LOCALIDADE: Work Location City, IL, Estados Unidos
Data de Publicação: May 4, 2021
Data de fechamento: May 13, 2021
Caterpillar is a company of builders. Of problem solvers. Of innovators who want to impact the world. Our people build and design the products and services that help shape the communities where we work and live. We are building on our legacy and innovating for the next generation. One where technology-enabled services create improved outcomes for our people and the customers and communities we serve.
IT professionals at Caterpillar get the opportunity to make a global impact that enables profitable growth by responsive IT solutions with operational excellence. We equip the enterprise with the tools and resources that drive collaboration, innovation and solutions that help our customers build a better world. Supporting the business operations of more than 500 facilities worldwide in more than 190 countries, you will connect every aspect of our business from order management systems that keep our production lines running to ecommerce solutions for customers ordering parts online to collaboration tools that keep us connected as well as securing and protecting our connected assets around the globe.
The Senior Deputy Chief Information Security Officer (SDCISO) is a senior Caterpillar cybersecurity position. This role requires a highly resourceful, self-driven individual with the ability to partner, execute, and lead through influence. The job requires knowledge of external threats and internal exposures, a thorough grounding in technology infrastructure and the ability to frame security issues in terms of Caterpillar’s core missions. Some key challenges facing this position are monitoring constantly evolving security threats and emerging technologies while achieving a balance between ensuring adequate security is in place without hampering productivity and competitive advantage gained through use of emerging technologies. As attacks on systems become more complex, more efficient, and more damaging, a more sophisticated and creative response is needed to protect Caterpillar’s information assets. In this role you will:
Work directly for the Chief Information Security Officer (CISO) and closely with Deputy Chief Information Security Officers, Regional Security Directors, Business Risk Management personnel, business unit leadership, department heads and supervisors to enhance security risk management capabilities utilizing effective security risk management practices and tools.
Help manage and lead the Cybersecurity organization through strategic planning as well as project and program management.
Work alongside the CISO in ensuring the cybersecurity program has appropriately addressed risk, providing reliable, complete, and timely reporting of risk management issues and strategies.
Drive strategic initiatives on behalf of the Cybersecurity team and participate in a wide variety of engagements on behalf of and as the senior representative and advisor to the CISO. This role underscores the presumption that secure access to information, data, networks, and operations is critical to achieving enterprise business objectives.
Accountable for establishing, executing, and directing components of the global cybersecurity program to protect Caterpillar's people, proprietary information, plants, products, reputation, and brand.
Participate in developing and implementing strategic and operational processes that enable business success while mitigating risk.
Work closely with the CISO and other leaders to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected throughout the digital ecosystem, even when the cybersecurity program may not be responsible for the underlying technology.
Contribute to identifying, assessing, and managing security risks in a manner that meets compliance, quality, legal and regulatory requirements, and aligns with and supports the company risk posture. This includes assessing third-party service providers, partners, joint ventures, and acquisitions.
Contribute to the research, design, development, and implementation of security technologies for information systems and applications. Decisions made at this level affect the teams with whom they consult, Caterpillar business and IT strategy. Decisions may have significant impact on things such as intellectual property and trade secret protection.
Job Duties/Responsibilities may include but are not limited to:
Lead a team of 5-9 managers with a team of approximately 100 to 125 Caterpillar personnel and 75 to 100 external consultants. Direct reports may include Deputy Chief Information Security Officers, IT Managers, Security Managers, Senior IT Supervisors, and external consultants.
Provides decision support and governance through informal and formal means, including but not limited to metrics, dashboards, risk analysis and mitigation, acceptance, and reporting.
Provide the CISO with strategic recommendations and drive strategic initiatives and projects on behalf of the CISO and the Cybersecurity leadership team.
Assists in establishing and maintaining Caterpillar’s relationship with the information security industry and profession.
Build and maintain senior management relationships are necessary for the successful execution of the cybersecurity program.
Information security strategy and architecture:
Provide vision and leadership in the development and execution of an enterprise information security strategy and roadmap, including aligning with enterprise business strategy, gaining executive approval and support, and overseeing successful execution.
