This job posting isn't available in all website languages

IT Risk Assessment, Senior Manager

Information Systems
1912832 Requisition #

What you will do: 

The Risk Assessment Program is accountable for facilitating risk-aware business decision-making in which speed-to-market and delivery objectives are balanced with Global Information Security Program objectives that ensure the confidentiality, availability and integrity of IT processes in delivery engagements. 

This role will collaborate closely with partners in security, governance, compliance, IT operations, and business to design and execute assessments that identifies, analyzes, and communicates inherent and residual risk associated with delivery engagements and the technology ecosystem governed by the Global Information Security Program. The Senior Manager will support the organization’s alignment to, and adoption of, the three lines-of-defense principles in the management of technology operations.

This position requires strong communication abilities, as it engages with cross-functional business partners, team members, and leadership across the organization. As an influential member of the risk management function, this position addresses systems and processes that impact technology operations environments and reinforces the compliance culture at JCI by demonstrating a strong understanding of current and upcoming trends in cybersecurity risk management, compliance, and complementary audit requirements and controls.

How you will do it:
  • Administers the Risk Assessment Program within Global Information Security function
  • Designs methods that ensures risks are properly identified, evaluated, communicated, and the appropriate level of controls are implemented
  • Designs, develops, and maintains the IT risk management framework, which includes the risk register, facilitates the identification of key controls, and key processes for testing controls
  • Ensures the execution of streamlined assessments on all delivery projects through close collaboration with delivery organizations and subject matter experts
  • Designs and executes procedures to address findings including risk acceptance and management escalation based on the level of associated risk
  • Designs and executes procedures to report on assessment coverage
  • Identifies opportunities to mature processes, deepen engagement with partners, and mature control health across the IT ecosystem governed by Global Information Security
  • Leverages tools and technologies including Service Now GRC capabilities to streamline and mature risk assessment activities
  • Coaches and develops staff
  • Educates partners on the principles of three lines-of-defense
  • Continually supports organizational alignment and enables focused execution through strong management and leadership practices
  • Supports the administration of the JCI common controls framework to ensure relevant internal and external information security requirements are mapped to risks and adequately tested
  • Maintains risk assessment program related policy, standard and procedure documentation to drive consistent, reliable, and repeatable assessment activities
  • Supports the development and implementation of security awareness, training, and continuous improvement efforts

 What we look for:
  • Five or more years’ of progressive Internal Audit or Information Security work experience within a relevant role and setting, with broad exposure to multiple competing regulatory and industry-based requirements and environments.
  • Experience in operationalizing IT audit, risk or compliance activities and programs, and proven presentation and facilitation skills
  • Experience presenting reporting to management
  • Experience working with ISO 27001, NIST 800-53 security frameworks and PCI DSS Standard in complex IT operating environments is required.
  • Exceptional teaming skills incorporating cross-functional teams, peer relationships, informing, and understanding and appreciating differences.
  • Strong project management, prioritization, presentation, and facilitation skills, demonstrated ability to effectively manage multiple tasks and priorities and drive change across a complex organization, through multiple stakeholders
  • Strong consultative skills, with the ability to advise and consult with business and technical professionals.
  • CRISC, (Certified in Risk and Information System Control) Information Security Auditor), CISM (Certified Information Security Manager), CISSP (Certified Information System Security Professional) or similar industry certification is preferred

Some international travel may be required. 

Johnson Controls is a global diversified technology and multi industrial leader serving a wide range of customers in more than 150 countries. Our commitment to sustainability dates back to our roots in 1885, with the invention of the first electric room thermostat. We are committed to helping our customers win everywhere, every day and creating greater value for all of our stakeholders through our strategic focus on buildings.


Johnson Controls is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, status as a qualified individual with a disability, or any other characteristic protected by law. For more information, please view EEO is the Law. If you are an individual with a disability and you require an accommodation during the application process, please visit www.johnsoncontrols.com/tomorrowneedsyou.

Previous Job Searches

My Profile

Create and manage profiles for future opportunities.

Go to Profile

My Submissions

Track your opportunities.

My Submissions

Similar Listings

United States of America, Florida, Boca Raton

📁 Information Systems

Requisition #: 1912554

United States of America, Florida, Boca Raton

📁 Information Systems

Requisition #: 1912865

View All Jobs