At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at https://www.jnj.com **Job Function:** Technology Enterprise Strategy & Security **Job Sub** **Function:** Security & Controls **Job Category:** People Leader **All Job Posting Locations:** Athens, Georgia, United States of America, Belleville, Illinois, United States, Cincinnati, Ohio, United States of America, Colorado Springs, Colorado, United States of America, Danvers, Massachusetts, United States of America, Halethorpe, Maryland, United States of America, Indianapolis, Indiana, United States, Irvine, California, United States of America, Jacksonville, Florida, United States of America, Minneapolis, Minnesota, United States of America, New Brighton, Minnesota, United States of America, Plymouth, Minnesota, United States of America, Raritan, New Jersey, United States of America, Raynham, Massachusetts, United States of America, Tampa, Florida, United States of America, West Chester, Pennsylvania, United States of America **Job Description:** Johnson & Johnson MedTech is currently recruiting for a Director, Product Security within our Information Security and Risk Management (ISRM) organization. The preferred locations for this hybrid role are Raritan, NJ and Irvine, CA. Candidates based near other J&J MedTech sites in the US will be considered on a case by case basis. This position provides direct product security leadership for the Electrophysiology, Circulatory & Restoration, and Orthopaedics business segments of J&J MedTech. The ideal candidate is a hands-on technical leader with regulatory and commercial awareness, able to simplify complex security topics to various audiences. This role leads a team of security engineers with responsibility for further developing and operating a comprehensive ISRM product security program, including product security architecture, cybersecurity engineering, threat modeling, penetration testing, standards compliance, cybersecurity incident response and the processes and procedures that support these initiatives. Additional responsibilities will include, but not be limited to: **Key Responsibilities** + Define and execute the product security strategy aligned with business priorities, FDA/MDR/524B expectations, and QMS requirements. + Lead and grow a global product security engineering team, fostering collaboration that balances technical rigor with business needs. + Implement security controls including secure boot, firmware signing, secure updates, encryption and key management, access control, logging, and secure communications (e.g. TLS/mTLS). + Oversee security integration across medical devices, software, mobile applications, embedded devices, and cloud environments (AWS/Azure IoT). + Partner with Regulatory, Quality, Legal, Privacy, and Commercial teams to ensure cybersecurity requirements are built into Class I, II, and III devices, supporting PMA and 510(k) submissions. + Champion DevSecOps, secure SDLC, SBOM validation, and vulnerability management across device and software platforms. + Lead post-market security activities including vulnerability disclosures, CAPAs, patching, and incident response. + Act as senior product security SME with customers, hospital IT/IS staff, and clinicians, translating technical requirements into clear business and clinical impact. + Support commercial teams with security playbooks, training, and pre-sale/post-installation engagements. + Represent product security in FDA and international regulatory inspections, reinforcing trust in our devices. + Monitor threat intelligence, cloud telemetry, and field usage to proactively identify risks and strengthen resilience. **Qualifications** + Bachelor’s degree in Biomedical Engineering, Computer Science, Cybersecurity, or related field (advanced degree preferred), or equivalent experience. + 15+ years of MedTech experience in R&D, engineering, product development, medical devices, or product security, with 5+ years in leadership. + Proven expertise in Class I (MDDS/SaMD), Class II, and Class III medical devices, including 510(k) and PMA submissions. + Experience with medical devices, cloud/mobile platforms, EMR integrations (HL7), and/or connected product solutions. + Knowledge of device and software security, including secure boot and system integrity, trusted hardware, secure coding, identity and access management, and integrating security into the development lifecycle (DevSecOps). + Familiarity with FDA cybersecurity guidance, ISO/IEC 81001-5-1, NIST CSF, and global frameworks. + Demonstrated success bridging Engineering, Quality, Regulatory, Legal, Privacy, and Commercial functions. + Strong R&D engineering experience in medical devices and product development is highly valued. + Certifications (nice to have): CISSP, CSSLP, CISM, CISA, or equivalent. Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act. Johnson & Johnson is committed to providing an interview process that is inclusive of our applicants’ needs. If you are an individual with a disability and would like to request an accommodation, please contact us via https://www.jnj.com/contact-us/careers or contact AskGS to be directed to your accommodation resource. \#LI-Hybrid **The anticipated base pay range for this position is :** $146,000 to $251,850 Additional Description for Pay Transparency: Company maintains highly competitive, performance-based compensation programs. Under current guidelines, this position is eligible for an annual performance bonus in accordance with the terms of the applicable plan. The annual performance bonus is a cash bonus intended to provide an incentive to achieve annual targeted results by rewarding for individual and the corporation’s performance over a calendar/performance year. Bonuses are awarded at the Company’s discretion on an individual basis. Employees and/or eligible dependents may be eligible to participate in the following Company sponsored employee benefit programs: medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance. • Employees may be eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)). • This position is eligible to participate in the Company’s long-term incentive program. • Employees are eligible for the following time off benefits: • Vacation – up to 120 hours per calendar year • Sick time - up to 40 hours per calendar year; for employees who reside in the State of Washington – up to 56 hours per calendar year • Holiday pay, including Floating Holidays – up to 13 days per calendar year of Work, Personal and Family Time - up to 40 hours per calendar year • Additional information can be found through the link below. https://www.careers.jnj.com/employee-benefits