Develop and maintain practical and actionable information security policies and standards that reflect the needs of the business while keeping pace with changes in the business environment, technology, and threats in order to effectively mitigate and manage risk to the business.
Develop and implement policies, procedures and systems required for maintaining and enhancing overall security goals.
Provide overall information security services and information security technology infrastructure to support critical business and process requirements.
Collaborate with other leaders in the creation and maintenance of a security architecture for the enterprise and participating in the solution selection and process development.
Ensure governance and supportive programming for the enterprise in the arena of information classification and categorization as related to information security.
Develop information security requirements for information technology infrastructure initiatives and enterprise applications and, as appropriate, reviewing, and approving security design of initiatives.
Build and maintain relationships necessary for the successful execution of the information security program. This includes developing and maintaining external and internal relationships to influence information security policy, standards and programs and enhancing secure interoperability with extended entities.
Measure compliance with policy as part of assessing the overall information security risk posture of the enterprise and initiating programs to achieve and maintain an adequate information security posture.
Provide regular reports to the CISO and other senior leaders regarding information security risk posture of the enterprise.
Information security risk management:
Consult in the development of IT strategies for business units as an advisor on information security risks.
Identify areas of potential information security risk within the IT infrastructure and driving mitigation strategies to reduce these risks to acceptable levels.
Develop and employing an ongoing information security communications, training and awareness program tailored to the evolving needs of the business and specific requirements of various user groups through change management.
Support a global information security program to ensure consistent messaging when necessary by the regions and Business Units underpinned by respective Enterprise Procedures.
Develop close relationships with management of operating groups globally to help evaluate key risks.
Leverage information security investments to enhance business, administration, and compliance processes.
Information security incident response:
Lead the development of analysis and response programming with the prioritization response models for security incidents on a global scale in the areas of data loss prevention, encryption technologies, and advanced persistent threat.
Accountable to detect, protect via a layered approach, and analyze risk proactively.
Contribute to a holistic program in the areas of enterprise security.
Consult on internal control design and risk response opportunities.
Develop and maintain a responsive and effective Computer Security Incident Response Team (CSIRT), Electronically Stored Information (ESI) collection and management capability that will identify, contain and resolve information security incidents, meet compliance and reporting obligations, and uphold chain of custody and rules of civil procedure requirements.
Ensure that information security services integrate into respective enterprise and subsidiary breach response plans.
• Bachelor’s degree in computer science, information systems, engineering, business administration or a related field is required.
• Master’s degree in computer science, information systems, engineering, business administration or a related field is required.
• At least one of the following active certifications: CISA, CISM, CRISC, CISSP or CFE.
• A minimum of 10 years executive leadership in information security policy, standards, architecture, technology, and programs.
• Strong understanding of information security and the relationship between threat, vulnerability, and information value in the context of risk management.
• A proven track record of developing and implementing a comprehensive strategy and plan for managing information security internationally is required.
• An understanding and application of information security in different cultures, working across different countries, and experience in an international environment is required.
• Experience in a leadership role, high level analytical skills, exceptional relationship management competencies, and relevant project management work experience with a demonstrated record to lead and execute information security compliance and risk mitigation programs.
• Capable of passing a National Security Background Investigation to enable the issuance of a security clearance under the United States National Security Act.
Top Candidates Will Also Have:
• Other related certifications such as ITIL, PMP, SANS/GSEC, CIPP, CGEIT, CPA/CA are preferred, but not required.
• Extensive knowledge of company products and policies, organizational units, and strategic direction with demonstrated diversity in thought and skill.
The preferred location for this role is Peoria. This position can be located remotely and will require 80% travel.
Caterpillar is not currently hiring individuals for this position who now or in the future require sponsorship for employment visa status; however, as a global company, Caterpillar offers many job opportunities outside of the U.S. which can be found through our employment website at www.caterpillar.com/careers.
Caterpillar is an EEO/AA Employer. All qualified individuals – including minorities, females, veterans and individuals with disabilities – are encouraged to apply.
This employer is not currently hiring foreign national applicants that require or will require sponsorship tied to a specific employer, such as H, L, TN, F, J, E, O.