Description
At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at jnj.com.
As guided by Our Credo, Johnson & Johnson is responsible to our employees who work with us throughout the world. We provide an inclusive work environment where each person is considered as an individual. At Johnson & Johnson, we respect the diversity and dignity of our employees and recognize their merit.
Job Function:
Technology Product & Platform ManagementJob Sub Function:
Technical Product ManagementJob Category:
People LeaderAll Job Posting Locations:
Pune, Maharashtra, IndiaJob Description:
DePuy Synthes is recruiting for a(n) Director, Product Security; this Hybrid position will be in Raynham, MA (USA). Alternate Hybrid locations may be considered at Raritan, NJ (USA), West Chester, PA (USA), Warsaw, IN (USA), Palm Beach Gardens, FL (USA) OR Pune, India.
Please note that this role is available across multiple countries and may be posted under different requisition numbers to comply with local requirements. While you are welcome to apply to any or all of the postings, we recommend focusing on the specific country(s) that align with your preferred location(s):
Raynham, MA (USA) - Requisition Number: R-072543
Pune, India - Requisition Number: R-073299
Remember, whether you apply to one or all of these requisition numbers, your applications will be considered as a single submission.
Johnson & Johnson announced plans to separate our Orthopedics business to establish a standalone orthopedics company, operating as DePuy Synthes. The process of the planned separation is anticipated to be completed within 18 to 24 months, subject to legal requirements, including consultation with works councils and other employee representative bodies, as may be required, regulatory approvals and other customary conditions and approvals. Should you accept this position, it is anticipated that, following conclusion of the transaction, you would be an employee of DePuy Synthes and your employment would be governed by DePuy Synthes employment processes, programs, policies, and benefit plans. In that case, details of any planned changes would be provided to you by DePuy Synthes at an appropriate time and subject to any necessary consultation processes.
Job Overview:
The Director, Product Security is a senior leadership role responsible for defining and executing the global product security strategy for DePuy Synthes’ medical device and digital product portfolio. This role ensures that cybersecurity is embedded across the product lifecycle—from design and development through deployment and post‑market support—while enabling innovation, regulatory compliance, and patient safety. As part of Global Services Enablement, this leader partners closely with R&D, Quality, Regulatory, IT, and external stakeholders to strengthen security capabilities at scale and protect patients, customers, and the business, and reports into the DePuy Synthes Technology organization.
Key Responsibilities:
Define and lead the global product security strategy aligned with DePuy Synthes business objectives and regulatory requirements.
Establish and oversee product security governance, standards, and secure development lifecycle practices across hardware, software, and connected medical devices.
Partner with R&D, Quality, Regulatory Affairs, and IT to integrate cybersecurity risk management into product design, development, and post‑market activities.
Lead global teams and external partners delivering product security services, tools, and capabilities that enable scalable and consistent execution.
Oversee vulnerability management, threat modeling, penetration testing, and incident response activities related to product security.
Ensure compliance with global cybersecurity and medical device regulations, standards, and guidance (e.g., FDA, ISO, IEC).
Provide executive‑level reporting and insights on product security risks, trends, and performance to senior leadership.
Build a strong product security culture through training, awareness, and continuous improvement initiatives.
Qualifications:
Education:
Required: Bachelor’s degree in Computer Science, Engineering, Information Security, or a related technical field.
Preferred: Master’s degree in Cybersecurity, Engineering, or Business Administration.
Experience and Skills:
Required:
10-12 years of experience in cybersecurity or product security leadership roles, including global scope and matrixed environments.
Demonstrated experience securing complex software‑enabled or connected products, preferably within regulated industries.
Strong knowledge of secure product development, vulnerability management, and cybersecurity risk management frameworks.
Proven ability to lead and develop high‑performing global teams and service‑based operating models.
Executive‑level communication and stakeholder management skills, with the ability to influence across functions.
Preferred:
Experience in medical devices, healthcare technology, or life sciences.
Familiarity with FDA cybersecurity guidance, IEC 62304, ISO 14971, and related standards.
Experience enabling cybersecurity capabilities within shared services or global enablement models.
Background in cloud, embedded systems, or IoT security.
Other:
Languages: English (fluent). Additional languages are a plus.
Travel: Up to 20% domestic and international.
Certifications (preferred): CISSP, CISM, CSSLP, or equivalent.
For more information on how we support the whole health of our employees throughout their wellness, career and life journey, please visit www.careers.jnj.com.
Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.
Johnson & Johnson is committed to providing an interview process that is inclusive of our applicants’ needs. If you are an individual with a disability and would like to request an accommodation, external applicants please contact us via https://www.jnj.com/contact-us/careers, internal employees contact AskGS to be directed to your accommodation resource.
#DePuySynthesCareers
#LI-Hybrid
Required Skills:
Preferred Skills:
Analytical Reasoning, Cost Management, Developing Others, Fact-Based Decision Making, Human-Computer Interaction (HCI), Inclusive Leadership, Leadership, New Program Development, Performance Measurement, Product Development, Product Strategies, Project Management Methodology (PMM), Research and Development, Software Development Management, Stakeholder Management, Strategic Supply Chain Management