Caterpillar: Confidential Green
Cybersecurity Governance Analyst ? Problem Management
JOB DESCRIPTION:
Caterpillar?s Cybersecurity Team is seeking a Cybersecurity Governance Analyst (Problem Management Exceptions) to review and work through exception management requests regarding our enterprise cybersecurity policy, standards, and controls. This role will implement robust research and monitoring processes to analyze the context and rationale for security exception requests submitted via our Cybersecurity GRC solutions platform. The role will take appropriate actions (e.g., submit approval requests or escalate) on exceptions to ensure that they are relevant and applicable within the area/topic of assessment or review.
Want more jobs like this?
Get Computer and IT jobs in Bangalore, India delivered to your inbox every week.
The Analyst must have a strong understanding of cybersecurity controls design, implementation, and attestations to validate that policy requirements are being met, establishing, and maintaining relationships with key stakeholders and supporting other Cybersecurity GRC processes as applicable.
This role sits within our Enterprise Cybersecurity Governance organization and is essential to the effective identification, prioritization and mitigation of security and compliance risks. The successful candidate will possess strong analytical skills and experience, knowledge of the global cybersecurity industry (e.g., standards, regulations, trends, systems security configuration best practices), and be an analytical person and an excellent communicator.
JOB RESPONSIBILITIES:
?
Maintain strong knowledge and understanding of Caterpillar?s global operating environment, enterprise cybersecurity landscape as well as the Enterprise Cybersecurity Governance Framework (ECGF) and its inherent components.
?
Maintain strong knowledge of Caterpillar?s adopted cybersecurity standards, frameworks, and applicable regulatory obligations (e.g., ISO-27001/2, PCI, CMMC, CIS, NYDFS, FFIEC, SWIFT, CTPAT)
?
Develop and execute a robust monitoring program for security exceptions.
?
Engage and hold cybersecurity process owners accountable for monitoring their processes in alignment with policy, standards, and controls, providing relevant input/review insights as applicable.
?
Develop self-assessment programs to validate that security policy, standards and control requirements are satisfied.
?
Assess new, or changes to existing, exception processes, and follow change management process to make improvements as applicable.
?
Establish and maintain relationships with key business partners across the organization.
?
Serve as a liaison in the internal and external audits, provide supporting evidence and assess any identified issues and remediation action plans.
Caterpillar: Confidential Green
?
? Partner with security SMEs and stakeholders across the enterprise in executing exception risk analyses.
?
? Support annual planning, budgeting, and project implementation activities within the cybersecurity governance function.
?
? Consistently demonstrate excellent stakeholder collaboration, communication, and customer-oriented skills, and project management capabilities
MINIMUM QUALIFICATIONS:
?
? Bachelor?s degree from an accredited college/university
?
? At least two (2) relevant cybersecurity certifications (e.g., CISM, CISSP, CCSP, CISA, CRISC, CGEIT, COBIT Foundations)
?
? 3+ years working with global cybersecurity industry standards, frameworks, and regulatory requirements such as ISO-27001/2, PCI, CMMC, NYDFS, FFIEC, SWIFT, CTPAT
?
? 3+ years of experience working with the Microsoft Office/O365 Suite
?
? 3+ years of data management, analysis, transformation, systems workflow modeling and implementation
?
? Big Four (4), or management/IT consulting experience is a plus.
Security Compliance and Framework