Johnson Controls is powered by your talent. We are the power behind the customer mission. Together we are building a world that’s safe, comfortable and sustainable. Our diverse global team creates innovative, integrated solutions to make cities more connected, buildings more intelligent and environments more comfortable and secure. We are all about improving outcomes for our partners. Tomorrow needs your talent. Tomorrow needs you. So let’s talk today.
What you will do
As an IT Risk Manager you will be accountable for facilitating risk-aware business decision-making in which speed-to-market and delivery objectives are balanced with Global Information Security (GIS) Program objectives that ensure the confidentiality, availability and integrity of IT processes in delivery engagements. He/She will collaborate with partners in security, governance, compliance, IT operations, and the business to enable the achievement of the new IT Risk Management Program. As an influential member of the risk management function, you will address systems and processes that impact technology operation environments and reinforce the compliance culture at Johnson Controls by demonstrating a solid understanding of current and upcoming trends in cybersecurity risk management, compliance, and complementary audit requirements and controls.
How you will do it
You will represent the Vision, Mission, and operating objectives for the IT Risk Management Program and drive alignment with critical Program Stakeholders and Program Enablers
Coordinates the Risk Program within the GIS function
You will enable the maturing of methods that ensure risks are accurately identified, evaluated, communicated and that the appropriate level of controls is implemented
Implement IT Risk framework, which includes the risk register, facilitates the identification of key controls, and key processes for testing controls
Enables the execution of streamlined assessments on all delivery projects through collaboration with delivery organizations and domain experts.
Execute the methods that address findings, including risk acceptance and management issues based on the level of associated risk.
Aids in the procedures that report on Program efficiency and coverage
Sees opportunities to develop processes, deepen engagement with partners, and mature control health across the IT ecosystem governed by GIS
Educates partners on the principles of three lines-of-defense
Continually supports organizational alignment and enables focused execution through strong management and leadership practices
Supports the administration of the JCI common controls' framework to ensure relevant internal and external information security requirements are mapped to risks and adequately tested
Maintains the IT Risk Program's related policy, standard and procedure documentation to drive consistent, reliable, and repeatable activities
Supports the development and implementation of security awareness, training, and continuous improvement efforts
Leverages' tools and technologies including Service Now GRC capabilities to streamline and mature risk assessment activities
What we look for
Five or more years of progressive Internal Audit or Information Security work experience within a relevant role and setting, with broad exposure to multiple challenging regulatory and industry-based requirements and environments.
We are looking for a utility player to help motivate change, alignment, and support efforts directly where we see the need!
Experience in operationalizing IT audit, risk or compliance activities and programs, and shown presentation and collaboration skills.
Experience presenting reporting to management
Experience working with ISO 27001, NIST 800-53 security frameworks and PCI DSS Standard in sophisticated IT operating environments is required.
Outstanding teaming skills incorporating multi-functional teams, peer relationships, advising, and understanding and appreciating differences.
Solid project management, prioritization, presentation, and facilitation skills, demonstrated ability to effectively manage multiple tasks and priorities and inspire change across a complex organization, through multiple partners
Strong consultative skills, with the ability to advise and consult with business and technical specialists.
CRISC, (Certified in Risk and Information System Control) Information Security Auditor), CISM (Certified Information Security Manager), CISSP (Certified Information System Security Professional) or similar industry certification is helpful
Some international travel may be required.
Johnson Controls is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, genetic information, status as a qualified individual with a disability, or any other characteristic protected by law. For more information, please view EEO is the Law. If you are an individual with a disability and you require an accommodation during the application process, please visit www.johnsoncontrols.com/careers.