Senior Director, IT Security
Milwaukee, WI, USA | Johnson Controls
Industry:Mechanical / Industrial Engineering
IT / Information Technology
Job Description:63 people have viewed this job
The Johnson Controls (JCI) Global Information Security (GIS) team is undergoing a transformation and expansion as Johnson Controls increases its cybersecurity resources and capabilities in order to address the ever-changing cybersecurity threat landscape.
The successful candidate will be a visionary thinker capable of leading large, sophisticated global security operations and technology management functions while interacting with the business and technology leaders up to, and including, the Executive Committee and VP/GM levels. This role reports directly to the Johnson Controls Chief Information Security Officer (CISO).
The candidate will be able to articulate thoughts clearly, plan initiatives, and execute with appropriate urgency. The candidate will demonstrate drive, intelligence, maturity, and energy and will be a proven change leader. The candidate will possess a high degree of business and technical acumen and must have a “real world” perspective in order to effectively lead interactions with the leaders in the Business Units.
How you will do it
Owns the Security Operations functions, including Incident Response, Threat Intel/Hunt and Vulnerability Management across the entire multi-national enterprise landscape.
Owns the Security Automation and Analytics function, using analytics and creation of automations to discover and contain threats to JCI.
Owns the monitoring for product-supporting IOT as-a-service environments in the cloud, including related compliance programs (i.e. ISO 27001 and SOC 20) primarily focusing on securing customer data in customer facing cloud environments.
Owns the Security Engineering and Architecture function, responsible for assessment, design and creation of technical implementation of all critical services and initiatives for JCI IT and business units.
Partners with internal and external stakeholders (including, but not limited to Legal, Privacy, Audit, senior IT leadership, peer Information Security leaders, and business leadership) to ensure appropriate awareness and accountability of Cyber technical issues.
In collaboration with the Chief Information Security Officer, delivers the technical capabilities for the Information Security strategy, including supporting formal processes and procedures.
Develops, documents and assesses measures, metrics, and internal controls related to Information Security technology management.
Keeps aware of local, national and international developments in Information Security, ties them to the JCI threat landscape, and proactively communicates them at the appropriate level.
This job description indicates the general nature and level of work expected of the incumbent.It is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities required of the incumbent.Incumbent may be required to perform other related duties.
What we look for
Minimum 15 years in Technology roles, including 10+ years working in Information Security / IT Security and 5+ years line management experience.
Comprehensive knowledge of and experience applying governance frameworks such as ISO 27001, NIST, PCI, Sarbanes Oxley, COBIT, etc.
Comprehensive knowledge of security operations, threat intelligence and demonstrated experience leading teams conducting 24x7 operations.
Comprehensive knowledge of Security Architecture principles applicable Cyber Risk frameworks.
Strategic leader with demonstrated ability to align Information Security requirements with business objectives.
Excellent verbal, written, and interpersonal communications skills, including the ability to communicate security and risk-related concepts to both technical and non-technical audiences.
Demonstrated ability to effectively facilitate and drive organizational change.
In addition, given the global nature of the company’s operations, the successful candidate is expected to be internationally mobile.
Bachelor’s degree in Information Systems, Computer Science, or equivalent, master’s degree preferred.
Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or equivalent security certification(s).
Already a member? Sign In