Director, Product Security at Johnson & Johnson

What you'd actually do

Define and lead the global product security strategy aligned with DePuy Synthes business objectives and regulatory requirements.

Establish and oversee product security governance, standards, and secure development lifecycle practices across hardware, software, and connected medical devices.

Partner with R&D, Quality, Regulatory Affairs, and IT to integrate cybersecurity risk management into product design, development, and post‑market activities.

Lead global teams and external partners delivering product security services, tools, and capabilities that enable scalable and consistent execution.

Oversee vulnerability management, threat modeling, penetration testing, and incident response activities related to product security.

Skills

Required

cybersecurity leadership
product security leadership
global scope
matrixed environments
securing complex software-enabled or connected products
regulated industries
secure product development
vulnerability management
cybersecurity risk management frameworks
lead and develop high-performing global teams
service-based operating models
Executive-level communication
stakeholder management

Nice to have

medical devices
healthcare technology
life sciences
FDA cybersecurity guidance
IEC 62304
ISO 14971
enabling cybersecurity capabilities within shared services
global enablement models

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at jnj.com

As guided by Our Credo, Johnson & Johnson is responsible to our employees who work with us throughout the world. We provide an inclusive work environment where each person is considered as an individual. At Johnson & Johnson, we respect the diversity and dignity of our employees and recognize their merit.

**Job Function: **

Technology Product & Platform Management

**Job Sub Function: **

Technical Product Management

Job Category:

People Leader

All Job Posting Locations:

Palm Beach Gardens, Florida, United States of America, Raritan, New Jersey, United States of America, Raynham, Massachusetts, United States of America, Warsaw, Indiana, United States of America, West Chester, Pennsylvania, United States of America

Job Description:

DePuy Synthes is recruiting for a(n) Director, Product Security; this Hybrid position will be in Raynham, MA (USA). Alternate Hybrid locations may be considered at Raritan, NJ (USA), West Chester, PA (USA), Warsaw, IN (USA), Palm Beach Gardens, FL (USA) OR Pune, India.

Please note that this role is available across multiple countries and may be posted under different requisition numbers to comply with local requirements. While you are welcome to apply to any or all of the postings, we recommend focusing on the specific country(s) that align with your preferred location(s):

Raynham, MA (USA) - Requisition Number: R-072543

Pune, India - Requisition Number: R-073299

Remember, whether you apply to one or all of these requisition numbers, your applications will be considered as a single submission.

Johnson & Johnson announced plans to separate our Orthopedics business to establish a standalone orthopedics company, operating as DePuy Synthes. The process of the planned separation is anticipated to be completed within 18 to 24 months, subject to legal requirements, including consultation with works councils and other employee representative bodies, as may be required, regulatory approvals and other customary conditions and approvals. Should you accept this position, it is anticipated that, following conclusion of the transaction, you would be an employee of DePuy Synthes and your employment would be governed by DePuy Synthes employment processes, programs, policies, and benefit plans. In that case, details of any planned changes would be provided to you by DePuy Synthes at an appropriate time and subject to any necessary consultation processes.

Job Overview:

The Director, Product Security is a senior leadership role responsible for defining and executing the global product security strategy for DePuy Synthes’ medical device and digital product portfolio. This role ensures that cybersecurity is embedded across the product lifecycle—from design and development through deployment and post‑market support—while enabling innovation, regulatory compliance, and patient safety. As part of Global Services Enablement, this leader partners closely with R&D, Quality, Regulatory, IT, and external stakeholders to strengthen security capabilities at scale and protect patients, customers, and the business, and reports into the DePuy Synthes Technology organization.

Key Responsibilities:

Define and lead the global product security strategy aligned with DePuy Synthes business objectives and regulatory requirements.

Establish and oversee product security governance, standards, and secure development lifecycle practices across hardware, software, and connected medical devices.
Partner with R&D, Quality, Regulatory Affairs, and IT to integrate cybersecurity risk management into product design, development, and post‑market activities.
Lead global teams and external partners delivering product security services, tools, and capabilities that enable scalable and consistent execution.
Oversee vulnerability management, threat modeling, penetration testing, and incident response activities related to product security.
Ensure compliance with global cybersecurity and medical device regulations, standards, and guidance (e.g., FDA, ISO, IEC).
Provide executive‑level reporting and insights on product security risks, trends, and performance to senior leadership.
Build a strong product security culture through training, awareness, and continuous improvement initiatives.

Qualifications:

Education:

Required: Bachelor’s degree in Computer Science, Engineering, Information Security, or a related technical field.
Preferred: Master’s degree in Cybersecurity, Engineering, or Business Administration.

Experience and Skills:

Required:

10-12 years of experience in cybersecurity or product security leadership roles, including global scope and matrixed environments.
Demonstrated experience securing complex software‑enabled or connected products, preferably within regulated industries.
Strong knowledge of secure product development, vulnerability management, and cybersecurity risk management frameworks.
Proven ability to lead and develop high‑performing global teams and service‑based operating models.
Executive‑level communication and stakeholder management skills, with the ability to influence across functions.

Preferred:

Experience in medical devices, healthcare technology, or life sciences.
Familiarity with FDA cybersecurity guidance, IEC 62304, ISO 14971, and related standards.
Experience enabling cybersecurity capabilities within shared services or global enablement models.
Background in cloud, embedded systems, or IoT security.

Other:

Languages: English (fluent). Additional languages are a plus.
Travel: Up to 20% domestic and international.
Certifications (preferred): CISSP, CISM, CSSLP, or equivalent.

