Zero Trust and Identity and Access Management Architect

Build your best future with the Johnson Controls team

As a global leader in smart healthy and sustainable buildings our mission is to reimagine the performance of buildings to serve people places and the planet. Join a winning team that enables you to build your best future! Our teams are uniquely positioned to support a multitude of industries across the globe. You will have the opportunity to develop yourself through meaningful work projects and learning opportunities. We strive to provide our employees with an experience focused on supporting their physical financial and emotional wellbeing. Become a member of the Johnson Controls family and thrive in an empowering company culture where your voice and ideas will be heard your next great opportunity is just a few clicks away!

What we offer:

• Competitive salaryand bonus plan

• Paid vacation/holidays/sick time

• Comprehensive benefits package including 401K medical dental and vision care

• On the job/cross training opportunities

• Encouraging and collaborative team environment

• Dedication to safety through our Zero Harm policy

What you will do:

As part of JCIs ongoing and exciting digital transformation strategy as a Zero Trust and Identity architect you will work with the wider global network and IT teams business partners and managed service vendors to manage and maintain the physical and logical Enterprise Security infrastructure.

As the subject matter expert you will maintain current knowledge of regulatory requirements trends best practices and solutions in your scope of expertise.

You will consult on security policies standards and guidelines working to make security requirements clear and accessible.

You will develop reference architectures and reference implementation patterns.

You will provide consulting to Enterprise Architecture and to Solutions Architects providing security requirements for planned projects and methods for meeting those requirements.

Additional responsibilities include technical documentation development support problem management change management reporting budgeting and planning for identity management related initiatives

What we look for:

Required

• 10 years experience implementing enterprise Identity and Access Management (IAM) Privileged Access Management (PAM) solutions (e.g. Saviynt Okta SailPoint Ping Identity Omada Microsoft Identity Manager Beyond Trust CyberArk or equivalent IAM solution) in client environments.

• Solid understanding of industry standard Cybersecurity Frameworks and compliance requirements

• Familiarity with Zero Trust Network Architecture is desirable

• Familiarity with service now Ticketing and CMDB is desirable

• Design build operate and automate security solutions and processes to protect the integrity of the organizations networks systems applications and data.

• Experience developing technical strategies architectures and roadmaps.

• Outstanding communication and presentation skills. Able to articulate complex technical concepts to non-technical audiences.

• Respond to security incidents including data breaches and coordinate with other IT teams to mitigate the impact of any security breaches.

Preferred

• Experience hardening security for Active Directory Windows *nix OS.

• Experience with IDaaS providers such as Microsoft Okta Ping Identity Google Cloud Identity

• Experience defining and implementing delegation model

• Experience defining and implementing support scenarios for merger acquisition and divestitures

• Experience with cloud architectures particularly Azure AWS GCP native IAM controls.

• Experience with Identity Governance processes and solutions such as Saviynt SailPoint Ping Identity or equivalent.

• Experience with Microsoft 365 Active Directory SAML OIDC

• Knowledge of Applied Cryptography and PKI

• Understanding of trends and regulations to ensure effectiveness and compliance with all regulations and frameworks (NIST HIPPA-HITECH HITRUST PCI GDPR)

• Manage and network security infrastructure

  • Firewall configuration and rule management

  • Cloud proxies services & Network Access control

  • Employee and Partner remote access VPN services

  • Cloud based Web application firewall

• Development knowledge e.g. Python Java C# .NET Web Services (SOAP/REST/RESTful APIs) Shell programming/scripting

• Preferred Network Infrastructure Security background in both on prem physical security components (firewalls IDS/IPS remote access and internet proxies) as well as cloud security services (Zscaler Azure GCP).

• Strong experience of working on SIEM tools like Splunk to analyze logs and correlate events.

• Experience with User Behavior Analytics & Workday SAP Salesforce

• Experience with MDM capabilities such as Intune or AirWatch

• Understanding of trends and regulations to ensure effectiveness and compliance with all regulations and frameworks (NIST HIPPA-HITECH HITRUST PCI GDPR)

• CISSP or SANS GIAC CIMP CEH CISM or CISA certifications

• OKTA Professional or Consultant

• Google/AWS/Microsoft Professional Cloud Architect

This is a part time role for 20 hours per week.

HIRING SALARY RANGE: $61500 -$85500 (Salary to be determined by the education experience knowledge skills and abilities of the applicant internal equity location and alignment with market data.) This role offers a competitive Bonus plan that will take into account individual group and corporate performance. This position includes a competitive benefits package. For details please visit the About Us tab on the Johnson Controls Careers site at

Controls International plc. is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race color religion sex national origin age protected veteran status genetic information sexual orientation gender identity status as a qualified individual with a disability or any other characteristic protected by law. To view more information about your equal opportunity and non-discrimination rights as a candidate visit EEO is the Law. If you are an individual with a disability and you require an accommodation during the application process please visit here.