Address
Form of workCareer Area:
Business Technologies, Digital and DataJob Description:
Your Work Shapes the World at Caterpillar Inc.
When you join Caterpillar, you're joining a global team who cares not just about the work we do – but also about each other. We are the makers, problem solvers, and future world builders who are creating stronger, more sustainable communities. We don't just talk about progress and innovation here – we make it happen, with our customers, where we work and live. Together, we are building a better world, so we can all enjoy living in it.
Your Work Shapes the World at Caterpillar Inc.
Our common values and focus on inclusion and respect drive the decisions made by our company, teams and people. This is why we are committed to hiring and building diverse teams representative of the customers we serve globally. When you join our team, you can apply your unique life and job experiences and work in an environment where your ideas are heard, your contributions are celebrated, and your whole-self matters.
When you join Caterpillar, you're joining a global team who cares not just about the work we do – but also about each other. We are the makers, problem solvers and future world builders who are creating stronger, more sustainable communities. We don't just talk about progress and innovation here – we make it happen, with our customers, where we work and live. Together, we are building a better world, so we can all enjoy living in it.
About Cat Financial
Cat Financial is a subsidiary of Caterpillar Inc., the world’s leading manufacturer of construction and mining equipment, off-highway diesel and natural gas engines, industrial gas turbines and diesel-electric locomotives. For more than 40 years, Cat Financial has provided a wide range of financing solutions to customers and Cat® dealers for machines, engines, Solar® gas turbines, genuine Cat parts and services. Headquartered in Nashville, Tennessee, Cat Financial serves customers globally with offices and subsidiaries located throughout North and South America, Asia, Australia, Europe and Africa. Visit cat.com to learn more about Cat Financial.
The CISO reports to the Cat Financial VP and CIO and leads a team of approximately 11 Caterpillar Financial personnel. Direct reports will include cybersecurity professionals, controls specialists and the Cat Financial Security Enterprise Architect. The role also participates on the Caterpillar enterprise security matrix team, including providing input to the Caterpillar CISO.
The CISO provides decision support and governance through informal and formal means, including but not limited to metrics, dashboards, risk analysis and mitigation, acceptance, and reporting.
The CISO provides the Caterpillar Financial VP and CIO with strategic recommendations and drive strategic initiatives and projects on behalf of the Cybersecurity leadership team.
Responsibilities include:
Cybersecurity strategy and architecture:
Providing vision and leadership in the development and execution of Cat Financial cybersecurity strategy and roadmap, including aligning with enterprise business strategy, gaining executive approval and support, and overseeing successful execution. • Working with enterprise to maintaining practical and actionable cybersecurity policies and standards that reflect the needs of the Cat Financial business while keeping pace with changes in the business environment, technology, and threats to effectively mitigate and manage risk to the business.
Collaborating with other leaders in the creation and maintenance of a security architecture for the enterprise and participating in the solution selection and process development. • Partnering with other IT teams to develop cybersecurity requirements for initiatives and enterprise applications and, as appropriate, reviewing, and approving security design of initiatives. • Building and maintaining relationships necessary for the successful execution of the Cybersecurity program. This includes developing and maintaining external and internal relationships to influence cybersecurity policy, standards and programs and enhancing secure interoperability with extended entities. • Measuring compliance with policy as part of assessing the overall cybersecurity risk posture of the enterprise and initiating programs to achieve and maintain an adequate cybersecurity posture. • Providing regular reports to the CIO and other senior leaders regarding cybersecurity risk posture of the enterprise.
Cybersecurity risk management:
Identifying areas of potential cybersecurity risk within the IT and Business and driving mitigation strategies to reduce these risks to acceptable levels. • Partnering with business to develop and employ an ongoing cybersecurity communications, training and awareness program tailored to the evolving needs of the business and specific requirements of various user groups through change management. • Developing relationships with global business teams to help evaluate key risks. • Leveraging cybersecurity investments to enhance business, administration, and compliance processes.
Presenting to executive business leaders on cybersecurity risk management
Cybersecurity incident response:
Consulting on internal control design and risk response opportunities.
Ensuring that cybersecurity services integrate into respective enterprise security and information event management systems.
Basic Qualifications:
Bachelor’s degree in computer science, information systems, engineering, business administration or a related field is required.
A minimum of 5 years leadership in cybersecurity policy, standards, architecture, engineering, technology, and programs.
Strong understanding of cybersecurity and the relationship between threat, vulnerability, information value, and impact in the context of risk management.
Strong understanding of Operational Technology (OT) security and systems to support the implementation of segregation strategies and OT security solutions
A proven track record of developing and implementing a comprehensive strategy and plan for managing cybersecurity internationally.
An understanding and application of cybersecurity in different cultures, working across different countries, and experience in an international environment.
Experience in a leadership role, high-level analytical skills, exceptional relationship management competencies, and relevant project management work experience with a demonstrated record to lead and execute cybersecurity compliance and risk mitigation programs.
Top Candidates Will Also Have:
Prior experience in the Financial Services industry in an Information Security / cyber security leadership role, preferably in CISO position
Extensive technical and leadership experience in the development, maintenance, and operation of comprehensive Application Security, Zero Trust networking, and Penetration Testing, and security architecture programs.
Degree in computer science, information systems, engineering, business administration or a related field.
At least one of the following active certifications: CISA, CISM, CRISC, CISSP or SANS GIAC certifications.
Other related certifications such as ITIL, PMP, CIPP, CGEIT, CPA/CA.
Extensive knowledge of large company financial services and policies, organizational units, and strategic direction with demonstrated diversity in thought and skill.
Periodic travel will be required.
