Get new similar jobs by email for

Sr Mgr Global Information Secu...


Job Summary

Johnson Controls
Milwaukee, WI
Other/Not Classified
Job Type
Full Time
Career Level
Experienced (Non-Manager)
Job Reference Code

Sr Mgr Global Information Security

About the Job

Senior Manager, Global Information Security,
Governance, Risk Management and Compliance



What you will love about Johnson Controls:

been dedicated to protecting the environment since our invention of the
electric thermostat in 1885, which provided a fundamental shift in the energy
efficiency of buildings. Now, all over the world, our products and services
empower customers and communities to consume less energy and conserve

  • Global, innovative, industry

  • #70 on Fortune’s most admired
    companies list

  • Embraces diversity

  • Growth opportunities abound

  • Fast paced, evolving company,
    always learning, always adapting

  • Great benefits; including
    Healthcare related wellness discounts, 
    great 401k match, company funded retirement program, vacation, sick
    time, floating holidays and national holidays



What you will do


Senior Manager, Governance, Risk Management, and Compliance (GRC) is a key role
within the Johnson Controls Global Information Security (GIS) organization.  This position is responsible for leading and
framing IT risk management and compliance programs across the global Johnson
Controls enterprise business and technology landscape, with a focus on
information security.


crucial element of the GIS Senior GRC Manager’s role is working with senior executives,
line-of-business managers and other key decision makers to determine acceptable
levels of residual IT risk for the company as a whole, and for various internal
departments and organizations. This role is also responsible for delivering a
clear understanding of the levers and choices to mitigate risks as appropriate.
Core to a GRC function is the ability to ensure the strongest risk mitigating
posture for the optimal set of investment choices, given a keen understanding
of regulatory mandates and a complex business environment.  This role reports to the GIS Director,
Governance, Risk Management and Compliance.





How you will do it

  • Leads
    a global IT risk management and compliance team in the delivery of advisory
    services for Global Information Security Risk and Compliance programs. This
    includes services related to third-party risk, mergers & acquisitions risk,
    and Cybersecurity controls compliance (e.g., Payment Card Industry (PCI), China
    Cyber Law, General Data Protection Regulation (GDPR))

  • Coaching
    and development of globally-based compliance and risk management team members,
    and fostering individual professional development plans for the team.

  • Manages
    internal/external IT security related compliance engagements, and provides
    formal support for measuring the effectiveness of the Johnson Controls’ Global
    Governance, Risk Management & Compliance Framework (based on NIST 800-53
    and ISO 27001 Standards) This includes evaluating overall information
    technology risk and maintaining an active view on the actual, mitigated and
    residual risks in the global Johnson Controls technology environment.

  • Supports
    Director of Governance, Risk Management & Compliance in the coordination of
    joint-Johnson Controls’ Enterprise and Information Security Risk Management practices,
    to ensure senior level visibility into IT risk scenarios and on-going
    mitigation activities.

  • Works
    closely with Enterprise Operational Risk, Information Security, Compliance,
    Legal, Internal Audit and Data Privacy teams to develop and implement effective
    IT risk management and compliance practices.

  • Partners
    with IT, ePMO, and business functions to provide advice on IT risk, regulatory
    and compliance mandates and their impact to in-flight projects and investments

  • Maintains
    meaningful and sustainable Global IT Risk and Compliance performance reporting
    (key risk/performance indicator metrics) and monitors thresholds for exceptions.

  • Identifies
    and implements continuous improvement initiatives within the Global Information
    Security Risk and Compliance programs.

  • Monitors
    and reviews regulatory updates and issues relative to pertinent security
    regulatory requirements (such as GDPR, PCI, and NIST 800-53) and
    apprises Global Information Security leadership as appropriate.

What we look for


  • A Bachelor's
    degree (Master's degree preferred) in Business, Information Systems or other
    related field; or equivalent work experience.

  • 5+ years of progressive information security work
    experience within a relevant IT risk management and compliance role and
    environment, with broad exposure to multiple competing regulatory and industry-based
    requirements and environments.

  • Proven experience
    leading global IT risk management and compliance teams within a GRC domain.

  • Demonstrable
    experience of Information Security Compliance programs and industry leading practices/
    frameworks including ISO 27001, PCI, NIST 800-53, GDPR, and China Cybersecurity

  • Experience with
    leading, developing, and establishing best practices in connection with IT security
    risk and compliance functions.

  • Highly
    knowledgeable of governance, risk, and compliance systems and experience implementing
    a GRC framework in a complex, multi-national environment.

  • Exceptional
    working relationships with the business, and a broad understanding of business
    processes required to translate technical issues into business-related decision
    points. Ability to proactively understand, assess and document key IT risks and
    controls across operational and information security domains.

  • Professional
    security management certification, such as a Certified Information Systems
    Security Professional (CISSP) or Certified Information Security Manager (CISM)
    is required.

  • Excels in both
    verbal and written communications with all levels of staff including
    management, executives, auditors, finance, legal, IT staff and third parties,
    in matters related to IT risk, compliance, and audit requirements and remediation.  Effective presentation skills are essential
    to this role.



  • High level of personal integrity, with the ability to
    professionally handle confidential matters and exudes the appropriate level of
    judgment and maturity

  • High degree of initiative, dependability. Experience managing
    multiple, simultaneous, significant information security related initiatives
    and responses. Ability to work with minimal supervision.

  • Strong conceptual
    thinking, and the ability to conceptualize complex business and technical
    requirements of a given compliance or regulatory mandate into actionable

  • Demonstrated
    leader with team-oriented interpersonal skills, and the ability to interface
    effectively with a broad range of people and roles, including upper management,
    IT leaders, and external constituents.

  • Ability to
    maintain composure and clarity of thought under pressure, within a highly
    dynamic organization.

  • Understanding
    of strategic business objectives and the ability to drive results toward those

  • Ability
    to coach, motivate and develop careers of others within a global team.





Who we are


At Johnson Controls, we’re shaping the future
to create a world that’s safe, comfortable and sustainable. Our global team
creates innovative, integrated solutions to make cities more connected,
buildings more intelligent and vehicles more efficient. We are passionate about
improving the way the world lives, works and plays. The future requires bold
ideas, an entrepreneurial mind-set and collaboration across boundaries. You
need a career focused on tomorrow. Tomorrow needs you.

Controls is an equal employment opportunity and affirmative action employer and
all qualified applicants will receive consideration for employment without
regard to race, color, religion, sex, national origin, age, protected veteran
status, status as a qualified individual with a disability, or any other
characteristic protected by law. For more information, please view EEO is the
Law. If you are an individual with a disability and you require an
accommodation during the application process, please visit


Job Tools