Product Security Manager – MedTech Digital Solutions

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at jnj.com

As guided by Our Credo, Johnson & Johnson is responsible to our employees who work with us throughout the world.  We provide an inclusive work environment where each person is considered as an individual.  At Johnson & Johnson, we respect the diversity and dignity of our employees and recognize their merit.

Job Function:

Technology Enterprise Strategy & Security

Job Sub Function:

Solution Architecture

Job Category:

Scientific/Technology

All Job Posting Locations:

Alabama (Any City), Alabama (Any City), Alaska (Any City), Arizona (Any City), Arkansas (Any City), California (Any City), Cincinnati, Ohio, United States of America, Colorado (Any City), Connecticut (Any City), Delaware (Any City), Florida (Any City), Georgia (Any City), Hawaii (Any City), Idaho (Any City), Illinois (Any City), Indiana (Any City), Iowa (Any City), Kansas (Any City), Kentucky (Any City), Louisiana (Any City), Maine (Any City), Maryland (Any City), Massachusetts (Any City), Michigan (Any City), Minnesota (Any City) {+ 27 more}

Job Description:

We are seeking a Product Security Manager – MedTech Digital Solutions to join a dynamic team that is building the Polyphonic portfolio of digital health platforms, designed to securely deploy and operate AI-enabled healthcare solutions at scale. This role focuses on securing cloud-enabled digital health systems that integrate with regulated medical device hardware and support the development, deployment, and lifecycle management of AI models used in clinical and operational healthcare use cases.

This role may be hybrid or fully remote in the US. Hybrid office locations include Santa Clara, CA; Irvine, CA; Raritan, NJ; and Cincinnati, OH.

You will partner closely with R&D, software engineering, quality, regulatory, and commercial teams to embed product security across the full lifecycle of cloud connected medical device platforms, from architecture and design through post-market support.

Key Responsibilities

• Lead and support product security activities for cloud-enabled digital health solutions that integrate with regulated medical device hardware

• Partner with engineering and cross-functional teams to assess and mitigate security risks across cloud services, APIs, edge devices, AI models, and data pipelines

• Ensure product security controls align with global regulatory and customer security expectations

• Interact with healthcare institutions, customers, and external partners to complete security questionnaires and respond to technical security assessments

• Evaluate and support security related contractual requirements by translating customer and regulatory security expectations into actionable product and process controls

• Author, review, and maintain security and quality documentation according to design control procedures

• Provide secure design and secure coding guidance aligned with modern cloud and DevSecOps practices

• Balance strategic security planning with hands-on execution, maintaining solid attention to detail in a regulated environment

Required Qualifications

• Bachelor’s degree required; advanced degree or background in Computer Science, Engineering, or a related field preferred

• Minimum 6 years of overall experience with proven experience in product security, secure software development, cybersecurity, or a related field

• Demonstrable experience supporting cloud-based digital health or connected medical device solutions

• Experience working in highly regulated software development environments, preferably medical devices or healthcare technology

• Hands on experience authoring and maintaining security and quality documentation

• Good communication and collaboration skills with the ability to work across global, cross functional teams

Preferred Qualifications

• Experience with cloud platforms supporting regulated products (e.g., cloud-hosted services interfacing with medical device hardware)

• Familiarity with global information security frameworks, including ISO/IEC 27001, NIST, CIS, and related control frameworks

• Proven end to end ownership of product security for connected medical device hardware products, from secure architecture and threat modeling through vulnerability management and remediation.

• Experience navigating country-specific cybersecurity and data regulations, including but not limited to ADHICS (Abu Dhabi Healthcare Information and Cyber Security)

• Understanding of FDA premarket and post-market cybersecurity guidance and other global medical device regulatory requirements

• Experience securing protected health information (PHI) and sensitive data in accordance with privacy regulations (e.g., HIPAA, GDPR)

• Familiarity with DevSecOps, CI/CD pipelines, and modern security tooling for cloud native environments

• Experience applying AI risk management frameworks (e.g., NIST AI RMF or equivalent) to guide security, governance, and lifecycle controls for AI-enabled medical technologies.

• Cybersecurity certifications such as CISSP, CISM, or CISA are a plus

The position may require up to 20% travel and the flexibility to connect virtually with team members across multiple time zones. Candidate must be able to travel internationally if required.

Why Join This Team

• Work with us on next generation digital health platforms that combine cloud services, AI-enabled capabilities, and regulated medical device hardware

• Directly influence the security posture of globally deployed healthcare technologies under diverse regulatory regimes

• Operate at the intersection of product security, cloud engineering, and medical device compliance

• Collaborate with highly technical teams solving complex security challenges in real world clinical environments

If you are a visionary leader with a passion for data management and driving innovation across digital identification and traceability prodcuts, we encourage you to apply. Join us in crafting the future of product management in this exciting domain!

Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.

Johnson & Johnson is committed to providing an interview process that is inclusive of our applicants’ needs. If you are an individual with a disability and would like to request an accommodation, external applicants please contact us via https://www.jnj.com/contact-us/careers, internal employees contact AskGS to be directed to your accommodation resource.

#JNJTech

#LI-Remote

Required Skills:

Communication, Influencing Skills, Product Security, Software Development

 

 

Preferred Skills:

 

 

The anticipated base pay range for this position is :

$102,000.00 - $177,100.00

Additional Description for Pay Transparency:

Subject to the terms of their respective plans, employees are eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)).

Subject to the terms of their respective policies and date of hire, employees are eligible for the following time off benefits:

Vacation –120 hours per calendar year

Sick time - 40 hours per calendar year; for employees who reside in the State of Colorado –48 hours per calendar year; for employees who reside in the State of Washington –56 hours per calendar year

Holiday pay, including Floating Holidays –13 days per calendar year

Work, Personal and Family Time - up to 40 hours per calendar year

Parental Leave – 480 hours within one year of the birth/adoption/foster care of a child

Bereavement Leave – 240 hours for an immediate family member: 40 hours for an extended family member per calendar year

Caregiver Leave – 80 hours in a 52-week rolling period10 days

Volunteer Leave – 32 hours per calendar year

Military Spouse Time-Off – 80 hours per calendar year