Cybersecurity Technical Program Manager

Build your best future with the Johnson Controls team!

Who we are:

Johnson Controls is global leader in smart healthy and sustainable buildings. Our mission is to reimagine the performance of buildings to serve people places and the planet. Join a winning team that enables you to build your best future! Our teams are uniquely positioned to support a multitude of industries across the globe. You will have the opportunity to develop yourself through meaningful work projects and learning opportunities. We strive to provide our employees with an experience focused on supporting their physical financial and emotional wellbeing. Become a member of the Johnson Controls family and thrive in an empowering company culture where your voice and ideas will be heard your next great opportunity is just a few clicks away!

What We Offer:

• Competitive salary

• Paid vacation/holidays/sick time

• Comprehensive benefits package including 401K medical dental and vision care.

• On-the-job/cross-training opportunities

• Encouraging and collaborative team environment

• Dedication to safety through our Zero Harm policy

We are actively seeking a results-driven Cybersecurity Technical Program Manager to join our Fire Detection New Product Introduction (NPI) Program Management Office. Based in one of our advanced R&D facilities located in Westford MA this role offers a hybrid work environment requiring three days per week onsite and allowing two days of remote work.

What You Will Do:

As a key leader the Cybersecurity Technical Program Manager will drive the end-to-end cybersecurity strategy execution and compliance for NPI programs delivering connected fire detection products. This role focuses on integrating security into the product lifecycle ensuring proactive vulnerability identification risk mitigation and regulatory compliance (including CRA) across software and embedded systems.

How You Will Do It:

• Lead and manage cybersecurity workstreams across multiple concurrent NPI programs from concept through product launch and sustaining phases.

• Drive secure development lifecycle (SDL) practices and ensure alignment with enterprise and regulatory cybersecurity frameworks.

• Partner with software engineering hardware QA architecture and DevOps teams to:

  • Identify assess and prioritize software and system vulnerabilities

  • Ensure timely remediation and closure of security findings

  • Track and report vulnerability metrics (MTTR backlog severity trends)

• Establish and maintain cybersecurity program plans including risk registers threat models compliance milestones and mitigation strategies.

• Oversee product security testing activities including SAST DAST penetration testing SBOM generation and third-party vulnerability assessments.

• Ensure compliance with Cyber Resilience Act (CRA) and other relevant regulations/standards (e.g. IEC 62443 NIST ISO 27001 UL cybersecurity requirements).

• Coordinate security incident response planning and vulnerability disclosure processes for products in the field.

• Facilitate cross-functional alignment to drive timely resolution of security issues including coordination with external vendors and suppliers.

• Prepare and present cybersecurity posture risks and compliance status to senior leadership and stakeholders.

• Promote a culture of security-first mindset and continuous improvement through lessons learned and best practices.

What We Look For:

Required:

• Bachelors degree in Computer Science Cybersecurity Information Security Software Engineering or related field.

• 10 years of professional experience in electronic product design and new product introduction within a manufacturing context (e.g. collaboration with Design Engineers Software Engineers Software QA Manufacturing Supply Chain Supplier Quality Product Management etc.)

• Proven experience managing product security or cybersecurity programs for connected devices or embedded systems.

• Strong hands-on experience with:

  • Vulnerability management (identification triage prioritization remediation tracking)

  • Security testing tools (SAST DAST dependency scanning fuzzing)

  • Threat modeling and risk assessment methodologies

• Experience driving compliance with Cyber Resilience Act (CRA) or similar global cybersecurity regulations.

• Demonstrated success in driving cross-functional teams to resolve security vulnerabilities within defined SLAs.

• Familiarity with secure coding practices and common vulnerabilities (OWASP Top 10 CVEs CWEs).

• Strong understanding of software development methodologies (Agile/DevSecOps).

• Excellent communication stakeholder management and executive reporting skills.

• Ability to operate effectively in complex regulated environments and manage ambiguity.

• Meticulous attention to detail and technical accuracy.

• Outstanding organizational and technical competencies.

• Effective interpersonal and multitasking skills.

Preferred:

• Project Management Professional (PMP) Certification.

• Experience in IoT embedded systems or safety-critical industries (fire/life safety medical automotive).

• Certifications such as CISSP CISM or CEH.

• Experience with tools such as JIRA Azure DevOps or similar.

• Knowledge of SBOM standards and open-source risk management.

• Familiarity with cloud security and connected device ecosystems.

Why Join Us

Be at the forefront of securing next-generation fire detection solutions that save lives. You will play a critical role in embedding cybersecurity into innovative products ensuring compliance with evolving global regulations while working in a collaborative and forward-thinking environment.

SALARY RANGE: $118000 - $177000 (Salary to be determined by the education experience knowledge skills and abilities of the applicant internal equity and alignment with market data.) This role offers a competitive Bonus plan that will take into account individual group and corporate performance. This position includes a competitive benefits package. The posted salary range reflects the target compensation for this role. However we recognize that exceptional candidates may bring unique skills and experiences that exceed the typical profile. If you believe your background warrants consideration beyond the stated range we encourage you to apply. To support an efficient and fair hiring process we may use technology assisted tools including artificial intelligence (AI) to help identify and evaluate candidates. All hiring decisions are ultimately made by human reviewers. For details please visit the About Us tab on the Johnson Controls Careers site at Controls International plc. is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race color religion sex national origin age protected veteran status genetic information sexual orientation gender identity status as a qualified individual with a disability or any other characteristic protected by law. To view more information about your equal opportunity and non-discrimination rights as a candidate visit EEO is the Law. If you are an individual with a disability and you require an accommodation during the application process please visit here.