GRC SECURITY SPECIALIST
JOB DESCRIPTION
Description
Cybersecurity is embedded in everything we do at Caterpillar, from the core IT systems used by tens of thousands of Caterpillar employees and business partners deployed on premise or within a Cloud provider to the products and machinery that we sell to our customers. The Cybersecurity organization has undergone a major transformation, and we are seeking the right talent to join the team.
The Risk Analysis Lead will manage and directly contribute to data-driven information security risk analysis efforts and related processes. The chosen candidate will collaborate with business partners to scope and execute the analysis and communicate the results to leadership.
Responsibilities:
• Development, application and maintenance of Factor Analysis of Information Risk (FAIR)-based models, standard analysis scenarios and risk quantification tools/techniques
• Scope and facilitate risk quantification meetings and working group sessions
• Communicate results of analysis to process partners and leadership
• Engage with business partners to have meaningful discussions on threats, compensating controls, policies and risk
• Implement, maintain, and guide assessors and business partners in the use of a risk triage process
• Develop and deliver both formal and informal risk quantification/FAIR training and socialization efforts
• Establish, develop and manage key partnerships
• Support risk reporting dashboards for cybersecurity and business partner leadership
• Participate in risk management efforts and support the Governance, Risk and Compliance team
Qualifications
Required Qualifications:
• Bachelor (4-year) degree in Cybersecurity, Information Security, Computer Science, Management Information Systems, Business or other degrees in related fields
• 6+ years of experience in Cybersecurity or Information Technology
• 3+ years of experience risk quantification and/or risk management experience
• At least one of the following active certifications or ability and willingness to obtain within one year: CISSP, CISA, CISM, CRISC
• 3+ years of experience in Microsoft O365 products
Ideal Candidate Will Also Have:
• Subject matter expertise in risk quantification, management, governance and development of risk appetite
• OpenFAIR certification
• Experience in applying FAIR methodology
• Baseline Knowledge of Governance, Risk and Compliance (GRC) concepts
• Excellent collaboration and relationship-building skills
• Excellent analytical and critical thinking skills
• Excellent written and verbal communication skills; ability to present to senior leadership
• Focus on quality and attention to detail; strong organizational skills
If remote, the employee will be onsite 75% of the time for the first 6 months. After 6 months travel will be up to 25%. If employee is located in Peoria, travel will be up to 10%.
Caterpillar is not currently hiring individuals for this position who now or in the future require sponsorship for employment visa status; however, as a global company, Caterpillar offers many job opportunities outside of the U.S. which can be found through our employment website at www.caterpillar.com/careers