Senior Product Security Program Manager

Johnson & Johnson Innovative Medicineposted 14 days ago
$120,000 - $238,000/Yr
Full-time • Senior
Cincinnati, OH
Resume Match Score
Upload and Match ResumeTrack Jobs with Teal

About the position

We are seeking the best talent for a Senior Product Security Program Manager to join our MedTech Product Security team. The role can be based in Santa Clara or Irvine, CA; Cincinnati, OH; Raritan, NJ; Danvers, MA. Remote work options may be considered on a case-by-case basis and if approved by the Company. This role may require up to 20% travel. The Senior Product Security Program Manager for Surgery R&D Robotics platforms is responsible for developing and leading the implementation strategy of the global J&J ISRM cybersecurity standards. As the subject matter expert for cybersecurity, you will provide leadership oversight and guide large project teams throughout new product’s development phases, review of product security requirements and recommendations of security design solutions, ensure the team completes Quality documentation, threat modelling, penetration testing, software architecture review and design recommendations, code analysis and other security testing or work as needed. Additionally, this role will lead teams which are responsible for the multiple surgical robotics post market device activities to include: monitoring of new vulnerabilities, ensuring the product security teams are assisting with patching and remediation plans, as well as responding to all customer security questionnaires and reviewing security language within contractual agreements.

Responsibilities

  • Advise and inform R&D stakeholders on cybersecurity standards and best practices
  • Support and advise senior management, product management, project management and R&D leaders on cybersecurity related activities and issues
  • Continuously review, refine, and review all relevant R&D cybersecurity processes to adapt enterprise requirements
  • Assist project teams in the creation of Cyber Security Plans – including overall security design control requirements, patch management strategy and implementation roadmap.
  • Ensure project teams consider industry standards for system hardening and secure coding
  • Conduct threat modeling (e.g. STRIDE, Attack Trees) and risk assessment workshops
  • Define security rule sets and support their implementation in static and dynamic code analyses tools
  • Guide and train project teams to ensure direct and indirect security requirements are understood and implemented
  • Train and support project teams on definition, execution, and documentation of penetration tests
  • Set up and manage an effective vulnerability screening process across products within the BU
  • Implement and manage supply chain security through Software Bill-of-Materials (SBOM)
  • Support all stakeholders on patch management / vulnerability handling
  • Management of cybersecurity findings (internal & external), regular reporting of incidents and metrics (NIST, CVSS Scoring)
  • Triggering, supporting and leading the incident management process
  • Keeps abreast of information security and business trends in the industry through benchmarking and/or participation in professional association
  • Other MedTech cybersecurity related duties as needed

Requirements

  • BS/MS degree in STEM (science, technology, engineering, mathematics) or equivalent.
  • 10+ years of progressive IT or Cybersecurity responsibilities
  • Collaborative and able to effectively interact and communicate with peers, management, and leadership teams on various technical levels
  • Proficiency in performing risk and impact assessments and determining treatment strategies
  • Familiar with threat modeling, penetration testing, stress testing and vulnerability screening
  • Basic understanding of privacy enhancing technologies and regulations such as GDPR
  • Familiar with methods and tools of modern software development on different platforms
  • Ability to create and deliver cybersecurity awareness campaigns and other communications
  • Ability to translate technical security requirements into solutions
  • Ability to provide secure coding recommendations
  • Ability to lead large projects and proven ability to track to project plan timelines from a security perspective
  • Ability to write technical security requirements for embedded systems and web platforms
  • Creative problem-solving skills
  • Customer focus (internal & external)
  • Excellent communication and collaboration skills, able to network, interface and influence at all levels of the organization, cross sector, cross-functionally and globally
  • Strong leadership and project management skills
  • CISM/CISSP or other security leadership certification

Nice-to-haves

  • Direct experience with HIPAA, FDA and other security and privacy governance
  • Experience leading or participating in formal security audits (i.e. HITRUST, SOC2, FedRAMP)
  • Familiarity with FDA and/or other global regulatory cybersecurity guidance requirements and submission process
  • Experience with web applications and server hardening (i.e. AWS, Azure) including knowledge of OWASP Top 10 and blue teaming techniques
  • Software development experience

Benefits

  • medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance
  • consolidated retirement plan (pension) and savings plan (401(k))
  • Vacation – up to 120 hours per calendar year
  • Sick time - up to 40 hours per calendar year; for employees who reside in the State of Washington – up to 56 hours per calendar year
  • Holiday pay, including Floating Holidays – up to 13 days per calendar year
  • Work, Personal and Family Time - up to 40 hours per calendar year
Build your resume with AI

A Smarter and Faster Way to Build Your Resume

Go to AI Resume Builder

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service