As a Senior Analyst in Supply Chain Cybersecurity, you will bring analytical, technical, and policy expertise to advance the maturity of supplier cybersecurity across Johnson Controls. You will work closely with internal security stakeholders to identify, assess, and mitigate risks associated with third-party suppliers. Your ability to evaluate cybersecurity controls and drive continuous improvement will be critical to success in this role.

How you will do it

• Coordinate and manage Supply Chain Cybersecurity processes and deliverables across the supplier ecosystem.

• Conduct supplier cybersecurity assessments to evaluate alignment with our security standards.

• Maintain effective communication with suppliers, tracking milestones and deliverables.

• Collect, analyze, and quantify supply chain cybersecurity risks, sharing insights with internal stakeholders.

• Continuously improve supplier assessment capabilities and Supply Chain Cybersecurity program maturity.

• Identify process gaps and recommend enhancements to reduce cybersecurity risk.

• Build strong partnerships with IT operations, legal, and procurement teams.

• Collaborate with procurement to ensure cybersecurity requirements are embedded in supplier onboarding.

• Support and enhance tooling for supplier cybersecurity assessments and reporting.

• Monitor and report key program metrics to support compliance and continuous improvement.

• Participate in cybersecurity reviews, audits, and cross-functional working groups.

What we look for

Required

• 5+ years of experience in cybersecurity risk analysis, third-party risk management, or vendor risk assessment.

• Background in cybersecurity and IT control assessments and audits.

• Solid understanding of cybersecurity risk management principles and practices.

• Experience evaluating supplier and product security through assessments and audits.

• Familiarity with frameworks such as SOC 2, ISO/IEC 27001, and CIS Controls.

• Strong critical thinking skills with the ability to translate complex requirements into actionable steps.

• Excellent verbal and written communication skills, with the ability to collaborate across global teams.

• Strong organizational and interpersonal skills; able to manage competing priorities independently.

• Demonstrated ability to lead multiple initiatives using agile methodologies (e.g., Scrum, Jira).

• Self-motivated, adaptable, and eager to learn new technologies.

• Willingness to travel up to 10% of time.

Preferred 

• Bachelor’s degree in cybersecurity, computer science, engineering, or a related technical field.

• Exposure to secure software development practices and cloud technologies.

• Experience with Operational Technology environments (e.g., control systems, building management).

• Familiarity with additional frameworks such as NIST 800 series, OWASP, ISA/IEC 62443.

• Experience with tools such as ServiceNow VRM, Archer, BitSight, or SecurityScorecard.

• Relevant cybersecurity certifications (e.g., CISA, CRISC, GSEC, Security+).

Our culture

At Johnson Controls you’ll have the opportunity to work on some of the most exciting projects in today’s market. Our hardworking people empower us, and we believe in being part of a team that is open, collaborative, results-oriented, hardworking and above all fun. 

We believe that diversity and inclusion matter and make a difference. By embracing the true value of diversity and inclusion, getting comfortable with having crucial conversations, and valuing different perspectives, we will be one of the most desirable places to work. 

#LI-BB1

#LI-Hybrid