This job posting isn't available in all website languages
Information Systems
1912865 Requisition #
What you will do:

The Risk Assessment Program is accountable for facilitating risk-aware business decision-making in which speed-to-market and delivery objectives are balanced with Global Information Security Program objectives that ensure the confidentiality, availability and integrity of IT assets. Under the direction of the Senior Manager, risk assessment, this role will execute assessments on projects and processes that introduce IT risk to JCI and evaluate that the IT risks have been adequately controlled. In close collaboration with partners in security, delivery, and the business, the analyst will identifies, analyzes, and communicates inherent and residual risk. The analyst will, when appropriate, facilitate risk acceptance procedures as defined by the Risk Assessment Program. The analyst will reinforce the organization’s alignment to, and adoption of, the three lines-of-defense principles in the management of technology operations. This position requires strong communication abilities, as it engages with cross-functional team members and serves as subject matter expert in the context of control designed to manage IT risk. 

How you will do it:

  • Execute the Risk Assessment Program within Global Information Security function
  • Evaluate proposed project scope to ensure baseline control requirements are communicated to delivery teams
  •  Ensures the execution of streamlined assessments on all delivery projects through close collaboration with delivery organizations and subject matter experts
  • Executes procedures to address findings including risk acceptance and management escalation based on the level of associated risk
  • May support the maintenance of the IT risk management framework, which includes the risk register, facilitates the identification of key controls, and key processes for testing controls
  • Executes procedures to report on assessment coverage
  • Educates partners on the principles of three lines-of-defense
  • Continually supports organizational alignment and enables focused execution
  • Supports the administration of the JCI common controls framework to ensure relevant internal and external information security requirements are mapped to risks and adequately tested
  • Maintains risk assessment program related policy, standard and procedure documentation to drive consistent, reliable, and repeatable assessment activities
  • Supports the development and implementation of security awareness, training, and continuous improvement efforts

What we look for:
  • Five or more years’ of progressive Internal Audit or Information Security work experience within a relevant role and setting, with broad exposure to multiple competing regulatory and industry-based requirements and environments.
  • Experience in executing various types of risk assessments that vary based on business need and assessment objective; may include product assessments, controls assessments, process assessments
  • Experience preparing formal deliverables
  • Experience working with ISO 27001, NIST 800-53 security frameworks and PCI DSS Standard in complex IT operating environments is required.
  • Exceptional teaming skills incorporating cross-functional teams, peer relationships, informing, and understanding and appreciating differences.
  • Strong consultative skills, with the ability to advise and consult with business and technical professionals.
  • CRISC, (Certified in Risk and Information System Control) Information Security Auditor), CISM (Certified Information Security Manager), CISSP (Certified Information System Security Professional) or similar industry certification is preferred

Some international travel may be required. 

Johnson Controls is a global diversified technology and multi industrial leader serving a wide range of customers in more than 150 countries. Our commitment to sustainability dates back to our roots in 1885, with the invention of the first electric room thermostat. We are committed to helping our customers win everywhere, every day and creating greater value for all of our stakeholders through our strategic focus on buildings.


Johnson Controls is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, status as a qualified individual with a disability, or any other characteristic protected by law. For more information, please view EEO is the Law. If you are an individual with a disability and you require an accommodation during the application process, please visit www.johnsoncontrols.com/tomorrowneedsyou.

Previous Job Searches

My Profile

Create and manage profiles for future opportunities.

Go to Profile

My Submissions

Track your opportunities.

My Submissions

Similar Listings

United States of America, Florida, Boca Raton

📁 Information Systems

Requisition #: 1912832

United States of America, Florida, Boca Raton

📁 Information Systems

Requisition #: 1912554

View All Jobs