IT Risk Manager (Remote) at Johnson Controls, Inc in Milwaukee, Wisconsin

Posted in General Business 9 days ago.

Type: Full-Time

Job Description:

Johnson Controls is powered by your talent. We are the power behind the customer mission. Together we are building a world that’s safe, comfortable and sustainable. Our diverse global team creates innovative, integrated solutions to make cities more connected, buildings more intelligent and environments more comfortable and secure. We are all about improving outcomes for our partners. Tomorrow needs your talent. Tomorrow needs you. So let’s talk today.

What you will do 

As an IT Risk Manager you will be accountable for facilitating risk-aware business decision-making in which speed-to-market and delivery objectives are balanced with Global Information Security (GIS) Program objectives that ensure the confidentiality, availability and integrity of IT processes in delivery engagements. He/She will collaborate with partners in security, governance, compliance, IT operations, and the business to enable the achievement of the new IT Risk Management Program. As an influential member of the risk management function, you will address systems and processes that impact technology operation environments and reinforce the compliance culture at Johnson Controls by demonstrating a solid understanding of current and upcoming trends in cybersecurity risk management, compliance, and complementary audit requirements and controls.

How you will do it

  • You will represent the Vision, Mission, and operating objectives for the IT Risk Management Program and drive alignment with critical Program Stakeholders and Program Enablers

  • Coordinates the Risk Program within the GIS function

  • You will enable the maturing of methods that ensure risks are accurately identified, evaluated, communicated and that the appropriate level of controls is implemented

  • Implement IT Risk framework, which includes the risk register, facilitates the identification of key controls, and key processes for testing controls

  • Enables the execution of streamlined assessments on all delivery projects through collaboration with delivery organizations and domain experts.

  • Execute the methods that address findings, including risk acceptance and management issues based on the level of associated risk.

  • Aids in the procedures that report on Program efficiency and coverage

  • Sees opportunities to develop processes, deepen engagement with partners, and mature control health across the IT ecosystem governed by GIS

  • Educates partners on the principles of three lines-of-defense

  • Continually supports organizational alignment and enables focused execution through strong management and leadership practices

  • Supports the administration of the JCI common controls' framework to ensure relevant internal and external information security requirements are mapped to risks and adequately tested

  • Maintains the IT Risk Program's related policy, standard and procedure documentation to drive consistent, reliable, and repeatable activities

  • Supports the development and implementation of security awareness, training, and continuous improvement efforts

  • Leverages' tools and technologies including Service Now GRC capabilities to streamline and mature risk assessment activities


What we look for

  • Five or more years of progressive Internal Audit or Information Security work experience within a relevant role and setting, with broad exposure to multiple challenging regulatory and industry-based requirements and environments.

  • We are looking for a utility player to help motivate change, alignment, and support efforts directly where we see the need!

  • Experience in operationalizing IT audit, risk or compliance activities and programs, and shown presentation and collaboration skills. 

  • Experience presenting reporting to management

  • Experience working with ISO 27001, NIST 800-53 security frameworks and PCI DSS Standard in sophisticated IT operating environments is required.

  • Outstanding teaming skills incorporating multi-functional teams, peer relationships, advising, and understanding and appreciating differences.

  • Solid project management, prioritization, presentation, and facilitation skills, demonstrated ability to effectively manage multiple tasks and priorities and inspire change across a complex organization, through multiple partners

  • Strong consultative skills, with the ability to advise and consult with business and technical specialists.

  • CRISC, (Certified in Risk and Information System Control) Information Security Auditor), CISM (Certified Information Security Manager), CISSP (Certified Information System Security Professional) or similar industry certification is helpful

  • Some international travel may be required. 


Johnson Controls is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, genetic information, status as a qualified individual with a disability, or any other characteristic protected by law. For more information, please view EEO is the Law. If you are an individual with a disability and you require an accommodation during the application process, please visit