Lead Product Security Architect

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at jnj.com

As guided by Our Credo, Johnson & Johnson is responsible to our employees who work with us throughout the world.  We provide an inclusive work environment where each person is considered as an individual.  At Johnson & Johnson, we respect the diversity and dignity of our employees and recognize their merit.

Job Function:

R&D Product Development

Job Sub Function:

R&D Software/Systems Engineering

Job Category:

Scientific/Technology

All Job Posting Locations:

Santa Clara, California, United States of America

Job Description:

About Surgery:
 

Fueled by innovation at the intersection of biology and technology, we’re developing the next generation of smarter, less invasive, more personalized treatments.

Are you passionate about improving and expanding the possibilities of surgery? Ready to join a team that’s reimagining how we heal? Our Surgery team will give you the chance to deliver surgical technologies and solutions to surgeons and healthcare professionals around the world. Your contributions will help effectively treat some of the world’s most prevalent conditions such as obesity, cardiovascular disease and cancer. Patients are waiting.

Your unique talents will help patients on their journey to wellness. Learn more at https://www.jnj.com/medtech

We are searching for the best talent for our Lead Product Security Architect position.  This position will be located in Santa Clara, CA

Purpose:

The Lead Product Security Architect will own the cybersecurity architecture, system-level view, and technical implementation of the OTTAVA surgical robot, with potential to impact millions of patients and expand the capabilities of physicians globally.
 

This role is not focused on enterprise IT, or cloud security operations. This individual will be a key technical and strategic leader on one of the most exciting programs in J&J and in healthcare in general! The candidate must bring a strong blend of security awareness, technical ability, and regulatory awareness. They must also balance depth in cybersecurity with a passionate focus on understanding and meeting the needs of clinicians and operating room staff. This role reports to the Sr. Director, Robotics Software.

You will be responsible for:

• Own the end-to-end cybersecurity architecture for the OTTAVA product, a FDA-regulated device, maintaining a system-level view of security and ensuring security-by-design from firmware and embedded software to external interfaces
• Be the singular R&D voice on security, clearly communicating and alinging approaches with internal (quality, information security, regulatory) and external (FDA) stakeholders
• Act as the technical authority for cybersecurity decisions and tardeoffs
• Design and oversee implementation of technical cybersecurity controls, primarily based in software and network infrastructure
• Lead R&D cyber reviews and documentation (threat modeling, risk assessment) in partnership with internal collaborators
• Translate security risks into patient safety, regulatory, and business impact for non-security stakeholders
• Take a risk-based approach when assessing the relationship between cybersecurity needs, patient safety, regulatory expectations, and quality system requirements

Experience and Skills:

Required:

• 10+ years professional experience in software development or systems engineering with a focus on device security
• 5+ years experience with hands-on technical leadership in cybersecurity
• Demonstrated ability to deliver results on time within constraints by creatively adapting processes and using resources is required
• Experience with regulatory guidance (preferably FDA) on cybersecurity implementation and documentation, pre- and post-market surveillance, and risk-assessment is required
• Proficiency in software development for complex safety critical products, ideally within medical device or other highly regulated industries (i.e. defense, autonomous vehicles, aerospace, etc.)
• Demonstrated success in partnering and influencing across a matrix environment is required.
• Proven leadership designing system-level security architecture for embedded devices is required
• Strong communication and interpersonal skills, with the ability to collaborate effectively with diverse teams and partners is required
• Ability to travel up to 10%, international and domestic, is required
   

Preferred:

• Demonstrated hands-on experience with FDA Class II or III medical devices is VERY strongly preferred
• Experience with IEC 62304 is VERY strongly preferred.
• Previous experience with post-market vulnerability monitoring is preferred
• Experience reaching “across the aisle” to successfully partner with and problem solve alongside technical, support, and business partners in other parts of the company is preferred
• Experience with FDA audits and cloud certifications (e.g., SOC2) is preferred
• Understanding of robotic technology and general robotic surgery paradigms is preferred
• Experience with a global development team
• Previous experience successfully supporting or launching medical device products is preferred
   

Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act. 
 

Johnson & Johnson is committed to providing an interview process that is inclusive of our applicants’ needs. If you are an individual with a disability and would like to request an accommodation, external applicants please contact us via https://www.jnj.com/contact-us/careers , internal employees contact AskGS to be directed to your accommodation resource.

#LI-Hybrid

#RADSW

#LI-KB3

Required Skills:

 

 

Preferred Skills:

Cybersecurity, Cyber Security Governance, Cyber Threat Modeling, IEC 62304, Network Security, Penetration Testing, Penetration Testing Software, Product Security, Security by Design, Software Architectural Design, Software Architectures, Software Design Architecture, Software Engineering, Software Systems Architecture, Threat Modeling

 

 

The anticipated base pay range for this position is :

$157,000.00 - $271,400.00

Additional Description for Pay Transparency:

Subject to the terms of their respective plans, employees are eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)).



This position is eligible to participate in the Company’s long-term incentive program.



Subject to the terms of their respective policies and date of hire, employees are eligible for the following time off benefits:

Vacation –120 hours per calendar year

Sick time - 40 hours per calendar year; for employees who reside in the State of Colorado –48 hours per calendar year; for employees who reside in the State of Washington –56 hours per calendar year

Holiday pay, including Floating Holidays –13 days per calendar year

Work, Personal and Family Time - up to 40 hours per calendar year

Parental Leave – 480 hours within one year of the birth/adoption/foster care of a child

Bereavement Leave – 240 hours for an immediate family member: 40 hours for an extended family member per calendar year

Caregiver Leave – 80 hours in a 52-week rolling period10 days

Volunteer Leave – 32 hours per calendar year

Military Spouse Time-Off – 80 hours per calendar year