The future is being built today, and Johnson Controls is making that future more productive, more secure and more sustainable. We are harnessing the power of cloud, data analytics, the Internet of Things, and user design thinking to deliver on the promise of intelligent buildings and smart cities that connect communities in ways that make people’s lives – and the world – better.
In this career defining opportunity within the Global Product Security organization, you will lead a passionate and vibrant team of cybersecurity professionals as you oversee strategic governance, risk management, and compliance aspects of the Johnson Controls product cybersecurity program.
You will drive continuous improvement initiatives aligned to our product security maturity framework, ensuring proactive management of security and data privacy risk across the full lifecycle of our products, platforms, and service offerings. Your team will coordinate policies and develop standards, implement innovative and integrated capabilities to monitor for risk and compliance, manage assessments and exercises, support audits, provide training, raise cybersecurity awareness, and engage in forward-leaning communications and community outreach. In this role, you will play a pivotal role in managing cybersecurity risk, differentiating Johnson Controls, and enabling business growth.
- Report directly to the Chief Product Security Officer and collaborate with Product Security, Information Security, and Privacy leaders on product security issues, risks, and opportunities.
- Lead a high caliber team of direct and indirect employees and contractor personnel.
- Support development and sustainment of a highly proficient cybersecurity workforce.
- Use Agile Project Management to manage resources and track milestones and deliverables.
- Continuously monitor cybersecurity performance and maturity across the company.
- Periodic reporting to Senior Leadership and Corporate Executives on health and status of the product security program, cybersecurity risks, risk mitigations, and trends.
- Coordinate and support product security committees, boards, councils and working groups.
- Interface with business leaders and engineering directors on governance, risk, and compliance management strategies and roadmaps.
- Interface with sales channel leaders and field engineering managers on approaches to drive secure deployment of products, collect voice-of-customer feedback, and identify competitive advantages that enhance the developer and customer experience.
- Mentor and coach security architects, security champions, developers, and engineers.
- Support efforts to advance security engineering and innovation, security operations and incident response, security integration and automation, and commercialization of cybersecurity.
- Assist in cyber security risk and technology assessment of M&A opportunities.
- Support customer audits and inquiries pertaining to our product cybersecurity program.
- Speak at customer-facing events and present at conferences.
- Creative and inventive thinking that leads to technical initiatives to achieve business objectives.
- Governance – must be able to implement and manage a rigorous governance program.
- Strategy – must be a strategic thinker with deep knowledge of the cybersecurity risks for products, out in front of the marketplace and the hackers, leading a program that competitively advantages the company while providing our customers with the confidence that our program protects their strategic assets.
- Leadership – must be an executive with the presence to speak confidently to all levels of the company. Must be capable of not only leading a team, but make challenging decisions to avoid putting the company at risk, which may cause confrontational situations with peers and customers of the company.
- Technical and operational excellence, thought leadership, and integrative thinking.
- Effective management of cybersecurity programs in large, complex organizations.
- Demonstrated ability to lead change initiatives and drive development of capabilities and processes to intelligently manage risk, reduce vulnerability, and outmaneuver threats.
- Broad cybersecurity and project management experience with a thorough understanding of security and privacy by design, software development lifecycle, embedded systems development, industrial control systems, and approaches for securing cloud platforms.
- Strong problem-solving skills to analyze cybersecurity issues and requirements (legal/regulatory, policy, customer, industry standards) and relate them to appropriate security controls.
- Proven ability to deliver capability and results using agile methodologies and tools (e.g. Scrum/Kanban, JIRA).
- Track record of building cohesive teams and collaborating successfully with other functions.
- Ability to establish and maintain a high level of trust and confidence with stakeholders.
- Excellent written and verbal communication and presentation skills, including presentation planning and delivery skills.
- Bachelors or Masters degree in Cybersecurity, Computer Science, Engineering, Information Systems, or related technical degree. Master’s degree is desirable.
- Minimum of 15 years of experience involving cybersecurity and technical management.
- CISSP, CSSLP, CCSP or related security and PMP project management certifications are a plus.
- Travel is moderate at 25-35%, including international.
Johnson Controls is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, status as a qualified individual with a disability, or any other characteristic protected by law. For more information, please viewEEO is the Law. If you are an individual with a disability and you require an accommodation during the application process, please visitwww.johnsoncontrols.com/tomorrowneedsyou.