Deputy CISO - Governance, Risk, Compliance & Training

Career Area:

Job Description:

Your Work Shapes the World at Caterpillar Inc.

When you join Caterpillar yourejoining a global team who cares not just about the work we do but also about each other. We are the makers problem solvers and future world builders who are creating stronger more sustainable communities. We dontjust talk about progress and innovation here we make it happen with our customers where we work and live. Together we are building a better world so we can all enjoy living in it.

Deputy CISO - Governance Risk Compliance & Training

IT professionals at Caterpillar get the opportunity to make a global impact that enables profitable growth by responsive IT solutions with operational excellence. We equip the enterprise with the tools and resources that drive collaboration innovation and solutions that help our customers build a better world.

Supporting the business operations of more than 500 facilities worldwide in more than 190 countries you will connect every aspect of our business from order management systems that keep our production lines running to ecommerce solutions for customers ordering parts online to collaboration tools that keep us connected as well as securing and protecting our connected assets around the globe.

Role Definition: The Deputy Chief Information Security Officer (DCISO) is a senior Caterpillar cybersecurity position. This role requires a highly resourceful experienced self-driven individual with the ability to partner execute and lead through influence.

What You Will Do:

• Report to the Chief Information Security Officer and interact with other Deputy Chief Information Security Officers Regional Security Directors Business Risk Management personnel business unit leadership department heads and supervisors to enhance security risk management capabilities utilizing effective security risk management practices and tools.

• Manage and lead the Cybersecurity organization through strategic planning as well as project and program management. This position requires extensive collaboration to ensure the cybersecurity program has appropriately addressed risk providing dependable complete and timely reporting of risk management issues and strategies.

• Drive strategic initiatives and participate in a wide variety of engagements on behalf of the Cybersecurity team. This role underscores the presumption that secure access to information data networks and operations is critical to achieving enterprise business objectives.

• Accountability for establishing executing and directing the governance risk compliance awareness & learning and technology & analytics components of the global cybersecurity program to protect Caterpillars people proprietary information plants products reputation and brand.

• Develop and implement strategic and operational processes that enable business success while mitigating risk.

• Collaborate closely with other leaders to ensure information assets and associated technology applications systems infrastructure and processes are adequately protected throughout the digital ecosystem even when the cybersecurity program may not be responsible for the underlying technology.

• Contribute to identifying assessing and managing security risks in a manner that meets compliance quality legal and regulatory requirements and aligns with and supports the company risk posture. This includes assessing third-party service providers partners joint ventures and acquisitions.

• The DCISO position assists in establishing and maintaining Caterpillars relationship with the information security industry and profession. Building and maintaining relationships are necessary for the successful execution of the cybersecurity program.

• The DCISO will lead a team of 4-6 senior managers with a team of approximately 50 to 75 Caterpillar personnel and 40 to 60 external consultants.

• The DCISO provides decision support and governance through informal and formal means including but not limited to metrics dashboards risk analysis and mitigation acceptance and reporting.

• The DCISO will provide the CISO with strategic recommendations and drive strategic initiatives and projects on behalf of the Cybersecurity leadership team.

Information security strategy and architecture:

• Providing vision and leadership in the development and execution of an enterprise information security strategy and roadmap including aligning with enterprise business strategy gaining executive approval and support and overseeing successful execution.

• Developing and maintaining practical and actionable information security policies and standards that reflect the needs of the business while keeping pace with changes in the business environment technology industry standards regulations and threats to effectively mitigate and manage risk to the business.

• Developing and implementing policies procedures and systems required for maintaining and enhancing overall security goals.

• Providing overall information security services and information security technology infrastructure and data to support critical business and process requirements.

• Collaborating with other leaders in the creation and maintenance of a security architecture for the enterprise and participating in the solution selection and process development.

• Ensuring governance and supportive programming for the enterprise in the arena of information classification and categorization as related to risk and information security.

• Developing information security requirements for information technology infrastructure initiatives and enterprise applications and as appropriate reviewing and approving security design of initiatives.

• Building and maintaining relationships necessary for the successful execution of the information security program. This includes developing and maintaining external and internal relationships to influence information security policy standards and programs and enhancing secure interoperability with extended entities.

