Cybersecurity Standards Compliance Manager
Caterpillar

Career Area:

Business Technologies, Digital and Data

Job Description:

Your Work Shapes the World at Caterpillar Inc.

When you join Caterpillar, you're joining a global team who cares not just about the work we do - but also about each other. We are the makers, problem solvers, and future world builders who are creating stronger, more sustainable communities. We don't just talk about progress and innovation here - we make it happen, with our customers, where we work and live. Together, we are building a better world, so we can all enjoy living in it.

Cybersecurity Standards Compliance Manager

The Cybersecurity Standards Compliance Manager leads day to day operations of Caterpillar's Enterprise Cybersecurity Compliance function. The ideal candidate will directly serve the business customer and have responsibility to maintain and continuously improve the service. The chosen candidate will guide the team to enhance current operations and lead transformational efforts supporting the end customer through the risk management lifecycle.

What You Will Do:

• Effectively lead and motivate a team of 5-10 resources, to perform to their highest potential by serving as a strong leader and role model.
  
• Deliver cybersecurity and controls expertise for the advancement, execution and sustainability of the Cyber Compliance Management program, processes and supporting tools.
  
• Support development of compliance processes. workflows and procedures to support service-level agreements to ensure that security controls are managed and maintained.
  
• Effectively collaborate with cyber governance and risk teams in efforts to integrate activities of the overall GRC team.
  
• Maintain a cyber compliance function that serves the customer to ensure they understand and are successful in establishing processes, mitigating risk, leveraging technologies and will create systems that are compliant to external regulations such as ISO 27001, SOC2, CMMC, PCI, SOX etc. as well as internal controls established by enterprise policy.
  
• Analyze, management and review of cyber controls to ensure that specific security and compliance requirements are met through the verification of documented processes, procedures, and standards to validate maintenance of secure configurations.
  
• Support the business in developing risk mitigation plans to enhance monitoring of the control or process.
  
• Foster collaborative working relationships with security stakeholders acrossCaterpillar and guide the team to provide exceptional customer experience.
  
• Manage cyber compliance project planning and execution, communications, metrics and reporting with timelines and deliverables.
  
• Establish appropriate goals and objectives for the team in alignment with the Cybersecurity strategy and in support of overall organization goals.
  
• Regularly review and gain insights from data and key performance metrics.
  
• Support input into strategy to track enterprise compliance across multiple security frameworks including ISO 27001, NIST CSF, SOC2, CMMC, SWIFT, PCI, SOX etc.
  

What You Have:

• Passionate for customer success and service delivery.
  
• Bachelor's degree and strong experience in Cybersecurity, Cyber Compliance and Risk, Information Technology, and or equivalent work experience.
  
• Advanced experience in Cybersecurity and/or Governance, Risk and or Compliance.
  
• Excellent verbal and written communication skills, critical thinking skills, with ability to explain complex issues to technical and non-technical users across the enterprise.
  
• Strong knowledge of cybersecurity frameworks such as ISO 27001, NIST CSF, CIS controls, Cloud Security Alliance (CSA) and standards such as CMMC, PCI, SOC2 etc.
  
• Strong collaboration and coordination skills able to collaborate at all levels in organization.
  
• Diligence, self-starter with ability to work independently, multi-task and adjust to shifting priorities.
  
• Strong analytical and critical-thinking skills.
  
• Proven experience successfully leading or managing a team.
  
• CISSP, CISM, CISA, CRISC or other security-related certification and or career experience and willingness to continue education.
  
• 6 Sigma Black Belt
  
• Ability to confidently present to senior leadership.
  
• Proficient in O365 products.
  
• ServiceNow GRC/IRM platform experience a plus.
  

Top Candidates Will Have:

• Master's degree in Cybersecurity, Information Security, Computer Science, Management Information Systems, Business Administration, or other degrees in related fields.
  
• Experience in the complexities of working in a large global organization.
  
• Experience managing a cyber GRC program at large global organization.
  

Additional Info :

• The primary location for this position is Dallas, TX, Nashville, TN, or Peoria IL. You must be willing to work ONSITE 3 DAYS A WEEK.
  
