-
Compliance Lead
-
Milwaukee-United States of America
Competitive salary and bonus plan
Paid vacation/holidays/sick time
Comprehensive benefits package including 401K, medical, dental, and vision care
On the job/cross training opportunities
Encouraging and collaborative team environment
Dedication to safety through our Zero Harm policy
Support and coordinate global ISO/IEC 27001 certification activities, including audit readiness, evidence collection, internal audit support, and remediation tracking, while proactively managing expectations with business sponsors and 1st Line teams.
Participate in SOC 2 Type I and Type II engagements, including control walkthroughs, evidence preparation, and auditor interactions.
Serve as a day-to-day liaison with external auditors and certification bodies under the direction of compliance leadership.
Maintain audit documentation and support ongoing control maturity efforts.
Lead preparation and responses for global customer cybersecurity audits and due diligence assessments, including questionnaires and evidence requests related to ISO, SOC, and information security controls.
Coordinate with Sales, Legal, and IT teams to provide accurate, consistent, and risk aligned customer responses.
Track customer audit findings and support remediation and follow-up activities.
Support Internal Audit engagements related to information security and IT controls, including walkthroughs, evidence coordination, and issue tracking.
Assist with documenting audit findings, management responses, and remediation plans.
Ensure alignment between internal audit activities and external certification and assurance requirements.
Maintain centralized audit evidence repositories, trackers, and dashboards to support repeatable global compliance processes.
Support the use of AuditBoard or similar GRC platforms for audit management, issue tracking, and evidence coordination.
Identify opportunities to improve efficiency and consistency across certification, audit, and assessment activities globally.
Bachelor’s degree in Information Security, Information Systems, Risk, Compliance, or a related field.
6–8 years of experience in information security compliance, audit support, or cyber risk management.
Practical experience with multiple of the following:
Experience working with cross functional and global stakeholders.
Strong organizational skills with the ability to manage multiple audits and deadlines simultaneously.
Experience supporting global audit and certification programs, including coordination across regions.
Familiarity with security and control frameworks/standards such as ISO 27001, NIST, SCF, PCI, FedRAMP, and/or CMMC.
Experience using AuditBoard, including CrossComply, for audit management, evidence collection, issue tracking, and reporting (strong plus).
Internal Audit and/or External Audit experience (e.g., ITGCs, SOX scoping support, security controls testing, or assurance reporting).
Professional certifications such as CISA, CISSP, CRISC, or ISO 27001 Lead Implementer/Auditor (preferred, not required).
Team player with a collaborative, approachable working style; able to partner effectively across Information Security, IT, Internal Audit, Legal, Sales, and regional teams.
Demonstrates a global mindset and cultural awareness; able to bridge global teams and North America engagements.
Integrity and accountability in handling sensitive information and audit outcomes.
Customer/stakeholder focus; communicates clearly and delivers timely, high-quality responses during audits and assessments.
Results orientation; able to manage competing priorities, deadlines, and multiple audits in parallel.
Audit coordination and evidence management; disciplined, organized, and process-driven.
Risk and control awareness; understands how requirements map to controls and operational execution.
Continuous improvement; proactively identifies opportunities to streamline, standardize, and automate compliance activities.
Attention to detail and strong documentation practices.
Build your best future with the Johnson Controls team
As a global leader in smart, healthy and sustainable buildings, our mission is to reimagine the performance of buildings to serve people, places and the planet. Join a winning team that enables you to build your best future! Our teams are uniquely positioned to support a multitude of industries across the globe. You will have the opportunity to develop yourself through meaningful work projects and learning opportunities. We strive to provide our employees with an experience, focused on supporting their physical, financial, and emotional wellbeing. Become a member of the Johnson Controls family and thrive in an empowering company culture where your voice and ideas will be heard – your next great opportunity is just a few clicks away!
What we offer:
What you will do:
In this role, you will support and execute global cyber assurance activities, including ISO/IEC 27001 certification, SOC 2 reporting, customer cybersecurity audits, and Internal Audit support. You will coordinate audit readiness, manage evidence, track remediation, and help ensure consistent execution of cyber compliance requirements across a global environment. You will also serve as a key North America point of contact, partnering with regional stakeholders while aligning to global processes and leadership direction.
You will partner closely with Cybersecurity, IT, Internal Audit, Legal, Sales, and other stakeholders to coordinate audits and assessments, respond to evidence requests, and support timely closure of findings and corrective actions.
How you will do it:
Cyber certifications & external assessments
Customer audits & security assessments
Internal Audit support
Compliance operations & continuous improvement
What we look for:
Required
ISO/IEC 27001 certification (execution or support)
SOC 2 Type I or Type II reports
Customer security audits or third-party assessments
Internal Audit support, including ITGCs or security related controls
Preferred
HIRING SALARY RANGE: $100,000 -$150,000 (Salary to be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, location and alignment with market data.) This role offers a competitive Bonus plan that will take into account individual, group, and corporate performance. The posted salary range reflects the target compensation for this role. However, we recognize that exceptional candidates may bring unique skills and experiences that exceed the typical profile. If you believe your background warrants consideration beyond the stated range, we encourage you to apply. To support an efficient and fair hiring process, we may use technology assisted tools, including artificial intelligence (AI), to help identify and evaluate candidates. All hiring decisions are ultimately made by human reviewers. This position includes a competitive benefits package. For details, please visit the About Us tab on the Johnson Controls Careers site at https://jobs.johnsoncontrols.com/about-us
This is a hybrid role (2 - 3 days per week) at our Glendale, WI office.
#LI-Hybrid
