Product Security Director

About the job

Johnson and Johnson ISRM team is seeking a Product Security Director to be based in Irvine, CA or can work remotely in the USA.
The Product Security Director will have responsibility for defining and governing the ISRM product security framework which applies to all software enabled and connected products enterprise wide. He/she will serve as the Product Security leader and possess deep knowledge of secure design methodologies and the latest methods and techniques in identifying security vulnerabilities to maintain a secure and compliant portfolio of products.
Major Duties & Responsibilities:
– Provide strategic guidance, oversight, and leadership to all product security activities including building, operating, maintaining, and maturing the product security program. Manage and maintain product security policies and procedures to ensure we maintain a secure and compliant portfolio of global products and drive a consistent security by design approach. Manage vulnerabilities and incidents for released products to ensure timely resolution of issues.
– Influence alignment and collaboration around security and standards compliance with all teams involved in the product software development life cycle. Drive the development of new tools, insights, and understanding of cyber risk, and forge partnerships with appropriate partners.
– Collaborate with business leaders to influence prioritization of security initiatives and drive a secure and compliant environment that ensures availability, integrity, and confidentiality of our assets. Serves as an accountable and empowered leader to address Information Security & Risk Management escalations or issues.
– Provides leadership and drives employee engagement, ensures a focus on talent development within ISRM with a focus on diversity, equity, and inclusion in order to develop a strong talent pipeline.
– Proactively drives risk-based business strategies anticipating business needs. Participate in business planning to ensure Information Security and Risk Management capabilities are planned for.Information Security and Risk Management capabilities are planned for.

Desired Skills and Experience

Required Years of Related Experience: 10+ years of cybersecurity or IT Other
Required Knowledge, Skills and Abilities:
– Bachelor’s degree required.
– A minimum of 10 years of progressive experience in leadership roles within cybersecurity or IT required.
– Possess an understanding of medical devices, software as a medical device, application security mechanisms, such as authentication and authorization techniques, data validation, and the proper use of encryption.
– Knowledge of New Product Development (NPD) process and Quality Management Systems (QMS)
– Passionate about security in an everchanging landscape with the ability to keep up with threats and cyber-attack trends
– Demonstrated track record of evaluating global standards for product security and identifying and implementing appropriate business processes and technology to enhance security of software and hardware products
– Demonstrated ability to process complex information and summarize it concisely in writing and/or verbally in a professional manner and in a time sensitive environment
– Highly collaborative and desire to reach across the organization to understand stakeholder needs and how to meet those needs
– Track record of recruiting exceptional talent and building high performing team
– Proven abilities to manage, mentor, and motivate employees
– Results-oriented, self-disciplined, fast-paced, and motivated individual
– Ability to deal with ambiguity
– Requires in-depth knowledge of the function, business strategies, and the company’s goals as well as external factors affecting governance of company activities.
– Strong people management and development skills in a large, globally diverse organization required.
Preferred Knowledge, Skills and Abilities:
– MS and/or advanced degree preferred
– Security certification(s)
– Knowledge of OWASP Top 10, CVSS, and CVE
– An understanding of, and the ability to recognize, various types of application, infrastructure, and protocol security vulnerabilities

Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

Seniority Level



  • Information Technology & Services
  • Financial Services
  • Hospital & Health Care

Employment Type


Job Functions

  • Product Management
  • Marketing

More Information

Apply for this job

Leave your thoughts