Zero Trust and Identity and Access Management Architect

Build your best future with the Johnson Controls team

As a global leader in smart, healthy and sustainable buildings, our mission is to reimagine the performance of buildings to serve people, places and the planet. Join a winning team that enables you to build your best future! Our teams are uniquely positioned to support a multitude of industries across the globe. You will have the opportunity to develop yourself through meaningful work projects and learning opportunities. We strive to provide our employees with an experience, focused on supporting their physical, financial, and emotional wellbeing. Become a member of the Johnson Controls family and thrive in an empowering company culture where your voice and ideas will be heard - your next great opportunity is just a few clicks away!

What we offer:

• Competitive salary and bonus plan

• Paid vacation/holidays/sick time

• Comprehensive benefits package including 401K, medical, dental, and vision care

• On the job/cross training opportunities

• Encouraging and collaborative team environment

• Dedication to safety through our Zero Harm policy

What you will do:

As part of JCI's ongoing and exciting digital transformation strategy, as a Zero Trust and Identity architect you will work with the wider global network and IT teams, business partners and managed service vendors to manage and maintain the physical and logical Enterprise Security infrastructure.

As the subject matter expert you will maintain current knowledge of regulatory requirements, trends, best practices, and solutions in your scope of expertise.

You will consult on security policies, standards, and guidelines, working to make security requirements clear and accessible.

You will develop reference architectures and reference implementation patterns.

You will provide consulting to Enterprise Architecture and to Solutions Architects, providing security requirements for planned projects and methods for meeting those requirements.

Additional responsibilities include technical documentation development, support, problem management, change management, reporting, budgeting and planning for identity management related initiatives

What we look for:

Required

• 10+ years' experience implementing enterprise Identity and Access Management (IAM), Privileged Access Management (PAM) solutions (e.g. Saviynt, Okta, SailPoint, Ping Identity, Omada, Microsoft Identity Manager, Beyond Trust, CyberArk or equivalent IAM solution) in client environments.

• Solid understanding of industry standard Cybersecurity Frameworks and compliance requirements

• Familiarity with Zero Trust Network Architecture is desirable

• Familiarity with service now Ticketing and CMDB is desirable

• Design, build, operate and automate security solutions and processes to protect the integrity of the organization's networks, systems, applications and data.

• Experience developing technical strategies, architectures, and roadmaps.

• Outstanding communication and presentation skills. Able to articulate complex, technical concepts to non-technical audiences.

• Respond to security incidents, including data breaches, and coordinate with other IT teams to mitigate the impact of any security breaches.

Preferred

• Experience hardening security for Active Directory, Windows, *nix OS.

• Experience with IDaaS providers such as Microsoft, Okta, Ping Identity, Google Cloud Identity

• Experience defining and implementing delegation model

• Experience defining and implementing support scenarios for merger acquisition and divestitures

• Experience with cloud architectures particularly Azure, AWS, GCP native IAM controls.

• Experience with Identity Governance processes and solutions such as Saviynt, SailPoint, Ping Identity or equivalent.

• Experience with Microsoft 365, Active Directory, SAML, OIDC

• Knowledge of Applied Cryptography and PKI

• Understanding of trends and regulations to ensure effectiveness and compliance with all regulations and frameworks (NIST, HIPPA-HITECH, HITRUST, PCI, GDPR)

• Manage and network security infrastructure

  • Firewall configuration and rule management

  • Cloud proxies services & Network Access control

  • Employee and Partner remote access VPN services

  • Cloud based Web application firewall

• Development knowledge e.g. Python, Java, C#, .NET, Web Services (SOAP/REST/RESTful, APIs), Shell programming/scripting

• Preferred Network Infrastructure Security background in both on prem physical security components (firewalls, IDS/IPS , remote access and internet proxies) as well as cloud security services (Zscaler , Azure, GCP).

• Strong experience of working on SIEM tools like Splunk to analyze logs and correlate events.

• Experience with User Behavior Analytics & Workday, SAP, Salesforce

• Experience with MDM capabilities such as Intune or AirWatch

• Understanding of trends and regulations to ensure effectiveness and compliance with all regulations and frameworks (NIST, HIPPA-HITECH, HITRUST, PCI, GDPR)

• CISSP or SANS, GIAC, CIMP, CEH, CISM or CISA certifications

• OKTA - Professional or Consultant

• Google/AWS/Microsoft Professional Cloud Architect

This is a part time role for 20 hours per week.

HIRING SALARY RANGE: $61,500 -$85,500 (Salary to be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, location and alignment with market data.) This role offers a competitive Bonus plan that will take into account individual, group, and corporate performance. This position includes a competitive benefits package. For details, please visit the About Us tab on the Johnson Controls Careers site at

https://jobs.johnsoncontrols.com/about-us

NOTE: This is a virtual/remote position considering candidates who are U.S citizens and reside within the United States. This position is required to be in the United States due to citizenship requirements for protecting certain areas of the JCI environment and access to key threat intelligence information.