Senior Analyst, Supply Chain Cybersecurity

The future is being built today, and Johnson Controls is making that future more productive, more secure, and more sustainable.  We are harnessing the power of cloud, data analytics, the Internet of Things, and user design thinking to deliver on the promise of intelligent buildings and smart cities that connect communities in ways that make people’s lives – and the world – better.

What you will do

Supply Chain Cybersecurity (SCC) senior analyst will bring analytical and technical expertise to further mature supplier cybersecurity in JCI. This person will work with our internal IT and product security stakeholders; engaging with them to identify, analyze, and evaluate complex systems, supplier security posture and associated risks. Ability to assess supplier cybersecurity effectiveness and drive continuous program improvement in response to evolving requirements is key to success in this role. You will play a pivotal role in fostering supplier relationships, confidence, and trust.

How will you do it

You will provide analytical support for delivering changes in SCC processes and tooling to support new initiatives or required changes.

• Coordinate and manage the Supply Chain Cybersecurity processes and deliverables.
• Effectively perform supplier cybersecurity assessments to determine alignment to JCI product security controls.
• Document and quantify supply chain cybersecurity risks for JCI and share with internal stakeholders in a timely manner.
• Effectively manage supplier cybersecurity assessment and reporting tools.
• Maintain interfaces with the suppliers and track milestones and deliverables in a timely manner.
• Develop the maturity of supplier cybersecurity assessment capability through continuous improvement.
• Develop and maintain strong relationships with IT, security, legal and procurement process owners.
• Ensure security practices are followed during supplier procurement, mergers and acquisitions, and compliance audits.
• Define, gather, and monitor relevant metrics for compliance and continuous improvement.
• Participate in relevant security reviews and working groups.

What we Look For

Required

• 10+ years of experience as a cybersecurity risk analyst or planning, managing, and implementing technical IT, product security or third-party risk projects/programs.
• Experience evaluating the security trustworthiness of the suppliers and products through assessments and audits.
• Experience with analysis and audits of cybersecurity and IT controls.
• Knowledge of industry cybersecurity frameworks such as NIST 800 series, OWASP, ISA/IEC 62443, SOC2, ISO27001, CIS Controls and related.
• Strong critical thinking skills with aptitude to assess and distill security control evidence from varied sources into actionable steps.
• Very strong experience working across a diverse stakeholder group to achieve a common goal.
• Must have excellent oral and written communication skills.
• Strong organizational and interpersonal skills are required.  Should have demonstrated ability to manage conflicting priorities and work under minimum supervision to meet timelines.
• Four-year bachelor’s degree in cybersecurity, computer science, engineering, or related technical area.
• Highly motivated, adaptable, and willing to learn new technologies.

Preferred

• Experience with Operational Technologies (e.g., Control Systems, Building Management etc.).
• Cybersecurity certifications, e.g., CISA, CRISC, CISSP, GSEC, Sec+, or related.
• Exposure to secure software development activities and cloud technologies.
• Demonstrated ability to effectively lead multiple initiatives and deliver results on schedule using agile methodologies and tools (e.g.: Scrum/Kanban, Jira).