• SPONSORSHIP IS NOT AVAILABLE.
  
• Relocation is available to those who qualify.
  

Skills Descriptors:

Planning: Tactical, Strategic:

Level Extensive Experience:

• Knowledge of effective planning techniques and ability to contribute to operational (short term), tactical (1-2 years) and strategic (3-5 years) planning in support of the overall business plan.
  
• Provides the right level of detail as input for strategic plan development.
  
• Demonstrates the value and necessity of linking tactical plans to overall strategic plan.
  
• Ensures attention to the detail and dependencies of existing departmental-level plans.
  
• Plans for allocation of resources in line with unit goals, technical and business objectives.
  

Risk Management:

Level Working Knowledge:

• Knowledge of processes, tools, and techniques for assessing and controlling an organization's exposure to risks of various kinds; ability to apply knowledge of risk management appropriately to diverse situations.
  
• Produces and interprets common risk assessment and management reports.
  
• Identifies common technology, security, or financial risks relevant to own function or unit.
  
• Documents the key steps of a unit-specific risk management process and associated procedures.
  
• Evaluates risk assessment models and techniques relevant to a specific line of business.
  

Team Management:

Level Working Knowledge:

• Knowledge of effective team building techniques; ability to form and manage effective teams.
  
• Facilitates discussion of team goals, roles, needs, and responsibilities.
  
• Participates in defining the ground rules for individual and team responsibilities.
  
• Manages a team to the successful completion of a project or task.
  
• Recognizes the contribution of each team member publicly.
  
• Leads team meetings to review progress and performance, ensuring follow-up on previous decisions.
  

Information Technology (IT) Security Policies:

Level Expert:

• Knowledge of IT security policies, standards, and procedures; ability to utilize a variety of administrative skill sets and technical knowledge to ensure cyber security compliance.
  
• Leads discussions and answers complex questions regarding cross-functional IT policies and standards.
  
• Designs and drafts the framework of IT security policies while keeping compliance with organizational development goals.
  
• Forecasts technological industry trends and potential risks in the implementation of defined IT security policies.
  
• Creates and defines criteria to measure the effectiveness of IT security policies, standards, and procedures.
  
• Contributes to the establishment and use of best practices in IT security policies, standards, and procedures.
  
• Monitors organizational and functional adherence to IT security policies and procedures when addressing risk management.
  

Cyber Security:

Level Extensive Experience:

• Knowledge of network attacks and the defenses used; ability to defend and prevent electronic threats, theft, and attacks.
  
• Evaluates tools, challenges and opportunities for real-time threat monitoring and alerting.
  
• Participates in investigating cyber incidents and devising immediate and long-term responses.
  
• Uses reverse engineering to analyze malware and extent of impact or damage.
  
• Develops business and technology relevant cyber security solutions.
  
• Advises on methods, tools and technologies for cyber monitoring and threat intelligence.
  
• Consults on cyber security intelligence and defense mechanisms for a variety of platforms.
  

What You Will Get:

• Our goal at Caterpillar is for you to have a rewarding career. Our teams are critical to the success of our customers who build a better world.
  
• Here you earn more than just a salary because we value your performance. We offer a total rewards package that provides benefits on day one (medical, dental, vision, RX, and 401K) along with the potential of an annual bonus. Additional benefits include paid vacation days and paid holidays.
  
• All qualified individuals - Including minorities, females, veterans, and individuals with disabilities - are encouraged to apply.
  

About Caterpillar -

Caterpillar Inc. is the world's leading manufacturer of construction and mining equipment, off-highway diesel and natural gas engines, industrial gas turbines and diesel-electric locomotives. For nearly 100 years, we've been helping customers build a better, more sustainable world and are committed and contributing to a reduced-carbon future. Our innovative products and services, backed by our global dealer network, provide exceptional value that helps customers succeed.

Posting Dates:

September 27, 2024 - October 10, 2024

Any offer of employment is conditioned upon the successful completion of a drug screen.

EEO/AA Employer. All qualified individuals - Including minorities, females, veterans and individuals with disabilities - are encouraged to apply.

Not ready to apply? Join our Talent Community .

---