Product Security Manager – MedTech Digital Solutions
Johnson & Johnson•Cincinnati, NJ
•$102,000 - $177,100•Hybrid
About The Position
We are seeking a Product Security Manager – MedTech Digital Solutions to join a dynamic team that is building the Polyphonic portfolio of digital health platforms, designed to securely deploy and operate AI-enabled healthcare solutions at scale. This role focuses on securing cloud-enabled digital health systems that integrate with regulated medical device hardware and support the development, deployment, and lifecycle management of AI models used in clinical and operational healthcare use cases. This role may be hybrid or fully remote in the US. Hybrid office locations include Santa Clara, CA; Irvine, CA; Raritan, NJ; and Cincinnati, OH. You will partner closely with R&D, software engineering, quality, regulatory, and commercial teams to embed product security across the full lifecycle of cloud connected medical device platforms, from architecture and design through post-market support.
Requirements
- Bachelor’s degree required; advanced degree or background in Computer Science, Engineering, or a related field preferred
- Minimum 6 years of overall experience with proven experience in product security, secure software development, cybersecurity, or a related field
- Demonstrable experience supporting cloud-based digital health or connected medical device solutions
- Experience working in highly regulated software development environments , preferably medical devices or healthcare technology
- Hands on experience authoring and maintaining security and quality documentation
- Good communication and collaboration skills with the ability to work across global, cross functional teams
Nice To Haves
- Experience with cloud platforms supporting regulated products (e.g., cloud-hosted services interfacing with medical device hardware)
- Familiarity with global information security frameworks , including ISO/IEC 27001, NIST, CIS, and related control frameworks
- Proven end to end ownership of product security for connected medical device hardware products, from secure architecture and threat modeling through vulnerability management and remediation.
- Experience navigating country-specific cybersecurity and data regulations , including but not limited to ADHICS (Abu Dhabi Healthcare Information and Cyber Security)
- Understanding of FDA premarket and post-market cybersecurity guidance and other global medical device regulatory requirements
- Experience securing protected health information (PHI) and sensitive data in accordance with privacy regulations (e.g., HIPAA, GDPR)
- Familiarity with DevSecOps, CI/CD pipelines, and modern security tooling for cloud native environments
- Experience applying AI risk management frameworks (e.g., NIST AI RMF or equivalent) to guide security, governance, and lifecycle controls for AI-enabled medical technologies.
- Cybersecurity certifications such as CISSP, CISM, or CISA are a plus
- The position may require up to 20% travel and the flexibility to connect virtually with team members across multiple time zones.
- Candidate must be able to travel internationally if required.
Responsibilities
- Lead and support product security activities for cloud-enabled digital health solutions that integrate with regulated medical device hardware
- Partner with engineering and cross-functional teams to assess and mitigate security risks across cloud services, APIs, edge devices, AI models, and data pipelines
- Ensure product security controls align with global regulatory and customer security expectations
- Interact with healthcare institutions, customers, and external partners to complete security questionnaires and respond to technical security assessments
- Evaluate and support security related contractual requirements by translating customer and regulatory security expectations into actionable product and process controls
- Author, review, and maintain security and quality documentation according to design control procedures
- Provide secure design and secure coding guidance aligned with modern cloud and DevSecOps practices
- Balance strategic security planning with hands-on execution, maintaining solid attention to detail in a regulated environment
Benefits
- Subject to the terms of their respective plans, employees are eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)).
- Subject to the terms of their respective policies and date of hire, employees are eligible for the following time off benefits:
- Vacation –120 hours per calendar year
- Sick time - 40 hours per calendar year; for employees who reside in the State of Colorado –48 hours per calendar year; for employees who reside in the State of Washington –56 hours per calendar year
- Holiday pay, including Floating Holidays –13 days per calendar year
- Work, Personal and Family Time - up to 40 hours per calendar year
- Parental Leave – 480 hours within one year of the birth/adoption/foster care of a child
- Bereavement Leave – 240 hours for an immediate family member: 40 hours for an extended family member per calendar year
- Caregiver Leave – 80 hours in a 52-week rolling period10 days
- Volunteer Leave – 32 hours per calendar year
- Military Spouse Time-Off – 80 hours per calendar year
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Manager
Number of Employees
5,001-10,000 employees
