Build your best future with the Johnson Controls team!
Who we are:
Johnson Controls is global leader in smart, healthy, and sustainable buildings. Our mission is to reimagine the performance of buildings to serve people, places, and the planet. Join a winning team that enables you to build your best future! Our teams are uniquely positioned to support a multitude of industries across the globe. You will have the opportunity to develop yourself through meaningful work projects and learning opportunities. We strive to provide our employees with an experience focused on supporting their physical, financial, and emotional wellbeing. Become a member of the Johnson Controls family and thrive in an empowering company culture where your voice and ideas will be heard – your next great opportunity is just a few clicks away!
What We Offer:
Competitive salary
Paid vacation/holidays/sick time
Comprehensive benefits package including 401K, medical, dental, and vision care.
On-the-job/cross-training opportunities
Encouraging and collaborative team environment
Dedication to safety through our Zero Harm policy
We are actively seeking a results-driven Cybersecurity Technical Program Manager to join our Fire Detection New Product Introduction (NPI) Program Management Office. Based in one of our advanced R&D facilities located in Westford, MA, this role offers a hybrid work environment requiring three days per week onsite and allowing two days of remote work.
What You Will Do:
As a key leader, the Cybersecurity Technical Program Manager will drive the end-to-end cybersecurity strategy, execution, and compliance for NPI programs delivering connected fire detection products. This role focuses on integrating security into the product lifecycle, ensuring proactive vulnerability identification, risk mitigation, and regulatory compliance (including CRA) across software and embedded systems.
How You Will Do It:
Lead and manage cybersecurity workstreams across multiple concurrent NPI programs from concept through product launch and sustaining phases.
Drive secure development lifecycle (SDL) practices and ensure alignment with enterprise and regulatory cybersecurity frameworks.
Partner with software engineering, hardware, QA, architecture, and DevOps teams to:
Identify, assess, and prioritize software and system vulnerabilities
Ensure timely remediation and closure of security findings
Track and report vulnerability metrics (MTTR, backlog, severity trends)
Establish and maintain cybersecurity program plans, including risk registers, threat models, compliance milestones, and mitigation strategies.
Oversee product security testing activities, including SAST, DAST, penetration testing, SBOM generation, and third-party vulnerability assessments.
Ensure compliance with Cyber Resilience Act (CRA) and other relevant regulations/standards (e.g., IEC 62443, NIST, ISO 27001, UL cybersecurity requirements).
Coordinate security incident response planning and vulnerability disclosure processes for products in the field.
Facilitate cross-functional alignment to drive timely resolution of security issues, including coordination with external vendors and suppliers.
Prepare and present cybersecurity posture, risks, and compliance status to senior leadership and stakeholders.
Promote a culture of security-first mindset and continuous improvement through lessons learned and best practices.
What We Look For:
Required:
Bachelor's degree in Computer Science, Cybersecurity, Information Security, Software Engineering or related field.
10+ years of professional experience in electronic product design and new product introduction within a manufacturing context (e.g., collaboration with Design Engineers, Software Engineers, Software QA, Manufacturing, Supply Chain, Supplier Quality, Product Management, etc.)
Proven experience managing product security or cybersecurity programs for connected devices or embedded systems.
Strong hands-on experience with:
Vulnerability management (identification, triage, prioritization, remediation tracking)
Security testing tools (SAST, DAST, dependency scanning, fuzzing)
Threat modeling and risk assessment methodologies
Experience driving compliance with Cyber Resilience Act (CRA) or similar global cybersecurity regulations.
Demonstrated success in driving cross-functional teams to resolve security vulnerabilities within defined SLAs.
Familiarity with secure coding practices and common vulnerabilities (OWASP Top 10, CVEs, CWEs).
Strong understanding of software development methodologies (Agile/DevSecOps).
Excellent communication, stakeholder management, and executive reporting skills.
Ability to operate effectively in complex, regulated environments and manage ambiguity.
Meticulous attention to detail and technical accuracy.
Outstanding organizational and technical competencies.
Effective interpersonal and multitasking skills.
Preferred:
Project Management Professional (PMP) Certification.
Experience in IoT, embedded systems, or safety-critical industries (fire/life safety, medical, automotive).
Certifications such as CISSP, CISM, or CEH.
Experience with tools such as JIRA, Azure DevOps, or similar.
Knowledge of SBOM standards and open-source risk management.
Familiarity with cloud security and connected device ecosystems.
Why Join Us?
Be at the forefront of securing next-generation fire detection solutions that save lives. You will play a critical role in embedding cybersecurity into innovative products, ensuring compliance with evolving global regulations while working in a collaborative and forward-thinking environment.
SALARY RANGE: $118,000 - $177,000 (Salary to be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, and alignment with market data.) This role offers a competitive Bonus plan that will take into account individual, group, and corporate performance. This position includes a competitive benefits package. The posted salary range reflects the target compensation for this role. However, we recognize that exceptional candidates may bring unique skills and experiences that exceed the typical profile. If you believe your background warrants consideration beyond the stated range, we encourage you to apply. To support an efficient and fair hiring process, we may use technology assisted tools, including artificial intelligence (AI), to help identify and evaluate candidates. All hiring decisions are ultimately made by human reviewers. For details, please visit the About Us tab on the Johnson Controls Careers site at https://jobs.johnsoncontrols.com/about-us
Johnson Controls International plc. is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, genetic information, sexual orientation, gender identity, status as a qualified individual with a disability or any other characteristic protected by law. To view more information about your equal opportunity and non-discrimination rights as a candidate, visit EEO is the Law. If you are an individual with a disability and you require an accommodation during the application process, please visit here.