Senior Manager, Governance - Cybersecurity GRC

Senior Manager, Governance - Cybersecurity GRC

Are you ready to lead with vision and make a global impact? As Senior Manager in the Cybersecurity Governance, Risk, and Compliance (GRC) organization, you will drive the evolution of our cybersecurity governance framework, ensuring Johnson Controls meets and exceeds regulatory standards and industry best practices.

• Develop and execute forward‑thinking cybersecurity governance strategies that elevate our security posture.
• Design, implement, and maintain a robust governance program—documenting, communicating, and enforcing policies, standards, and guidelines that align with business objectives.
• Serve as a subject‑matter expert, educating and guiding technology teams and business partners on cyber governance requirements and best practices.
• Engage with internal and external auditors, facilitating assessments and audits to ensure timely responses and adherence to JCI policies and standards.
• Lead coordination across cross‑functional teams to deliver cybersecurity training and awareness initiatives, reinforcing adherence to governance policies.
• Collaborate with cross‑functional teams to evaluate cyber controls, map them to program key performance indicators, and assess compliance.
• Report on the effectiveness of governance initiatives, using data‑driven insights to inform continuous improvement.
• Ensure our governance framework meets evolving compliance requirements and incorporates stakeholder input and industry benchmarks.
• Foster collaboration through partnership with cybersecurity leaders and cross‑functional teams to refine processes, develop key performance indicators, and promote organizational cyber maturity.
• Implement process enhancements using automation tools and agile methodologies to boost productivity and efficiency.
• Monitor and interpret evolving regulatory requirements and industry best practices to inform governance enhancements.
• Build and lead a high‑performing team, mentoring and developing cybersecurity professionals to foster growth, innovation, and shared commitment to excellence.
• Participate in relevant cybersecurity committees and working groups.

• Bachelor's degree in Cybersecurity, Information Technology, or a related field.
• 8+ years of experience in cybersecurity governance, risk management, or compliance—especially in building and leading governance frameworks that make a difference.
• Proven track record of leading high‑performing teams and delivering results with autonomy, accountability, and a collaborative spirit.
• Deep expertise in industry frameworks, regulations, and laws such as ISO, NIST, PCI, GDPR, and CRA, with the ability to translate complex requirements into practical solutions.
• Experience navigating both legacy and emerging technologies to manage business risk and enforce robust security controls.
• Exceptional communication and interpersonal skills, with the ability to build trust, minimize friction, and engage effectively with stakeholders at every level.
• Demonstrated success in managing multiple initiatives and delivering on schedule using agile methodologies and tools (e.g., Scrum/Kanban, Jira).
• Strong critical thinking and problem‑solving skills, with a knack for distilling complex requirements into actionable strategies.
• Experience leading distributed and hybrid teams, fostering a culture of inclusion and continuous improvement.

• Industry
  
  Certifications:
  
  CISSP, CISM, CISA, CRISC, or other certifications in cybersecurity governance that demonstrate your commitment to excellence and continuous learning.
• Operational Technology Savvy:
  Experience with cybersecurity controls for Operational Technologies (like Control Systems or Building Management) will help you make an even greater impact in our diverse environment.
• Global Perspective:
  If you have worked in a global organization and navigated multi‑regional compliance requirements, you will thrive in our dynamic, international team.

$126,000 – $171,000 (Salary determined by the applicant’s education, experience, and skills, plus market and location data). This role offers a competitive bonus plan that will take into account individual, group, and corporate performance. A comprehensive benefits package is available.

Johnson Controls is an equal employment opportunity and affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, qualified individual with a disability, or any other characteristic protected by law. For more information, please view EEO is the Law. If you are an individual with a disability and require an accommodation during the application process, please visit