Johnson & Johnson's MedTech Product Security team is recruiting for an experienced Product Security Senior Manager to be based at any of our MedTech Surgery sites - Cincinnati, OH or Raritan, NJ. Remote work options may be considered on a case-by-case basis and if approved by the Company. This may require up to 20% travel.

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at https://www.jnj.com/ .

The Senior Product Security Program Manager for J&J's MedTech Surgery platforms owns the development and implementation strategy of the global J&J ISRM product cybersecurity standards. As the domain expert for cybersecurity, you will provide leadership oversight and guide the team throughout new product's development phases, review of product security requirements and recommendations of security design solutions, complete quality documentation, threat modelling, penetration testing, software architecture review and design recommendations, code analysis and other security testing work as needed.

Additionally, post market responsibilities for MedTech Surgery marketed devices include monitoring for new vulnerabilities, assisting with patching and remediation plans, incident response support, responding to customer security questionnaires and reviewing security language within contractual agreements.

Key Responsibilities:

• A core member of the MedTech Surgery Product Security Team collaborating with multi-functional teams to achieve the best patient outcomes through establishing relationships with various partners.
• Champion Product Security strategy and objectives within MedTech Surgery.
• Partner with internal organizations to improve existing processes and policies.
• Build and present Product Security metrics to management.
• Responsible and accountable to implement Product Security governance model in collaboration with various partners for MedTech Surgery pre and post market medical devices.
• Perform automated code scanning and coordinate formal security testing
• Support customer cybersecurity questionnaires and contractual language for post-market medical devices in close collaboration with a deployment team.
• Experience using SCA, binary, or other scanning tools or methodologies to compile a Software Bill of Materials (SBOM) and Manufacturer Disclosure Statement for Medical Device Security (MDS2).
• Supporting and driving the incident management process
• Other MedTech cybersecurity related duties as needed.