Description
At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at jnj.com.
As guided by Our Credo, Johnson & Johnson is responsible to our employees who work with us throughout the world. We provide an inclusive work environment where each person is considered as an individual. At Johnson & Johnson, we respect the diversity and dignity of our employees and recognize their merit.
Job Function:
Technology Enterprise Strategy & SecurityJob Sub Function:
Security & ControlsJob Category:
People LeaderAll Job Posting Locations:
Pune, Maharashtra, IndiaJob Description:
Johnson & Johnson announced plans to separate our Orthopaedics business to establish a standalone Orthopaedics company, operating as DePuy Synthes. The process of the planned separation is anticipated to be completed within 18 to 24 months, subject to legal requirements, including consultation with works councils and other employee representative bodies, as may be required, regulatory approvals and other customary conditions and approvals. Should you accept this position, it is anticipated that, following conclusion of the transaction, you would be an employee of DePuy Synthes, and your employment would be governed by DePuy Synthes employment processes, programs, policies, and benefit plans. In that case, details of any planned changes would be provided to you by DePuy Synthes at an appropriate time and subject to any necessary consultation processes.
About DePuy Synthes
DePuy Synthes is a global leader in Orthopaedics, advancing patient care through innovative solutions across joint reconstruction, trauma, spine, sports medicine, and related surgical technologies. As DePuy Synthes separates from Johnson & Johnson to become the world’s largest, most comprehensive Orthopaedics-focused company, the organization is entering a defining chapter—establishing its own corporate identity, voice, culture, and reputation while continuing to serve patients, customers, and healthcare systems around the world.
Job Overview
This role serves as a senior cybersecurity leader and trusted advisor to the CISO, with enterprise accountability for Governance, Risk & Compliance (GRC) and Product Security across DePuy Synthes. The Sr. Director, Deputy CISO will shape and execute cybersecurity strategy that protects patients, products, data, and operations while enabling innovation and growth in a regulated medical technology environment. This is a highly visible leadership role with direct impact on product safety, regulatory readiness, and enterprise risk posture, and reports into the DePuy Synthes Technology organization.
Key Responsibilities
• Provide strategic leadership and operational oversight for enterprise GRC and Product Security programs, ensuring alignment with business priorities and regulatory requirements.
• Partner with the CISO to define and execute the cybersecurity strategy, serving as a delegate and decision authority as needed.
• Lead enterprise risk management activities, including cyber risk identification, assessment, mitigation, and reporting to executive leadership.
• Own the enterprise cyber security policy lifecycle—from creation and implementation to continuous review—ensuring clarity, compliance, and alignment with organizational goals.
• Oversee cybersecurity compliance with global regulations, standards, and frameworks relevant to medical devices and digital health solutions.
• Establish and maintain product security governance across the product lifecycle, from design and development through post‑market support.
• Drive secure‑by‑design principles and threat modeling in partnership with R&D, Engineering, Quality, and Regulatory teams.
• Lead and develop high‑performing cybersecurity leaders and teams, fostering a culture of accountability, collaboration, and continuous improvement.
• Provide executive‑level reporting on cybersecurity risk, compliance status, and program effectiveness to senior leadership and governance bodies.
Qualifications
Education
• Required: Bachelor’s degree in Information Security, Computer Science, Engineering, or a related field.
• Preferred: Master’s degree (MS, MBA, or equivalent) in Cybersecurity, Information Systems, or Business.
Experience and Skills
Required:
• 12–14 years of progressive experience in cybersecurity, information security, or technology risk management, including senior leadership roles.
• Demonstrated experience leading GRC and Product Security programs in a regulated environment (medical device, healthcare, or life sciences strongly preferred).
• Deep knowledge of cybersecurity risk management, compliance frameworks, and regulatory expectations.
• Experience building, mentoring, and leading senior‑level cybersecurity teams.
• Strong strategic, analytical, and communication skills, with the ability to translate technical risk into business impact.
Preferred:
• Experience supporting product security for connected, software‑enabled, or digital medical devices.
• Familiarity with global regulatory bodies and standards impacting product cybersecurity.
• Experience operating in complex, global organizations undergoing transformation or separation.
• Background in incident response governance, vulnerability disclosure, and post‑market surveillance.
• Demonstrated success driving cybersecurity maturity and cultural change at scale.
• Proven ability to influence executive stakeholders and partner effectively across IT, R&D, Quality, Legal, and Regulatory functions.
Other:
• Language: English (fluent)
• Travel: Up to 20%, domestic and international
• Certifications (preferred): CISSP, CISM, CRISC, or equivalent
For more information on how we support the whole health of our employees throughout their wellness, career and life journey, please visit www.careers.jnj.com.
Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.
Johnson and Johnson is committed to providing an interview process that is inclusive of our applicants’ needs. If you are an individual with a disability and would like to request an accommodation, please email the Employee Health Support Center (ra-employeehealthsup@its.jnj.com) or contact AskGS to be directed to your accommodation resource.
Required Skills:
Preferred Skills:
Business Process Design, Crisis Management, Critical Thinking, Cybersecurity, Developing Others, Inclusive Leadership, Industry Analysis, Information Security Auditing, Information Security Management System (ISMS), Information Technology (IT) Security Assessments, Information Technology Strategies, Leadership, Presentation Design, Process Optimization, Risk Management Framework, Security Architecture Design, Security Policies, Strategic Thinking