The future is being built today, and Johnson Controls is making that future more productive, more secure and more sustainable. We are harnessing the power of cloud, data analytics, the Internet of Things, and user design thinking to deliver on the promise intelligent buildings and smart cities that connect communities in ways that make people’s lives – and the world – better.
In this career defining opportunity within the Global Product Security organization, you will lead security integration and automation initiatives aimed at making our products more resilient to cyber threats and our company more effective at managing risk. You will drive continuous improvement initiatives aligned to our product security maturity framework, ensuring proactive management of security and data privacy risk across the full lifecycle of our products, platforms, and service offerings. You will lead evaluation, procurement, deployment, and support of security capabilities into product development and operations processes. Your team will integrate and manage a fully integrated security tool chain that enhances the developer and customer experience and delivers the speed and agility necessary for DevSecOps and a continuous integration and delivery pipeline.
- Report directly to the Chief Product Security Officer and collaborate with Product Security, Information Security, and Privacy leaders on product security issues, risks, and opportunities.
- Lead a high caliber team of direct and indirect employees and contractor personnel that implement a Secure Software Development Lifecycle, DevSecOps and secure CICD pipeline.
- Conduct security tool and service proof-of-concepts and pilot efforts.
- Manage security budget for procurement, integration, hosting, and support of vendor solutions.
- Manage multi-year vendor contracts and third party partner relationships.
- Use Agile Project Management to manage resources and track milestones and deliverables.
- Periodic reporting to Senior Leadership and Corporate Executives on health and status of the product security program, cybersecurity risks, risk mitigations, and trends.
- Contribute to product security committees, boards, councils and working groups.
- Interface with business leaders and engineering directors on integration of security capabilities, adoption and support strategies and roadmaps, and cost estimating.
- Interface with sales channel leaders and field engineering managers on approaches to drive secure deployment of products, collect voice-of-customer feedback, and identify competitive advantages that enhance the developer and customer experience.
- Educate and train security architects, security champions, developers, and engineers on security capabilities integrated into the product development process.
- Support efforts to advance security engineering and innovation, security operations and incident response, security integration and automation, and commercialization of cybersecurity.
- Assist in cyber security risk and technology assessment of M&A opportunities.
- Support customer audits and inquiries pertaining to our product cybersecurity program.
- Speak at customer-facing events and present at conferences.
- Creative and inventive thinking that leads to technical initiatives to achieve business objectives.
- Technical and operational excellence, thought leadership, and integrative thinking.
- Project Management and Technical Leadership – must be a technical leader with demonstrated ability to effectively manage people, processes, technology deployments, and key relationships. Must be capable of not only leading a team, but make challenging cost-benefit decisions to avoid putting the company at risk, which may cause confrontational situations with peers and business leaders.
- Demonstrated ability to lead change initiatives and adoption strategies to drive integration of security capabilities and processes that intelligently manage risk and provide Johnson Controls with a competitive advantage.
- Effective engineering management and systems integration of cybersecurity capabilities across large, complex organizations.
- Strong project management and application security experience with a thorough understanding of security and privacy by design, software development lifecycle, embedded systems development, industrial control systems, and approaches for securing cloud platforms.
- Strong problem-solving skills to analyze and solve issues concerning cost, technical integration and support, and adoption.
- Proven ability to deliver capability and results using agile methodologies and tools (e.g. Scrum/Kanban, JIRA).
- Track record of building cohesive teams and collaborating successfully with other functions.
- Ability to establish and maintain a high level of trust and confidence with stakeholders.
- Excellent interpersonal, organizational, written and verbal communication skills.
- Bachelors or Masters degree in Cybersecurity, Computer Science, Engineering, Information Systems, or related technical degree.
- Minimum of 15 years of experience involving cybersecurity and technical management.
- CISSP, CSSLP, CCSP or related security and PMP project management certifications are a plus.
- Travel is occasional at 10-15%, including international.
Johnson Controls is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, status as a qualified individual with a disability, or any other characteristic protected by law. For more information, please viewEEO is the Law. If you are an individual with a disability and you require an accommodation during the application process, please visitwww.johnsoncontrols.com/tomorrowneedsyou.