For more information on how we support the whole health of our employees throughout their wellness, career and life journey, please visit www.careers.jnj.com.

Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.

Johnson & Johnson is committed to providing an interview process that is inclusive of our applicants’ needs. If you are an individual with a disability and would like to request an accommodation, external applicants please contact us via https://www.jnj.com/contact-us/careers, internal employees contact AskGS to be directed to your accommodation resource.

#DePuySynthesCareers

#LI-Hybrid

Required Skills:

Preferred Skills:

Analytical Reasoning, Cost Management, Developing Others, Fact-Based Decision Making, Human-Computer Interaction (HCI), Inclusive Leadership, Leadership, New Program Development, Performance Measurement, Product Development, Product Strategies, Project Management Methodology (PMM), Research and Development, Software Development Management, Stakeholder Management, Strategic Supply Chain Management

The anticipated base pay range for this position is :

$150,000.00 - $258,750.00

Additional Description for Pay Transparency:

Subject to the terms of their respective plans, employees are eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)).

This position is eligible to participate in the Company’s long-term incentive program.

Subject to the terms of their respective policies and date of hire, employees are eligible for the following time off benefits:

Vacation –120 hours per calendar year

Sick time - 40 hours per calendar year; for employees who reside in the State of Colorado –48 hours per calendar year; for employees who reside in the State of Washington –56 hours per calendar year

Holiday pay, including Floating Holidays –13 days per calendar year

Work, Personal and Family Time - up to 40 hours per calendar year

Parental Leave – 480 hours within one year of the birth/adoption/foster care of a child

Bereavement Leave – 240 hours for an immediate family member: 40 hours for an extended family member per calendar year

Caregiver Leave – 80 hours in a 52-week rolling period10 days

Volunteer Leave – 32 hours per calendar year

Military Spouse Time-Off – 80 hours per calendar year

For additional general information on Company benefits, please go to: - https://www.careers.jnj.com/employee-benefits

**Job Function: **

Technology Product & Platform Management

**Job Sub Function: **

Technical Product Management

Job Category:

People Leader

All Job Posting Locations:

Job Description:

Raynham, MA (USA) - Requisition Number: R-072543

Pune, India - Requisition Number: R-073299

Remember, whether you apply to one or all of these requisition numbers, your applications will be considered as a single submission.

Job Overview:

Key Responsibilities:

Define and lead the global product security strategy aligned with DePuy Synthes business objectives and regulatory requirements.

Establish and oversee product security governance, standards, and secure development lifecycle practices across hardware, software, and connected medical devices.
Partner with R&D, Quality, Regulatory Affairs, and IT to integrate cybersecurity risk management into product design, development, and post‑market activities.
Lead global teams and external partners delivering product security services, tools, and capabilities that enable scalable and consistent execution.
Oversee vulnerability management, threat modeling, penetration testing, and incident response activities related to product security.
Ensure compliance with global cybersecurity and medical device regulations, standards, and guidance (e.g., FDA, ISO, IEC).
Provide executive‑level reporting and insights on product security risks, trends, and performance to senior leadership.
Build a strong product security culture through training, awareness, and continuous improvement initiatives.

Qualifications:

Education:

Required: Bachelor’s degree in Computer Science, Engineering, Information Security, or a related technical field.
Preferred: Master’s degree in Cybersecurity, Engineering, or Business Administration.

Experience and Skills:

Required:

10-12 years of experience in cybersecurity or product security leadership roles, including global scope and matrixed environments.
Demonstrated experience securing complex software‑enabled or connected products, preferably within regulated industries.
Strong knowledge of secure product development, vulnerability management, and cybersecurity risk management frameworks.
Proven ability to lead and develop high‑performing global teams and service‑based operating models.
Executive‑level communication and stakeholder management skills, with the ability to influence across functions.

Preferred:

Experience in medical devices, healthcare technology, or life sciences.
Familiarity with FDA cybersecurity guidance, IEC 62304, ISO 14971, and related standards.
Experience enabling cybersecurity capabilities within shared services or global enablement models.
Background in cloud, embedded systems, or IoT security.

Other:

Languages: English (fluent). Additional languages are a plus.
Travel: Up to 20% domestic and international.
Certifications (preferred): CISSP, CISM, CSSLP, or equivalent.

For more information on how we support the whole health of our employees throughout their wellness, career and life journey, please visit www.careers.jnj.com.

#DePuySynthesCareers

#LI-Hybrid

Required Skills:

Preferred Skills:

The anticipated base pay range for this position is :

$150,000.00 - $258,750.00

Additional Description for Pay Transparency:

Subject to the terms of their respective plans, employees are eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)).

This position is eligible to participate in the Company’s long-term incentive program.

Subject to the terms of their respective policies and date of hire, employees are eligible for the following time off benefits:

Vacation –120 hours per calendar year

Holiday pay, including Floating Holidays –13 days per calendar year

Work, Personal and Family Time - up to 40 hours per calendar year

Parental Leave – 480 hours within one year of the birth/adoption/foster care of a child

Bereavement Leave – 240 hours for an immediate family member: 40 hours for an extended family member per calendar year

Caregiver Leave – 80 hours in a 52-week rolling period10 days

Volunteer Leave – 32 hours per calendar year

Military Spouse Time-Off – 80 hours per calendar year

For additional general information on Company benefits, please go to: - https://www.careers.jnj.com/employee-benefits

What you'd actually do

Skills

Required

Nice to have

What the JD emphasized