Job Details
The future is being built today, and Johnson Controls is making that future more productive, more secure and more sustainable. We are harnessing the power of cloud, data analytics, the Internet of Things, and user design thinking to deliver on the promise of intelligent buildings and smart cities that connect communities in ways that make people’s lives – and the world – better.
What you will do
In this career defining and high impact opportunity within the Global Product Security organization, you will report directly to the Director, Product Cyber Experience and manage cybersecurity and privacy compliance efforts that position Johnson Controls to succeed in the marketplace. You will coordinate with stakeholders to ensure company programs, products, and services are compliant with customer requirements and government regulations. You will deliver timely, accurate, and consistent responses to customer-driven cybersecurity audits and inquiries and support activities that manage supply chain risk. In this role, you will play a pivotal role in fostering customer relationships, confidence and trust.
How you will do it
Provide lead guidance to customers and business leaders throughout all phases of strategic customer projects.
Support other security compliance analysts.
Coordinate with sales, field, and product teams to respond to customer audits and inquiries.
Coordinate with legal, privacy and other regulatory and compliance groups to ensure the company is compliant with key laws and regulations.
Support product certification projects.
Coordinate across multiple functions (sales channels, product development, product security, and information security) to meet customer and company expectations and timelines.
Interface with sales channel leaders, field engineering managers, and product managers on approaches to improve cybersecurity compliance, drive security as a feature, collect voice-of-customer feedback, and identify ways to enhance the customer experience.
Curate library of standardized security and privacy responses to common customer questions, inquiries and audits.
Support activities which effectively manage supply chain risk and third-party components.
Continuously monitor product cybersecurity compliance with key customers.
Periodically report to senior leadership on health and status of compliance program.
Assist in cybersecurity risk and technology assessment of merger/acquisition opportunities.
Educate internal stakeholders on customer security and privacy requirements and trends.
Anticipate business and industry regulatory issues to provide recommendations and solutions.
Monitor product security remediation efforts to successful completion including the development of supporting evidence and documentation.
Develop and maintain security technical documentation for internal and external use.
Define, gather, and monitor meaningful metrics for compliance and continuous improvement.
Participate in product security committees, boards, councils and working groups.
What we look for
Knowledge of cybersecurity compliance, regulations, industry standards and certifications.
Demonstrated problem-solving skills to analyze customer cyber issues and requirements (regulatory, policy, customer, industry standard) and link to appropriate security controls.
Track record of demonstrated experience building and leading cohesive teams.
Experience with technology related compliance and risk management related frameworks such as RMF, NIST 800-53, ISA/IEC 62443, UL CAP, ISO 27001, GDPR, CSL, SOC 2 or other comparable.
Technical project management experience using agile methodologies.
Ability to assess and translate requirements from various sources into practical plans/schedules.
Ability to establish a high level of trust and confidence with customers and stakeholders.
Excellent written and verbal communication and presentation skills.
Experience serving in a security governance, risk, and compliance role.
Experience with Operational Technologies (e.g. Controls Systems, Building Management) a plus.
Customer relations acumen with ability to explain complex technical details to a wide audience.
Excellent interpersonal, organizational, written and verbal communication skills.
Minimum of 10 years of experience with at least 5 years professional work experience in cybersecurity in a compliance role.
BS/BA in cybersecurity, computer science, engineering, or related technical degree.
Cybersecurity certifications, e.g. CISSP, GSEC, Sec+, or related are preferred.
Travel is occasional up to 10-15%, including international.
Where legally permissible, if hired, candidate is required to be fully vaccinated against Covid-19 no later than his/her start date, unless candidate has a valid medical condition or sincerely held religious belief precluding he/she from receiving the vaccine
Johnson Controls International plc. is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, genetic information, sexual orientation, gender identity, status as a qualified individual with a disability or any other characteristic protected by law. To view more information about your equal opportunity and non-discrimination rights as a candidate, visit EEO is the Law. If you are an individual with a disability and you require an accommodation during the application process, please visit here.