior management, and ensuring adherence to security governance for both pre and post-market medical devices. The position requires a proactive approach to identifying security opportunities and managing product security throughout the product lifecycle.
Responsibilities
- Implement J&J's enterprise Product Security strategy and framework for JJSV medical devices.
- Collaborate with internal organizations to enhance existing processes and policies.
- Create and present Product Security metrics to senior management.
- Implement and enforce Product Security governance model for JJSV pre and post market medical devices.
- Perform automated code scanning and coordinate formal security testing.
- Respond to customer cybersecurity questionnaires and contractual language for all post-market medical devices.
- Support JJSV throughout new product development phases, including security requirements review and design recommendations.
- Monitor for new vulnerabilities and assist with patching and remediation plans.
Requirements
- Bachelor's degree or equivalent.
- A minimum of 10 years of progressive experience in leadership roles within information technology or cybersecurity functions.
- Experience in threat modeling and data privacy (GDPR and CCPA).
- Understanding of HIPAA/HITRUST & ISO 27001.
- Knowledge of penetration testing, vulnerability scanning, and general security testing principles.
- Ability to work autonomously and proactively seek out security opportunities.
- Knowledge of operating systems hardening techniques (i.e., QNX, Windows Embedded).
- Ability to create and deliver cybersecurity awareness campaigns.
- Strong communication and collaboration skills, able to influence at all organizational levels.
- Proven leadership skills and ability to lead large projects.
Nice-to-haves
- Experience leading or participating in formal security audits (i.e., HITRUST, SOC2, FedRAMP).
- Familiarity with FDA and global regulatory cybersecurity guidance requirements.
- Experience with web applications and server hardening (i.e., AWS, Azure).
- Experience in cybersecurity pre-sales.
- Software development experience.
- CISSP or other security certification.
- MS and/or advanced degree.
Benefits
- Medical insurance
- Dental insurance
- Vision insurance
- Life insurance
- Short- and long-term disability insurance
- Business accident insurance
- Group legal insurance
- 401(k) retirement plan
- Vacation time (up to 120 hours per year)
- Sick time (up to 40 hours per year)
- Holiday pay (up to 13 days per year)
- Floating Holidays
- Work, Personal and Family Time (up to 40 hours per year)
