Director, Product Security Governance
The future is being built today, and Johnson Controls ismaking that future more productive, more secure and more sustainable. We are harnessing the power of cloud, dataanalytics, the Internet of Things, and user design thinking to deliver on thepromise of intelligent buildings and smart cities that connect communities inways that make people’s lives – and the world – better.
In this career defining opportunity within the GlobalProduct Security organization, you will lead a passionate and vibrant team ofcybersecurity professionals as you oversee strategic governance, riskmanagement, and compliance aspects of the Johnson Controls productcybersecurity program.
You will drive continuous improvement initiatives aligned toour product security maturity framework, ensuring proactive management ofsecurity and data privacy risk across the full lifecycle of our products,platforms, and service offerings. Yourteam will coordinate policies and develop standards, implement innovative andintegrated capabilities to monitor for risk and compliance, manage assessmentsand exercises, support audits, provide training, raise cybersecurity awareness,and engage in forward-leaning communications and community outreach. In this role, you will play a pivotal role inmanaging cybersecurity risk, differentiating Johnson Controls, and enablingbusiness growth.
- Report directly to the Chief Product Security Officer and collaborate with Product Security, Information Security, and Privacy leaders on product security issues, risks, and opportunities.
- Lead a high caliber team of direct and indirect employees and contractor personnel.
- Support development and sustainment of a highly proficient cybersecurity workforce.
- Use Agile Project Management to manage resources and track milestones and deliverables.
- Continuously monitor cybersecurity performance and maturity across the company.
- Periodic reporting to Senior Leadership and Corporate Executives on health and status of the product security program, cybersecurity risks, risk mitigations, and trends.
- Coordinate and support product security committees, boards, councils and working groups.
- Interface with business leaders and engineering directors on governance, risk, and compliance management strategies and roadmaps.
- Interface with sales channel leaders and field engineering managers on approaches to drive secure deployment of products, collect voice-of-customer feedback, and identify competitive advantages that enhance the developer and customer experience.
- Mentor and coach security architects, security champions, developers, and engineers.
- Support efforts to advance security engineering and innovation, security operations and incident response, security integration and automation, and commercialization of cybersecurity.
- Assist in cyber security risk and technology assessment of Mamp;A opportunities.
- Support customer audits and inquiries pertaining to our product cybersecurity program.
- Speak at customer-facing events and present at conferences.
- Creative and inventive thinking that leads to technical initiatives to achieve business objectives.
- Governance – must be able to implement and manage a rigorous governance program.
- Strategy – must be a strategic thinker with deep knowledge of the cybersecurity risks for products, out in front of the marketplace and the hackers, leading a program that competitively advantages the company while providing our customers with the confidence that our program protects their strategic assets.
- Leadership – must be an executive with the presence to speak confidently to all levels of the company. Must be capable of not only leading a team, but make challenging decisions to avoid putting the company at risk, which may cause confrontational situations with peers and customers of the company.
- Technical and operational excellence, thought leadership, and integrative thinking.
- Effective management of cybersecurity programs in large, complex organizations.
- Demonstrated ability to lead change initiatives and drive development of capabilities and processes to intelligently manage risk, reduce vulnerability, and outmaneuver threats.
- Broad cybersecurity and project management experience with a thorough understanding of security and privacy by design, software development lifecycle, embedded systems development, industrial control systems, and approaches for securing cloud platforms.
- Strong problem-solving skills to analyze cybersecurity issues and requirements (legal/regulatory, policy, customer, industry standards) and relate them to appropriate security controls.
- Provenability to deliver capability and results using agile methodologies and tools(e.g. Scrum/Kanban, JIRA).
- Track record of building cohesive teams and collaborating successfully with other functions.
- Ability to establish and maintain a high level of trust and confidence with stakeholders.
- Excellent written and verbal communication and presentation skills, including presentation planning and delivery skills.
- Bachelors or Masters degree in Cybersecurity, Computer Science, Engineering, Information Systems, or related technical degree. Master’s degree is desirable.
- Minimum of 15 years of experience involving cybersecurity and technical management.
- CISSP, CSSLP, CCSP or related security and PMP project management certifications are a plus.
- Travel is moderate at 25-35%, including international.
Johnson Controls is an equalemployment opportunity and affirmative action employer and all qualifiedapplicants will receive consideration for employment without regard to race,color, religion, sex, national origin, age, protected veteran status, status asa qualified individual with a disability, or any other characteristic protectedby law. For more information, please view EEO is the Law. If you are an individual with a disability and you require anaccommodation during the application process, please visit www.johnsoncontrols.com/tomorrowneedsyou.
Primary Location US-WI-Milwaukee
Organization Bldg Technologies Solutions