Skill Descriptors
Budgeting: Knowledge of organization's budget process; ability to apply policies and practices for planning and administering a budget.
Level Extensive Experience:
• Uses organization's preferred budgeting software tools.
• Compares planned budgets vs. actual expenditures, identifies, reports, and explains variances.
• Works with business managers to create appropriate budget amounts.
• Participates in developing budget adjustment procedures and practices.
• Develops and manages large and important budgets.
• Evaluates past business decisions and associated budgetary considerations and impact.
Crisis Management: Knowledge of crisis management concepts and techniques; ability to predict, avert, mitigate, and recover from an event that has or could have a severely negative impact on the business.
Level Extensive Experience:
• Reviews crisis management and disaster recovery plans for currency, adequacy, and validity.
• Determines severity of crisis and initiates appropriate response actions.
• Appoints individuals to crisis response teams; trains team members in response tasks.
• Describes the telltale signs of an impending crisis and what can be done to mitigate the situation.
• Calculates financial impact of crises in terms of bottom line, loss of good will, etc.
• Proactively plans and prepares for major business crises.
Planning: Tactical, Strategic: Knowledge of effective planning techniques and ability to contribute to operational (short term), tactical (1-2 years) and strategic (3-5 years) planning in support of the overall business plan.
Level Expert:
• Reviews and consults on the final strategic plan in collaboration with the business units.
• Monitors industry for innovations in planning processes.
• Directs the development, maintenance, and communication of own function's strategic plan.
• Contributes to the overall strategic business goals and plans of the organization.
• Creates and implements a strategy for supporting current and future business needs.
• Develops long-term strategies to deliver services that keep pace with technology trends.
Risk Management: Knowledge of processes, tools and techniques for assessing and controlling an organization's exposure to risks of various kinds; ability to apply knowledge of risk management appropriately to diverse situations.
Level Expert:
• Monitors industry and marketplace experience for developments and best practices re risk.
• Leads the implementation of enterprise-wide risk management programs.
• Consults on matching risks and risk management tools, processes and benchmarks.
• Elaborates on specific high risk threats and potential impact on the organization.
• Explores Internet and e-commerce considerations and their effect on current business risks.
• Leads discussions on geographical, technological, and social issues associated with risk management.
Talent Management: Knowledge of the critical competencies required to achieve intended results; ability to generate consistent approaches for hiring, selection, retaining and leveraging talent across the organization.
Level Extensive Experience:
• Promotes a talent-focused organization where talent management is the responsibility of all managers.
• Develops a consistent set of practices that build a pipeline of future leaders for key positions.
• Directs mentoring and coaching programs to reinforce learning and development and to surface candidates for selection and succession.
• Creates a specific employee value proposition to improve the retention and motivation of team members.
• Offers key developmental and transitional experiences to those one is mentoring or coaching.
• Develops clear criteria and guidelines for determining optimal fit between individuals and key roles.
Team Management: Knowledge of effective team building techniques; ability to form and manage effective teams.
Level Expert:
• Manages conflict and competition between teams and across organizational lines.
• Fosters a collaborative work spirit across the organization.
• Monitors industry for fresh approaches to team management.
• Serves as a leader in organization-wide initiatives that require cross-functional teams.
• Coaches team leaders on issues, problems, and solution methods.
• Creates an environment where cross-functional teams flourish.
Information Technology (IT) Security Policies: Knowledge of IT security policies, standards, and procedures; ability
to utilize a variety of administrative skill sets and technical knowledge to ensure cyber security compliance.
Level Expert:
• Leads discussions and answers complex questions regarding cross-functional IT policies and standards.
• Designs and drafts the framework of IT security policies while keeping compliance with organizational development goals.
• Forecasts technological industry trends and potential risks in the implementation of defined IT security policies.
• Creates and defines criteria to measure the effectiveness of IT security policies, standards and procedures.
• Contributes to the establishment and use of best practices in IT security policies, standards and procedures.
• Monitors organizational and functional adherence to IT security policies and procedures when addressing risk management.
Cybersecurity: Knowledge of network attacks and the defenses used; ability to defend and prevent electronic threats, theft and attacks.
Level Expert:
• Works with security appliance vendors and customers on network threat detection and solutions.
• Leads the selection of security intelligence, threat and vulnerability assessment tools and methods.
• Develops and implements the next generation cyber protection strategy and defense architecture.
• Develops the costs and benefits of cybersecurity certification; consults on the certification process.
• Monitors emerging or improved cybersecurity technologies; makes recommendations.
• Establishes process and mechanisms for addressing cybersecurity threats and countermeasures across the enterprise.
Additional Information:
Relocation Assistance to Nashville, TN offered
This Job Description is intended as a general guide to the job duties for this position and is intended for the purpose of establishing the specific salary grade. It is not designed to contain or be interpreted as an exhaustive summary of all responsibilities, duties and effort required of employees assigned to this job. At the discretion of management, this description may be changed at any time to address the evolving needs of the organization. It is expressly not intended to be a comprehensive list of “essential job functions” as that term is defined by the Americans with Disabilities Act.
#LI-Hybrid
Relocation is available for this position.Visa Sponsorship is not available for this position. This employer is not currently hiring foreign national applicants that require or will require sponsorship tied to a specific employer, such as, H, L, TN, F, J, E, O. As a global company, Caterpillar offers many job opportunities outside of the U.S which can be found through our employment website at www.caterpillar.com/careers.Posting Dates:
June 6, 2024 - June 20, 2024Any offer of employment is conditioned upon the successful completion of a drug screen.
EEO/AA Employer. All qualified individuals - Including minorities, females, veterans and individuals with disabilities - are encouraged to apply.
Not ready to apply? Join our Talent Community .
