What you will do
The Johnson Controls Global Information Security (GIS) team is undergoing a transformation and expansion as Johnson Controls increases its cybersecurity resources and capabilities in order to address the ever-changing Cybersecurity threat landscape.
The successful candidate will be a capable of leading sophisticated global Vendor and 3rd Party Risk functions while interacting with the business and technology leaders up to, and including VP/GM levels. This role reports directly to the Senior Director, Risk Management.
The candidate will be able to articulate thoughts clearly, plan initiatives, and execute with appropriate urgency. The candidate will demonstrate drive, intelligence, maturity, and energy and will be a proven change leader. The candidate will possess a high degree of business acumen and must have a "real world" perspective in order to effectively lead interactions with the leaders in the Business Units.
How you will do it
Leads the Information Security 3rd Party Risk team, consisting of three subordinate Risk Management professionals and potentially an outsourced Risk scoring partner.
Responsible for ensuring business awareness and ownership of Supplier-related Cyber Risks.
Partners with internal and external stakeholders (including, but not limited to Legal, Privacy, Audit, senior IT leadership, peer Information Security leaders, and business leadership) to ensure appropriate awareness and accountability of 3rd Party Risk.
Under the guidance of the Senior Director, Risk Management, develops the Information Security 3rd Party Risk Management strategy, including supporting formal processes and procedures.
Owns the enterprise 3rd Party Cyber Risk intake and evaluation process for new vendors, providing escalation where necessary and reporting out to stakeholders.
Develop, document, and assess measures, metrics, and internal controls related to 3rd Party Cyber Risk Management.
Keep aware of local, national and international developments in Information Security, tie them to the JCI threat landscape, and proactively communicate them at the appropriate level.
What we look for
Minimum 10+ years working in Information Security, Risk, or Compliance with 3+ years management / leadership experience.
Comprehensive knowledge of and experience applying governance frameworks such as ISO 27001, NIST, PCI, Sarbanes Oxley, COBIT, etc.
Experience with risk management disciplines and audit/assurance practices.
Excellent verbal, written, and interpersonal communications skills, including the ability to communicate security and risk-related concepts to both technical and non-technical audiences.
Demonstrated ability to effectively facilitate and drive organizational change.
Strong verbal and written communication skills.
Strong interpersonal skills.
In addition, given the global nature of the company's operations, the successful candidate is expected to be internationally mobile.
Bachelor's degree or equivalent working experience. A degree in Information Systems, Computer Science, or related discipline is a plus.
Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or equivalent security certification.
Johnson Controls is an equal employment opportunity and affirmative action employer and all qualified
Johnson Controls is a global diversified technology and multi industrial leader serving a wide range of customers in more than 150 countries. Our commitment to sustainability dates back to our roots in 1885, with the invention of the first electric room thermostat. We are committed to helping our customers win everywhere, every day and creating greater value for all of our stakeholders through our strategic focus on buildings.
Johnson Controls is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, status as a qualified individual with a disability, or any other characteristic protected by law. For more information, please view EEO is the Law. If you are an individual with a disability and you require an accommodation during the application process, please visit www.johnsoncontrols.com/tomorrowneedsyou.
Johnson Controls, Inc.