Compliance Lead

Johnson Controls•Glendale, CA

4d•Hybrid

About The Position

Build your best future with the Johnson Controls team As a global leader in smart, healthy and sustainable buildings, our mission is to reimagine the performance of buildings to serve people, places and the planet. Join a winning team that enables you to build your best future! Our teams are uniquely positioned to support a multitude of industries across the globe. You will have the opportunity to develop yourself through meaningful work projects and learning opportunities. We strive to provide our employees with an experience, focused on supporting their physical, financial, and emotional wellbeing. Become a member of the Johnson Controls family and thrive in an empowering company culture where your voice and ideas will be heard – your next great opportunity is just a few clicks away! What we offer: Competitive salary and bonus plan Paid vacation/holidays/sick time Comprehensive benefits package including 401K, medical, dental, and vision care On the job/cross training opportunities Encouraging and collaborative team environment Dedication to safety through our Zero Harm policy What you will do: In this role, you will support and execute global cyber assurance activities, including ISO/IEC 27001 certification, SOC 2 reporting, customer cybersecurity audits, and Internal Audit support. You will coordinate audit readiness, manage evidence, track remediation, and help ensure consistent execution of cyber compliance requirements across a global environment. You will also serve as a key North America point of contact, partnering with regional stakeholders while aligning to global processes and leadership direction. You will partner closely with Cybersecurity, IT, Internal Audit, Legal, Sales, and other stakeholders to coordinate audits and assessments, respond to evidence requests, and support timely closure of findings and corrective actions. How you will do it: Cyber certifications & external assessments Support and coordinate global ISO/IEC 27001 certification activities, including audit readiness, evidence collection, internal audit support, and remediation tracking, while proactively managing expectations with business sponsors and 1st Line teams. Participate in SOC 2 Type I and Type II engagements, including control walkthroughs, evidence preparation, and auditor interactions. Serve as a day-to-day liaison with external auditors and certification bodies under the direction of compliance leadership. Maintain audit documentation and support ongoing control maturity efforts. Customer audits & security assessments Lead preparation and responses for global customer cybersecurity audits and due diligence assessments, including questionnaires and evidence requests related to ISO, SOC, and information security controls. Coordinate with Sales, Legal, and IT teams to provide accurate, consistent, and risk aligned customer responses. Track customer audit findings and support remediation and follow-up activities. Internal Audit support Support Internal Audit engagements related to information security and IT controls, including walkthroughs, evidence coordination, and issue tracking. Assist with documenting audit findings, management responses, and remediation plans. Ensure alignment between internal audit activities and external certification and assurance requirements. Compliance operations & continuous improvement Maintain centralized audit evidence repositories, trackers, and dashboards to support repeatable global compliance processes. Support the use of AuditBoard or similar GRC platforms for audit management, issue tracking, and evidence coordination. Identify opportunities to improve efficiency and consistency across certification, audit, and assessment activities globally. What we look for:

Requirements

Bachelor’s degree in Information Security, Information Systems, Risk, Compliance, or a related field.
6–8 years of experience in information security compliance, audit support, or cyber risk management.
Practical experience with multiple of the following: ISO/IEC 27001 certification (execution or support) SOC 2 Type I or Type II reports Customer security audits or third-party assessments Internal Audit support, including ITGCs or security related controls
Experience working with cross functional and global stakeholders.
Strong organizational skills with the ability to manage multiple audits and deadlines simultaneously.

Nice To Haves

Experience supporting global audit and certification programs, including coordination across regions.
Familiarity with security and control frameworks/standards such as ISO 27001, NIST, SCF, PCI, FedRAMP, and/or CMMC.
Experience using AuditBoard, including CrossComply, for audit management, evidence collection, issue tracking, and reporting (strong plus).
Internal Audit and/or External Audit experience (e.g., ITGCs, SOX scoping support, security controls testing, or assurance reporting).
Professional certifications such as CISA, CISSP, CRISC, or ISO 27001 Lead Implementer/Auditor (preferred, not required).
Team player with a collaborative, approachable working style; able to partner effectively across Information Security, IT, Internal Audit, Legal, Sales, and regional teams.
Demonstrates a global mindset and cultural awareness; able to bridge global teams and North America engagements.
Integrity and accountability in handling sensitive information and audit outcomes.
Customer/stakeholder focus; communicates clearly and delivers timely, high-quality responses during audits and assessments.
Results orientation; able to manage competing priorities, deadlines, and multiple audits in parallel.
Audit coordination and evidence management; disciplined, organized, and process-driven.
Risk and control awareness; understands how requirements map to controls and operational execution.
Continuous improvement; proactively identifies opportunities to streamline, standardize, and automate compliance activities.
Attention to detail and strong documentation practices.

Responsibilities

Support and coordinate global ISO/IEC 27001 certification activities, including audit readiness, evidence collection, internal audit support, and remediation tracking, while proactively managing expectations with business sponsors and 1st Line teams.
Participate in SOC 2 Type I and Type II engagements, including control walkthroughs, evidence preparation, and auditor interactions.
Serve as a day-to-day liaison with external auditors and certification bodies under the direction of compliance leadership.
Maintain audit documentation and support ongoing control maturity efforts.
Lead preparation and responses for global customer cybersecurity audits and due diligence assessments, including questionnaires and evidence requests related to ISO, SOC, and information security controls.
Coordinate with Sales, Legal, and IT teams to provide accurate, consistent, and risk aligned customer responses.
Track customer audit findings and support remediation and follow-up activities.
Support Internal Audit engagements related to information security and IT controls, including walkthroughs, evidence coordination, and issue tracking.
Assist with documenting audit findings, management responses, and remediation plans.
Ensure alignment between internal audit activities and external certification and assurance requirements.
Maintain centralized audit evidence repositories, trackers, and dashboards to support repeatable global compliance processes.
Support the use of AuditBoard or similar GRC platforms for audit management, issue tracking, and evidence coordination.
Identify opportunities to improve efficiency and consistency across certification, audit, and assessment activities globally.