The Johnson Controls Global Information Security (GIS) team is undergoing expansion as Johnson Controls increases its cybersecurity resources and capabilities in order to address the ever-changing Cybersecurity threat landscape.
The successful candidate will be a capable of executing the global IT 3rd Party Risk Management functions while interacting with relevant business and technology colleagues. This role reports directly to the Director, 3rd Party IT Risk Management.
The candidate will be able to articulate thoughts clearly, plan initiatives, and execute with appropriate urgency. The candidate will demonstrate drive, intelligence, maturity, and energy and will be a proven change leader. The candidate will possess a high degree of business acumen and must have a “real world” perspective in order to effectively engage with colleagues in the Business Units.
What you will do:
- Executes the Information Security 3rd Party IT Risk Management program
- Identifies, assesses, monitors and reports on highest risk IT vendors.
- Facilitates business awareness and ownership of Supplier-related Cyber Risks.
- Partners with internal and external stakeholders (including, but not limited to Legal, Privacy, Audit, senior IT leadership, peer Information Security leaders, and business leadership) to ensure appropriate awareness and accountability of 3rd Party Risk.
- Under the guidance of the Leader of 3rd Party IT Risk function, supports the Information Security 3rd Party Risk Management strategy, including supporting formal processes and procedures.
- Enables the enterprise 3rd Party Cyber Risk intake and evaluation process for new vendors, providing escalation where necessary and reporting out to stakeholders.
- Document, assess and report out on measures, metrics, and internal controls related to 3rd Party IT Risk Management.
- Keep aware of local, national and international developments in Information Security, tie them to the JCI threat landscape, and proactively communicate them at the appropriate level.