TC-CS-SRCR-Risk and Compliance-Governance Analyst-Senior

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

Caterpillar: Confidential Green Cybersecurity Governance Analyst – Problem Management

JOB DESCRIPTION:

Caterpillar’s Cybersecurity Team is seeking a Cybersecurity Governance Analyst (Problem Management Exceptions) to review and work through exception management requests regarding our enterprise cybersecurity policy, standards, and controls. This role will implement robust research and monitoring processes to analyze the context and rationale for security exception requests submitted via our Cybersecurity GRC solutions platform. The role will take appropriate actions (e.g., submit approval requests or escalate) on exceptions to ensure that they are relevant and applicable within the area/topic of assessment or review.

The Analyst must have a strong understanding of cybersecurity controls design, implementation, and attestations to validate that policy requirements are being met, establishing, and maintaining relationships with key stakeholders and supporting other Cybersecurity GRC processes as applicable.

This role sits within our Enterprise Cybersecurity Governance organization and is essential to the effective identification, prioritization and mitigation of security and compliance risks. The successful candidate will possess strong analytical skills and experience, knowledge of the global cybersecurity industry (e.g., standards, regulations, trends, systems security configuration best practices), and be an analytical person and an excellent communicator.

JOB RESPONSIBILITIES:

• Maintain strong knowledge and understanding of Caterpillar’s global operating environment, enterprise cybersecurity landscape as well as the Enterprise Cybersecurity Governance Framework (ECGF) and its inherent components.
• Maintain strong knowledge of Caterpillar’s adopted cybersecurity standards, frameworks, and applicable regulatory obligations (e.g., ISO-27001/2, PCI, CMMC, CIS, NYDFS, FFIEC, SWIFT, CTPAT)
• Develop and execute a robust monitoring program for security exceptions.
• Engage and hold cybersecurity process owners accountable for monitoring their processes in alignment with policy, standards, and controls, providing relevant input/review insights as applicable.
• Develop self-assessment programs to validate that security policy, standards and control requirements are satisfied. 
• Assess new, or changes to existing, exception processes, and follow change management process to make improvements as applicable.
• Establish and maintain relationships with key business partners across the organization. 
• Serve as a liaison in the internal and external audits, provide supporting evidence and assess any identified issues and remediation action plans. Caterpillar: Confidential Green
• Partner with security SMEs and stakeholders across the enterprise in executing exception risk analyses. 
• Support annual planning, budgeting, and project implementation activities within the cybersecurity governance function.
• Consistently demonstrate excellent stakeholder collaboration, communication, and customer-oriented skills, and project management capabilities

MINIMUM QUALIFICATIONS:

• Bachelor’s degree from an accredited college/university
•  At least two (2) relevant cybersecurity certifications (e.g., CISM, CISSP, CCSP, CISA, CRISC, CGEIT, COBIT Foundations)
• 5+ years working with global cybersecurity industry standards, frameworks, and regulatory requirements such as ISO-27001/2, PCI, CMMC, NYDFS, FFIEC, SWIFT, CTPAT
• 5+ years of experience working with the Microsoft Office/O365 Suite
• 5+ years of data management, analysis, transformation, systems workflow modeling and implementation
• Big Four (4), or management/IT consulting experience is a plus.

EY | Building a better working world 

 
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.  

 
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.  

 
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.