Lead Product Security Architect

Lead Product Security Architect

Fueled by innovation at the intersection of biology and technology, we're developing the next generation of smarter, less invasive, more personalized treatments.

Are you passionate about improving and expanding the possibilities of surgery? Ready to join a team that's reimagining how we heal? Our Surgery team will give you the chance to deliver surgical technologies and solutions to surgeons and healthcare professionals around the world. Your contributions will help effectively treat some of the world's most prevalent conditions such as obesity, cardiovascular disease and cancer. Patients are waiting.

We are searching for the best talent for our Lead Product Security Architect position. This position will be located in Santa Clara, CA.

Purpose:

The Lead Product Security Architect will own the cybersecurity architecture, system-level view, and technical implementation of the OTTAVA surgical robot, with potential to impact millions of patients and expand the capabilities of physicians globally.

This role is not focused on enterprise IT, or cloud security operations. This individual will be a key technical and strategic leader on one of the most exciting programs in J&J and in healthcare in general! The candidate must bring a strong blend of security awareness, technical ability, and regulatory awareness. They must also balance depth in cybersecurity with a passionate focus on understanding and meeting the needs of clinicians and operating room staff. This role reports to the Sr. Director, Robotics Software.

You will be responsible for :

• Own the end-to-end cybersecurity architecture for the OTTAVA product, a FDA-regulated device, maintaining a system-level view of security and ensuring security-by-design from firmware and embedded software to external interfaces
• Be the singular R&D voice on security, clearly communicating and aligning approaches with internal (quality, information security, regulatory) and external (FDA) stakeholders
• Act as the technical authority for cybersecurity decisions and trade-offs
• Design and oversee implementation of technical cybersecurity controls, primarily based in software and network infrastructure
• Lead R&D cyber reviews and documentation (threat modeling, risk assessment) in partnership with internal collaborators
• Translate security risks into patient safety, regulatory, and business impact for non-security stakeholders
• Take a risk-based approach when assessing the relationship between cybersecurity needs, patient safety, regulatory expectations, and quality system requirements

Experience and Skills:

Required:

• 10+ years professional experience in software development or systems engineering with a focus on device security
• 5+ years experience with hands-on technical leadership in cybersecurity
• Demonstrated ability to deliver results on time within constraints by creatively adapting processes and using resources is required
• Experience with regulatory guidance (preferably FDA) on cybersecurity implementation and documentation, pre- and post-market surveillance, and risk-assessment is required
• Proficiency in software development for complex safety critical products, ideally within medical device or other highly regulated industries (i.e. defense, autonomous vehicles, aerospace, etc.)
• Demonstrated success in partnering and influencing across a matrix environment is required.
• Proven leadership designing system-level security architecture for embedded devices is required
• Strong communication and interpersonal skills, with the ability to collaborate effectively with diverse teams and partners is required
• Ability to travel up to 10%, international and domestic, is required

Preferred:

• Demonstrated hands-on experience with FDA Class II or III medical devices is VERY strongly preferred
• Experience with IEC 62304 is VERY strongly preferred.
• Previous experience with post-market vulnerability monitoring is preferred
• Experience reaching "across the aisle" to successfully partner with and problem solve alongside technical, support, and business partners in other parts of the company is preferred
• Experience with FDA audits and cloud certifications (e.g., SOC2) is preferred
• Understanding of robotic technology and general robotic surgery paradigms is preferred
• Experience with a global development team
• Previous experience successfully supporting or launching medical device products is preferred

Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.

Johnson & Johnson is committed to providing an interview process that is inclusive of our applicants' needs. If you are an individual with a disability and would like to request an accommodation, external applicants please contact us via internal employees contact AskGS to be directed to your accommodation resource.

Required Skills:

Cybersecurity, Cyber Security Governance, Cyber Threat Modeling, IEC 62304, Network Security, Penetration Testing, Penetration Testing Software, Product Security, Security by Design, Software Architectural Design, Software Architectures, Software Design Architecture, Software Engineering, Software Systems Architecture, Threat Modeling

The anticipated base pay range for this position is :

$157,000.00 - $271,400.00

Additional Description for Pay Transparency:

Subject to the terms of their respective plans, employees are eligible to participate in the Company's consolidated retirement plan (pension) and savings plan (401(k)).This position is eligible to participate in the Company's long-term incentive program.Subject to the terms of their respective policies and date of hire, employees are eligible for the following time off benefits:Vacation –120 hours per calendar yearSick time - 40 hours per calendar year; for employees who reside in the State of Colorado –48 hours per calendar year; for employees who reside in the State of Washington –56 hours per calendar yearHoliday pay, including Floating Holidays –13 days per calendar yearWork, Personal and Family Time - up to 40 hours per calendar yearParental Leave – 480 hours within one year of the birth/adoption/foster care of a childBereavement Leave – 240 hours for an immediate family member: 40 hours for an extended family member per calendar yearCaregiver Leave – 80 hours in a 52-week rolling period10 daysVolunteer Leave – 32 hours per calendar yearMilitary Spouse Time-Off – 80 hours per calendar year