Cybersecurity Technical Program Manager

Build your best future with the Johnson Controls team!
Who We Are
Johnson Controls is global leader in smart, healthy, and sustainable buildings. Our mission is to reimagine the performance of buildings to serve people, places, and the planet. Join a winning team that enables you to build your best future! Our teams are uniquely positioned to support a multitude of industries across the globe. You will have the opportunity to develop yourself through meaningful work projects and learning opportunities. We strive to provide our employees with an experience focused on supporting their physical, financial, and emotional wellbeing. Become a member of the Johnson Controls family and thrive in an empowering company culture where your voice and ideas will be heard – your next great opportunity is just a few clicks away!
What We Offer

• Competitive salary
• Paid vacation/holidays/sick time
• Comprehensive benefits package including 401K, medical, dental, and vision care.
• On-the-job/cross-training opportunities
• Encouraging and collaborative team environment
• Dedication to safety through our Zero Harm policy

We are actively seeking a results-driven Cybersecurity Technical Program Manager to join our Fire Detection New Product Introduction (NPI) Program Management Office. Based in one of our advanced R&D facilities located in Westford, MA, this role offers a hybrid work environment requiring three days per week onsite and allowing two days of remote work.
What You Will Do
As a key leader, the Cybersecurity Technical Program Manager will drive the end-to-end cybersecurity strategy, execution, and compliance for NPI programs delivering connected fire detection products. This role focuses on integrating security into the product lifecycle, ensuring proactive vulnerability identification, risk mitigation, and regulatory compliance (including CRA) across software and embedded systems.
How You Will Do It

• Lead and manage cybersecurity workstreams across multiple concurrent NPI programs from concept through product launch and sustaining phases.
• Drive secure development lifecycle (SDL) practices and ensure alignment with enterprise and regulatory cybersecurity frameworks.
• Partner with software engineering, hardware, QA, architecture, and DevOps teams to:

• Identify, assess, and prioritize software and system vulnerabilities
• Ensure timely remediation and closure of security findings
• Track and report vulnerability metrics (MTTR, backlog, severity trends)

• Establish and maintain cybersecurity program plans, including risk registers, threat models, compliance milestones, and mitigation strategies.
• Oversee product security testing activities, including SAST, DAST, penetration testing, SBOM generation, and third-party vulnerability assessments.
• Ensure compliance with Cyber Resilience Act (CRA) and other relevant regulations/standards (e.g., IEC 62443, NIST, ISO 27001, UL cybersecurity requirements).
• Coordinate security incident response planning and vulnerability disclosure processes for products in the field.
• Facilitate cross-functional alignment to drive timely resolution of security issues, including coordination with external vendors and suppliers.
• Prepare and present cybersecurity posture, risks, and compliance status to senior leadership and stakeholders.
• Promote a culture of security-first mindset and continuous improvement through lessons learned and best practices.

Required
What We Look For:

• Bachelor's degree in Computer Science, Cybersecurity, Information Security, Software Engineering or related field.
• 10+ years of professional experience in electronic product design and new product introduction within a manufacturing context (e.g., collaboration with Design Engineers, Software Engineers, Software QA, Manufacturing, Supply Chain, Supplier Quality, Product Management, etc.)
• Proven experience managing product security or cybersecurity programs for connected devices or embedded systems.
• Strong hands-on experience with:

• Vulnerability management (identification, triage, prioritization, remediation tracking)
• Security testing tools (SAST, DAST, dependency scanning, fuzzing)
• Threat modeling and risk assessment methodologies

• Experience driving compliance with Cyber Resilience Act (CRA) or similar global cybersecurity regulations.
• Demonstrated success in driving cross-functional teams to resolve security vulnerabilities within defined SLAs.
• Familiarity with secure coding practices and common vulnerabilities (OWASP Top 10, CVEs, CWEs).
• Strong understanding of software development methodologies (Agile/DevSecOps).
• Excellent communication, stakeholder management, and executive reporting skills.
• Ability to operate effectively in complex, regulated environments and manage ambiguity.
• Meticulous attention to detail and technical accuracy.
• Outstanding organizational and technical competencies.
• Effective interpersonal and multitasking skills.

Preferred

• Project Management Professional (PMP) Certification.
• Experience in IoT, embedded systems, or safety-critical industries (fire/life safety, medical, automotive).
• Certifications such as CISSP, CISM, or CEH.
• Experience with tools such as JIRA, Azure DevOps, or similar.
• Knowledge of SBOM standards and open-source risk management.
• Familiarity with cloud security and connected device ecosystems.

Why Join Us?
Be at the forefront of securing next-generation fire detection solutions that save lives. You will play a critical role in embedding cybersecurity into innovative products, ensuring compliance with evolving global regulations while working in a collaborative and forward-thinking environment.
SALARY RANGE
: $118,000 - $177,000 (Salary to be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, and alignment with market data.) This role offers a competitive Bonus plan that will take into account individual, group, and corporate performance. This position includes a competitive benefits package. The posted salary range reflects the target compensation for this role. However, we recognize that exceptional candidates may bring unique skills and experiences that exceed the typical profile. If you believe your background warrants consideration beyond the stated range, we encourage you to apply. To support an efficient and fair hiring process, we may use technology assisted tools, including artificial intelligence (AI), to help identify and evaluate candidates. All hiring decisions are ultimately made by human reviewers. For details, please visit the About Us tab on the Johnson Controls Careers site at https://jobs.johnsoncontrols.com/about-us