Johnson Controls is powered by your talent. We are the power behind the customer mission. Together we are building a world that’s safe, comfortable and sustainable. Our diverse global team creates innovative, integrated solutions to make cities more connected, buildings more intelligent and environments more comfortable and secure. We are all about improving outcomes for our partners. Tomorrow needs your talent. Tomorrow needs you. So let’s talk today.

What you will do 

The Risk Management Program is accountable for facilitating risk-aware business decision-making in which speed-to-market and delivery objectives are balanced with Global Information Security Program objectives that ensure the confidentiality, availability and integrity of IT assets. Under the direction of the Senior Manager, Risk Management, this role will execute assessments on projects and processes that introduce IT risk to JCI and evaluate that the IT risks have been adequately controlled. In close collaboration with partners in security, delivery, and the business, the analyst identifies, analyzes, and communicates inherent and residual risk. The analyst will, when appropriate, facilitate risk acceptance procedures as defined by the Risk Management Program. The analyst will reinforce the organization’s alignment to, and adoption of, the three lines-of-defense principles in the management of technology operations. This position requires strong communication abilities, as it engages with multi-functional team members and serves as the domain expert in the context of control designed to manage IT risk. 

How you will do it

• Execute the Risk Management Program within Global Information Security function


• Evaluate proposed project scope to ensure baseline control requirements are communicated to delivery teams


• Ensures the execution of streamlined assessments on all delivery projects through close collaboration with delivery organizations and subject matter experts


• Executes procedures to address findings including risk acceptance and management escalation based on the level of associated risk


• May support the maintenance of the IT risk management framework, which includes the risk register, facilitates the identification of key controls, and key processes for testing controls


• Executes procedures to report on assessment coverage


• Educates partners on the principles of three lines-of-defense


• Continually supports organizational alignment and enables focused execution


• Supports the administration of the JCI common controls' framework to ensure relevant internal and external information security requirements are mapped to risks and adequately tested


• Maintains Risk Management Program related policy, standard and procedure documentation to drive consistent, reliable, and repeatable assessment activities


• Supports the development and implementation of security awareness, training, and continuous improvement efforts
  
   

What we look for

• Five or more years of progressive Internal Audit or Information Security work experience within a relevant role and setting, with broad exposure to multiple competing regulatory and industry-based requirements and environments.


• Experience in executing various types of risk assessments that vary based on business need and assessment objective; may include product assessments, controls assessments, process assessments


• Experience preparing formal deliverables


• Experience working with ISO 27001, NIST 800-53 security frameworks and PCI DSS Standard in sophisticated IT operating environments is required.


• Exceptional teaming skills incorporating multi-functional teams, peer relationships, informing, and understanding and appreciating differences.


• Strong consultative skills, with the ability to advise and collaborate with business and technical experts.


• CRISC, (Certified in Risk and Information System Control) Information Security Auditor), CISM (Certified Information Security Manager), CISSP (Certified Information System Security Professional) or similar industry certification is helpful


• Some international travel may be required. 
  
   

Johnson Controls International plc. is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, genetic information, status as a qualified individual with a disability, or any other characteristic protected by law. For more information, please view EEO is the Law. If you are an individual with a disability and you require an accommodation during the application process, please visit www.johnsoncontrols.com/careers.