Third-Party Cybersecurity Risk Analyst
Third-Party Cybersecurity Risk Analyst
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
As aThird-Party Cybersecurity Risk Analyst you will bring analytical technical and policy expertise to advance the maturity of supplier cybersecurity across Johnson Controls. You will work closely with internal security stakeholders to identify assess and mitigate risks associated with third-party suppliers. Your ability to evaluate cybersecurity controls and drive continuous improvement will be critical to success in this role.
How you will do it
Coordinate and manage Supply Chain Cybersecurity processes and deliverables across the supplier ecosystem.
Conduct supplier cybersecurity assessments to evaluate alignment with our security standards.
Maintain effective communication with suppliers tracking milestones and deliverables.
Collect analyze and quantify supply chain cybersecurity risks sharing insights with internal stakeholders.
Continuously improve supplier assessment capabilities and Supply Chain Cybersecurity program maturity.
Identify process gaps and recommend enhancements to reduce cybersecurity risk.
Build strong partnerships with IT operations legal and procurement teams.
Collaborate with procurement to ensure cybersecurity requirements are embedded in supplier onboarding.
Support and enhance tooling for supplier cybersecurity assessments and reporting.
Monitor and report key program metrics to support compliance and continuous improvement.
Participate in cybersecurity reviews audits and cross-functional working groups.
What we look for
Required
Experience in cybersecurity risk analysis third-party risk management or vendor risk assessment.
Background in cybersecurity and IT control assessments and audits.
Solid understanding of cybersecurity risk management principles and practices.
Experience evaluating supplier and product security through assessments and audits.
Familiarity with frameworks such as SOC 2 ISO/IEC 27001 and CIS Controls.
Strong critical thinking skills with the ability to translate complex requirements into actionable steps.
Excellent verbal and written communication skills with the ability to collaborate across global teams.
Strong organizational and interpersonal skills; able to manage competing priorities independently.
Demonstrated ability to lead multiple initiatives using agile methodologies (e.g. Scrum Jira).
Self-motivated adaptable and eager to learn new technologies.
Willingness to travel up to 10% of time.
Preferred
Bachelors degree in cybersecurity computer science engineering or a related technical field.
Exposure to secure software development practices and cloud technologies.
Experience with Operational Technology environments (e.g. control systems building management).
Familiarity with additional frameworks such as NIST 800 series OWASP ISA/IEC 62443.
Experience with tools such as ServiceNow VRM Archer BitSight or SecurityScorecard.
Relevant cybersecurity certifications (e.g. CISA CRISC GSEC Security).
Our culture
At Johnson Controls youll have the opportunity to work on some of the most exciting projects in todays market. Our hardworking people empower us and we believe in being part of a team that is open collaborative results-oriented hardworking and above all fun.
We believe that diversity and inclusion matter and make a difference. By embracing the true value of diversity and inclusion getting comfortable with having crucial conversations and valuing different perspectives we will be one of the most desirable places to work.
#LI-BB1
#LI-Hybrid
Required Experience:
IC
Employment Type
Full-Time
