The future is being built today, and Johnson Controls is making that future more productive, more secure and more sustainable. We are harnessing the power of cloud, data analytics, the Internet of Things, and user design thinking to deliver on the promise intelligent buildings and smart cities that connect communities in ways that make people’s lives – and the world – better.
In this career defining opportunity within the Global Product Security organization, you will be a hands-on leader of security integration and automation initiatives aimed at making our products more resilient to cyber threats and our company more effective at managing risk. As a key member of the Product Security Integration team, you will provide strategic and execution leadership in architecting, designing, building, deploying, maintaining and continuously improving a fully integrated security tool chain that embeds security, privacy, and policy controls within the product development lifecycle. You will play a critical role in enhancing the developer and customer experience making cybersecurity and risk management a foundational component of the product development process. Through a combined skill set and proficiency in systems architecture, systems integration, security, software development, and DevOps, you will work to advance our product security maturity infusing best-in-class security tools across the full lifecycle of our products, platforms, and service offerings. In this position, you will play a pivotal role in managing cybersecurity risk, differentiating Johnson Controls, and enabling business success.
How you will do it
Use your deep understanding of systems architecture, systems integration, DevOps and secure SDLC best practices in designing and developing an enterprise level architecture and integration framework for a full lifecycle integrated security tool chain.
Understand overall security program policies and standards, and associated governance, risk and compliance in identifying and evaluating security tool integration and automation needs within and across business units, including sales channels and field engineering.
Design and recommend integrated solutions that optimize cybersecurity product development processes and accelerate the build out, operationalization, orchestration and adoption of the integrated security tool chain.
Lead security tool integration and automation strategies and roadmaps.
Lead requirements elicitation, analysis, and validation for security automation initiatives.
Coach and mentor security integration analysts, security architects, developers and others in the design, development, deployment and adoption of integrated security tool chain solutions.
Engage with global product security stakeholders to advance security governance, risk, and compliance, security engineering and innovation, security operations and incident response that promote software risk reduction and business success.
Lead and design hands-on security tool and service proof-of-concepts and pilot efforts performing objective due diligence analysis in evaluating best-in-class tools and automation solutions.
Work in a cross-functional environment to build consensus on security tool decisions that balance the need for fast delivery with long-term goals and operational excellence.
Drive collaboration with stakeholders to capture and understand tooling data composition, storage, accessibility and reporting needs across the cybersecurity program. Ensure data needs are a critical factor in performing security automation due diligence and evaluation.
Apply effective data and workflow management principles in architecting secure, reliable, responsive data stores within the integrated security tool chain framework. Lead the implementation of secure data connections and flow automation for tools introduced into the security tool chain.
Define workflow and automation processes within the integration framework to provide ETL data capabilities to supply data feeds for dashboard creation and reporting on security program health and maturity, cybersecurity risks, risk mitigations, and trends.
Work with product security marketing and communications to develop communication plans in regard to awareness, training, rollout and adoption of product security tools and automation.
Educate and train security architects, security champions, developers, and engineers on security tools and automation capabilities integrated into the product development process.
Provide resource estimates for design and implementation of the integrated security tool chain.
Assist in cybersecurity risk and technology assessment(s) of M&A opportunities.
Support product security committees, boards, councils and working groups.
Support customer-driven cybersecurity audits and inquiries via automated and/or self-service security tool chain reporting. Establish data feeds for advanced analytics and customization.
Conduct research to drive advancements in security tool integration and automation.
Champion continuous improvement through ingenuity, creativity and innovative thinking.
What we look for
Technical and operational excellence, thought leadership, integrative and innovative thinking.
Self-starter with a passion to achieve superior results in integrating advanced and emerging technologies to develop a scalable, sustainable, distributed integrated security tool chain.
Superior experience in integrating diverse, complex software systems and tools, and implementing operational workflows, processes and procedures to deploy capabilities across large organizations including experience in scaling distributed systems.
Proven ability to capture functional concepts and requirements and apply them to architecting integrated solutions and technical designs.
Experience with architectural abstractions and design patterns.
Exceptional ability to influence people and drive consensus, especially from other organizations.
Expert knowledge and practical product development and software security experience, including secure SDLC practices, security/privacy by design architectures, and secure by default configurations.
Solid understanding of software security governance, risk and compliance activities i.e. metrics, assessments, audits, exercises, risk frameworks, and maturity models.
Experience with Continuous Integration, testing and Continuous Deployment technologies and the build out of CI/CD pipelines including build tools such as Jenkins, TeamCity, and Bamboo and CI/CD configuration tools such as Puppet, Chef, Ansible, and Salt.
Understanding of cloud, embedded, web and mobile platforms and associated architectures.
Expert knowledge and experience in the use of application security tools for security requirements, design, development, testing, deployment and execution (SAST, DAST, SCA, DB security scanning, MAST, IAST, STaaS, penetration testing, code diversity, ASTO, etc.)
Extensive understanding and experience in API development.
Knowledge of current software security threats, attack vectors, Common Vulnerabilities and Enumerations, along with the associated secure development practices.
Exceptional problem-solving and troubleshooting skills to analyze system integration and automation operational and support issues.
Data management experience at the enterprise level.
Proven ability to deliver results using agile methodologies and tools (e.g. Scrum/Kanban, JIRA.)
Excellent interpersonal, organizational, written/verbal communication, and presentation skills.
Experience in provide consulting, mentorship and training at the technical level.
Ability to build trust with stakeholders and explain integrated security tool chain roadmap and strategy as well as tool configuration/setup, interoperability and automation security topics to all audiences including C-suite and executive management.
Knowledge of technology risk management related frameworks such as RMF, NIST 800-53, ISA/IEC 62443, UL CAP, ISO 27001, GDPR, CSL, SOC 2 or other comparable.
Experience with Operational Technologies (e.g. Controls Systems, Building Management) a plus.
Bachelor’s degree in Computer Science, Engineering, Information Systems, Cybersecurity or related technical degree. Master’s degree preferred.
CISSP, CSSLP, CCSP, CEH or related security and PMP project management certifications are a plus.
Minimum of 16 years of experience; at least 8 years in software development and cybersecurity.
Travel is moderate at approximately 15%; including international.
Apply now to have the opportunity to be considered for similar jobs at leading companies in the Seen network for FREE.
Zero stress and one profile that can connect you directly to 1000s of companies.
We’ll take it from there. After you tell us what you’re looking for, we’ll show you off to matches.
Boost your interview skills, map your tech career and seal the deal with 1:1 career coaching.
Join now and Be Seen.