At Johnson Controls, we’re shaping the future to create a world that’s safe, comfortable and sustainable. Our global team creates innovative, integrated solutions to make cities more connected, buildings more intelligent and vehicles more efficient. We are passionate about improving the way the world lives, works and plays. The future requires bold ideas, an entrepreneurial mind-set and collaboration across boundaries. You need a career focused on tomorrow. Tomorrow needs you.
What you will do
The future is being built today, and Johnson Controls is making that future more productive, more secure and more sustainable. We are harnessing the power of cloud, data analytics, the Internet of Things, and user design thinking to deliver on the promise of intelligent buildings and smart cities that connect communities in ways that make people’s lives – and the world – better.
In this career defining and high impact opportunity within the Global Product Security organization, you will report directly to the Director, Product Cyber Solutions and manage cybersecurity and privacy compliance efforts that position Johnson Controls to succeed in the marketplace. You will coordinate with stakeholders to ensure company programs, products, and services are compliant with customer requirements and government regulations. You will deliver timely, accurate, and consistent responses to customer-driven cybersecurity audits and inquiries and support activities that manage supply chain risk. In this role, you will play a pivotal role in fostering customer relationships, confidence and trust.
How you will do it
Lead people, projects and activities that ensure compliance with regulatory and external customer cybersecurity and privacy requirements.
Lead, mentor and provide work assignments to security compliance analysts.
Coordinate across multiple functions (sales channels, product development, product security, and information security) to meet customer and company expectations and timelines.
Interface with sales channel leaders, field engineering managers, and product managers on approaches to improve cybersecurity compliance, drive security as a feature, collect voice-of-customer feedback, and identify ways to enhance the customer experience.
Build and manage a library of standardized security and privacy responses to common customer questions, inquiries and audits.
Maintain a Frequently Asked Questions list to assist sales and field interactions with customers.
Coordinate with sales, field, and product teams to respond to customer audits and inquiries.
Maintain current knowledge of security and privacy regulations pertinent to company products.
Support activities which effectively manage supply chain risk and third party components.
Continuously monitor product cybersecurity compliance with key customers.
Periodically report to senior leadership on health and status of compliance program.
Assist in cybersecurity risk and technology assessment of merger/acquisition opportunities.
Educate internal stakeholders on customer security and privacy requirements and trends.
Anticipate business and industry regulatory issues to provide recommendations and solutions.
Monitor product security remediation efforts to successful completion including the development of supporting evidence and documentation.
Coordinate with legal and other regulatory and compliance groups to ensure the company is compliant with key laws, regulations, and certifications.
Develop and maintain security technical documentation for internal and external use.
Define, gather, and monitor meaningful metrics for compliance and continuous improvement.
Participate in product security committees, boards, councils and working groups.
What we look for
Knowledge of cybersecurity compliance, regulations, industry standards and certifications.
Demonstrated problem-solving skills to analyze customer cyber issues and requirements (regulatory, policy, customer, industry standard) and link to appropriate security controls.
Track record of demonstrated experience building and leading cohesive teams.
Experience with technology related compliance and risk management related frameworks such as RMF, NIST 800-53, ISA/IEC 62443, UL CAP, ISO 27001, GDPR, CSL, SOC 2 or other comparable.
Technical project management experience using agile methodologies.
Ability to assess and translate requirements from various sources into practical plans/schedules.
Ability to establish a high level of trust and confidence with customers and stakeholders.
Excellent written and verbal communication and presentation skills.
Experience serving in a security governance, risk, and compliance role.
Experience with Operational Technologies (e.g. Controls Systems, Building Management) a plus.
Customer relations acumen with ability to explain complex technical details to a wide audience.
Excellent interpersonal, organizational, written and verbal communication skills.
Minimum of 7 years of professional work experience in cybersecurity in a compliance role.
BS/BA in cybersecurity, computer science, engineering, or related technical degree.
Cybersecurity certifications, e.g. CISSP, GSEC, Sec+, or related are preferred.
Travel is occasional at 10-15%, including international.
Johnson Controls is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, status as a qualified individual with a disability, or any other characteristic protected by law. For more information, please view EEO is the Law. If you are an individual with a disability and you require an accommodation during the application process, please visit www.johnsoncontrols.com/tomorrowneedsyou.