What you'd actually do

Partner with engineering and other cross-functional teams (cloud, console, pump, etc.) to drive successful adherence to J&J Heart Recovery's product security program.

Deliver documentation for pre-market development activities including security plans, architecture and data flow diagrams, threat models, requirements, SBOM, and risk documentation.

Define and implement key management infrastructure (PKI, HSMs, TPMs, and secure enclave integration) for device identity, authentication, and software signing.

Monitor and drive post-market vulnerability management activities, with adherence to strict timelines.

Support compliance certification activities, such as SOC2, FedRAMP, ISO 27001, etc.

Skills

Required

Bachelor’s degree in Computer Science, Information Systems, or related field.
4+ years industry experience in Information Security.
Working knowledge of regulatory standards and compliance frameworks (e.g., NIST Cybersecurity Framework, ISO27001, SOC2, HIPAA, GDPR).
Experience with security risk management techniques and tactics.
Experience working in a regulated environment, FDA-regulated preferred.

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at jnj.com

As guided by Our Credo, Johnson & Johnson is responsible to our employees who work with us throughout the world. We provide an inclusive work environment where each person is considered as an individual. At Johnson & Johnson, we respect the diversity and dignity of our employees and recognize their merit.

**Job Function: **

Technology Enterprise Strategy & Security

**Job Sub Function: **

Solution Architecture

Job Category:

Scientific/Technology

All Job Posting Locations:

Danvers, Massachusetts, United States of America, Raritan, New Jersey, United States of America

Job Description:

J&J Heart Recovery is redefining team-driven success while reshaping heart recovery. Here, new ideas are welcomed and encouraged, learning is constant, and our dynamic setting enables positive people to do profoundly important work.

As the solutions we provide to patients and health care providers evolve from a technological standpoint, we must remain vigilant in our cybersecurity efforts to ensure we are providing the highest quality devices. We accomplish this by incorporating cybersecurity activities across the total-product-lifecycle of our solutions and integrating these processes with our Quality Management System.

Are you passionate about security and interested in joining a community of collaborative colleagues working in a Patient First! culture If that’s you, heart recovery has an immediate opportunity for a Product Security Analyst to join the newly formed Product Security team to help ensure security is implemented by design for this top-performing medical device company. This is an exciting opportunity to impact development initiatives that will shape future product development and industry standards. You will own the Product Security process that includes both pre-market and post-market processes engineering teams leverage throughout the product development lifecycle. If you are eager to leverage your security risk and compliance skills to make a difference and directly impact patient lives, this could be perfect for you.

Primary Duties And Responsibilities:

Partner with engineering and other cross-functional teams (cloud, console, pump, etc.) to drive successful adherence to J&J Heart Recovery's product security program.
Deliver documentation for pre-market development activities including security plans, architecture and data flow diagrams, threat models, requirements, SBOM, and risk documentation.
Define and implement key management infrastructure (PKI, HSMs, TPMs, and secure enclave integration) for device identity, authentication, and software signing.
Monitor and drive post-market vulnerability management activities, with adherence to strict timelines.
Support compliance certification activities, such as SOC2, FedRAMP, ISO 27001, etc.
Identify, research, evaluate, and integrate new compliance requirements and industry standards/trends into the product security program.
Guide teams to make decisions that balance business needs with security objectives.
Thinks across organizational boundaries and empathizes with customers, both internal and external.
Perform other related duties and responsibilities, as assigned.

Job Qualifications:

Bachelor’s degree in Computer Science, Information Systems, or related field.
4+ years industry experience in Information Security.
Working knowledge of regulatory standards and compliance frameworks (e.g., NIST Cybersecurity Framework, ISO27001, SOC2, HIPAA, GDPR).
Experience with security risk management techniques and tactics.
Experience working in a regulated environment, FDA-regulated preferred.
Demonstrated organizational skills, attention to detail, the ability to handle multiple assignments simultaneously in a timely manner and be able to meet assigned deadlines.
Committed to working with a sense of urgency and embracing new challenges.
Strong communication and interpersonal skills.

**Other: **

Up to 20% travel.

#LI-Hybrid

#JNJTECH

Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.

Johnson & Johnson is committed to providing an interview process that is inclusive of our applicants’ needs. If you are an individual with a disability and would like to request an accommodation, please contact us via https://www.jnj.com/contact-us/careers or contact AskGS to be directed to your accommodation resource.

Required Skills:

Preferred Skills:

The anticipated base pay range for this position is :

The anticipated base pay range for this position is: $94,000- $151,800

Additional Description for Pay Transparency:

Subject to the terms of their respective plans, employees and/or eligible dependents are eligible to participate in the following Company sponsored employee benefit programs: medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance. Subject to the terms of their respective plans, employees are eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)). Subject to the terms of their respective policies and date of hire, Employees are eligible for the following time off benefits: Vacation –120 hours per calendar year Sick time - 40 hours per calendar year; for employees who reside in the State of Washington –56 hours per calendar year Holiday pay, including Floating Holidays –13 days per calendar year Work, Personal and Family Time - up to 40 hours per calendar year Parental Leave – 480 hours within one year of the birth/adoption/foster care of a child Condolence Leave – 30 days for an immediate family member: 5 days for an extended family member Caregiver Leave – 10 days Volunteer Leave – 4 days Military Spouse Time-Off – 80 hours Additional information can be found through the link below. https://www.careers.jnj.com/employee-benefits