Director, DSP Cybersecurity - 2306122205W

Description

Johnson & Johnson is currently recruiting for a Director of DSP Cybersecurity to engineer, deploy and securely operate the Digital Surgery Platform (DSP) and all supporting product teams, processes, and procedures. The DSP is a cloud-native connectivity hub providing a single centralized platform enabling J&J’s MedTech portfolio of devices to realize the numerous benefits of connectivity. This role will align the platform with industry best practices without compromising business priorities or regulatory requirements for our digital surgery ecosystem and its numerous applications and connected devices. This position is based in Raritan, NJ, or Santa Clara, CA. The anticipated pay range for this role is $137,000 -$235,750.

As the world’s most comprehensive MedTech business, J&J Medical Technology Companies are building on a century of experience, merging science and technology, to shape the future of health and benefit even more people around the world. With our unparalleled breadth, depth, and reach across surgery, orthopedics, and interventional solutions, we’re working to profoundly change the way care is delivered. We are in this for life. For more information, visit www.jnjmedtech.com/en-US

The Director for DSP Cybersecurity is part of Johnson & Johnson’s Information Security & Risk Management (ISRM) organization and will embed directly with our MedTech DSP team whose mission is to reach more patients and restore more lives. We invite you to be part of a team that is redefining the healthcare industry by way of Digital Surgery. By combining surgical technologies with real-time data intelligence within the Operating Room, we will elevate the standard of care and improve surgical outcomes.

Our ideal candidate will be a hardworking individual with the background and experience to define and implement industry-leading cybersecurity controls throughout all services provided by the DSP and utilized throughout our medical technology portfolio. This candidate will be an energetic self-starter and problem solver with a proven track record as a security engineer able to translate high-level, often ambiguous security requirements into an actionable system feature backlog. This candidate would be a passionate change agent capable of driving solution conversations with J&J MedTech R&D teams building and launching new connected medical devices to the market. We are looking for a quick learner with enthusiasm for experimenting, learning, and keeping pace with industry trends in medical device connectivity. A successful Director for DSP Cybersecurity will be able to effectively articulate requirements and provide product owners and their development teams with clearly defined cybersecurity guidance.

The DSP team places a large emphasis on improving individual strengths to not only accelerate delivery but propel career growth forward. As a team, we are committed to encouraging a supportive environment and will provide many opportunities for learning new skill sets. We invite you to be part of our lasting impact on patient lives by joining a ground-breaking team in the world of surgical innovation.

Responsibilities:

• Establish and maintain regular communications with R&D, Independent Quality, Platform Architects, System Engineers, program and ISRM leadership, deployment, operations as well as customer-facing business teams regarding requisite security requirements and continuous improvement opportunities

• Lead a team of cloud security engineers dispersed across various scrum teams ensuring consistent security development and operational procedures are implemented across the platform

• Drive all cybersecurity activities from platform architecture through secure development, deployment, and ongoing operations for all DSP components and capabilities

• Crafting solutions that ensure compliance with Security, Regulatory, and Quality standards as well as third-party certification frameworks while balancing technical complexity, schedule risk, and other factors

• Lead all cybersecurity operations activities, coordinating activities between the DSP and its operations team and the enterprise Incident Response team ensuring adherence to internal procedures and compliance with customer expectations and contractual requirements

• Partner with the DSP Compliance organization assisting in audit and certifications procedures, as well as responding to external customer inquiries related to cybersecurity

• Define and implement standards for how MedTech product teams will securely connect and operate their devices within the platform and partner closely with the Product Security team to ensure devices are prepared to connect and operate within the DSP

• Risk Identification & Management: Identity, communicate, and manage risks encompassing all components and procedures supporting the platform and communicate relevant risks to MedTech product teams

• Participate in Product Owner scrum team syncs, grooming sessions, direct planning with R&D teams, and provide recommendations to the release train for security-related enhancements

• Provide security reviews and approvals for all applicable user stories, design documents, and other formalized deliverables requiring ISRM signoff

• Accountable for execution and fulfillment of relevant platform procedures to support robust and formal security operations of the platform

Qualifications

Required Experience:

• Bachelor’s Degree required in IT or related engineering field, or equivalent experience is required

• A minimum of 10 years of cybersecurity experience

• A minimum of 5 years of developing, deploying, and/or securely operating a cloud environment

• An understanding of embedded system security, application security mechanisms, such as authentication and authorization techniques, data validation, and the proper use of encryption

• An understanding of, and the ability to recognize, various types of application, infrastructure, and protocol security vulnerabilities

• Knowledge of OWASP Top 10, CVSS, and CVE

• Knowledge of Continuous Development and Continuous Integration (CI/CD) Security Pipeline

• Proven analytical and problem-solving skills, as well as the desire to assist others in solving issues

• People management experience in a technical development setting

• Experience working in a Scaled Agile Framework (SAFe) software development or similar methodology

• Ability to closely manage low-level details without losing sight of J&J’s overarching Digital Surgery strategy

• With little supervision, able to define, shape, and drive security fixes and improvements to completion while effectively collaborating strategically with others

Preferred Experience:

• Experience with connected medical devices and FDA or other regulatory requirements

• Experience building and/or operating within a GxP regulated environment

• Experience with incident response and/or forensics

• Experience integrating connected devices in a hospital environment

• Proficient understanding of secure networking best practices

• HIPAA, HITRUST, GDPR, NIST, and ISO27001 familiarity

• CISSP or other security certification preferred

• Experience with audit preparation and facilitation

• Superb written and verbal communication skills

• Minimal travel may be required

• #JNJTech

Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

For more information on how we support the whole health of our employees throughout their wellness, career and life journey, please visit www.careers.jnj.com .

Primary Location NA-US-California-Santa Clara

Other Locations NA-US-New Jersey-Raritan

Organization Johnson & Johnson Services Inc. (6090)

Job Function Information Security

Req ID: 2306122205W