• Measuring compliance with policy as part of assessing the overall information security risk posture of the enterprise and initiating programs to achieve and maintain an adequate information security posture.

• Providing regular reports to the CISO and other senior leaders regarding information security risk posture of the enterprise.

Information security risk management:

• Consulting in the development of IT strategies for business units as an advisor on information security risks.

• Identifying areas of potential information security risk within the IT infrastructure and driving mitigation strategies to reduce these risks to acceptable levels.

• Developing and employing ongoing information security communications awareness and learning program tailored to the evolving needs of the business and specific requirements of various user groups through change management.

• Supporting a global information security program to ensure consistent messaging by Segment and Business Units underpinned by respective Enterprise Procedures.

• Developing close relationships with management of operating groups globally to help evaluate key risks.

• Leveraging information security investments to enhance business administration and compliance processes.

• Overseeing the acquisition and maintenance of industry certifications including ISO SOC2 CMMC and others as applicable.

What You Have:

Basic Qualifications:

• Bachelors degree in computer science information systems engineering business administration or a related field is required.

• A minimum of 8 years executive leadership in information security policy standards architecture technology and programs.

• Strong understanding of information security and the relationship between threat vulnerability and information value in the context of risk management.

• A proven history of developing and implementing a comprehensive strategy and plan for managing information security internationally is required.

• An understanding and application of information security in different cultures working across different countries and experience in an international environment is required.

• Experience in a leadership role high level analytical skills exceptional relationship management competencies and relevant project management work experience with a demonstrated record to lead and execute information security compliance and risk mitigation programs.

Top Candidates Will Also Have:

• Masters degree in computer science information systems engineering business administration or a related field is required.

• At least one or more of the following active certifications: CISA CISM CRISC CISSP or CFE.

• Other related certifications such as ITIL PMP SANS/GSEC CIPP CGEIT CPA/CA.

• Experience with implementing NIST Cyber Security Framework CMMC ISO SOC2 ISA 62443 and other related standards.

• Extensive knowledge of company products and policies organizational units and strategic direction with demonstrated diversity in thought and skill.

• Experience with a global company leading organizational change.

Additional Info:

• The primary locations for this position are Irving TX Peoria IL or Nashville TN.

• This role is 5 days onsite.

• Domestic relocation assistance is available for those who qualify.

• Sponsorship is NOT available.

What You Will Get:

• Our goal at Caterpillar is for you to have a rewarding career. Our teams are critical to the success of our customers who build a better world.

• Here you earn more than just a salary because we value your performance. We offer a total rewards package that provides benefits on day one (medical dental vision RX and 401K) along with the potential of an annual bonus. Additional benefits include paid vacation days and paid holidays.

• All qualified individuals - Including minorities females veterans and individuals with disabilities - are encouraged to apply.

About Caterpillar -

Caterpillar Inc. is the worlds leading manufacturer of construction and mining equipment off-highway diesel and natural gas engines industrial gas turbines and diesel-electric locomotives. For nearly 100 years weve been helping customers build a better more sustainable world and are committed and contributing to a reduced-carbon future. Our innovative products and services backed by our global dealer network provide exceptional value that helps customers succeed.

Summary Pay Range:

Compensation and benefits offered may vary depending on multiple individualized factors job level market locationjob-related knowledge skills individual performance and experience. Please note that salary is only one component of total compensation at Caterpillar.

Benefits:

Subject to plan eligibility terms and guidelines. This is a summary list of benefits.

• Medical dental and vision benefits*

• Paid time off plan (Vacation Holidays Volunteer etc.)*

• 401(k) savings plans*

• Health Savings Account (HSA)*

• Flexible Spending Accounts (FSAs)*

• Health Lifestyle Programs*

• Employee Assistance Program*

• Voluntary Benefits and Employee Discounts*

• Career Development*

• Incentive bonus*

• Disability benefits

• Life Insurance

• Parental leave

• Adoption benefits

• Tuition Reimbursement

* These benefits also apply to part-time employees

Posting Dates:

Any offer of employment is conditioned upon the successful completion of a drug screen.

Caterpillar is an Equal Opportunity Employer Including Veterans and Individuals with Disabilities.

Not ready to apply Join our Talent Community.