AddressKomatsu is an indispensable partner to the construction, mining, forestry, forklift, and industrial machinery markets, maximizing value for customers through innovative solutions. With a diverse line of products supported by our advanced IoT technologies, regional distribution channels, and a global service network, we tap into the power of data and technology to enhance safety and productivity while optimizing performance. Komatsu supports a myriad of markets, including housing, infrastructure, water, pipeline, minerals, automobile, aerospace, electronics and medical, through its many brands and subsidiaries, including TimberPro, Joy, P&H, Montabert, Modular Mining Systems, Hensley Industries, NTC, and Gigaphoton.
Job Overview
We have a newly created opportunity for a Cybersecurity Compliance Engineer to join our IT Team. This role is working on-site and can be based out of our headquarters office in Milwaukee, WI or Chicago, IL. In this role you will have responsibility for assessing cyber risks that could affect the integrity/confidentiality of data, systems, or services of the company, recommending appropriate mitigation solutions, driving security initiatives to strengthen organization security posture, developing security policies, standards, and procedures, ensuring that Komatsu complies with industry regulations, laws, and internal policies, analyzing vulnerability remediation efforts, and evangelizing cybersecurity governance, risk and compliance to the broader business. You will partner closely with our Technical Security, Audit, and Legal teams.
Key Job Responsibilities
- Perform internal risks assessments and recommend appropriate security controls.
- Collaborate with cross-functional teams to integrate security controls into the development and implementation of new systems, applications, and processes.
- Analyze technical controls to ensure that security and compliance requirements are met.
- Make recommendations to enhance or improve our cybersecurity posture and drive implementation efforts.
- Verify documented processes, procedures, and standards to validate maintenance of secure configurations.
- Develop automation to drive compliance for required security tools.
- Track enterprise compliance across multiple security frameworks such as CIS, SOC 2 and NIST and maintain up-to-date records of requirements and corresponding mitigating controls.
- Drive any improvement plans and remediation activities following a cybersecurity incident.
- Develop key performance metrics to track and ensure compliance with established policies and standards.
- Participate in the development of security and privacy awareness training in conjunction with other members of the Security Compliance group.
- Support the entire vulnerability lifecycle, from discovery to assessment, reporting, remediation tracking, and validation.
- Serve as a liaison between IT and internal audit teams
- Provide assistance for ediscovery and/or forensic requests
Qualifications/Requirements
- Bachelor’s Degree in Computer Science, Information Systems, other related fields.
- Minimum five years' experience in Information Security and/or Data Privacy Compliance positions
- Knowledge and understanding of CIS, NIST, ISO27K and SOC-2 information security standards.
- Excellent communication, interpersonal skills, especially the translation of cybersecurity and privacy concepts to both executive and IT or developer-level audiences.
- Ability to maintain security documentation and manuals
- Strong understanding of security fundamentals and general security technologies
- Experience with vulnerability management programs
- Ability to communicate with all levels of the business verbally and in writing
- Knowledge of data privacy regulatory requirements (CCPA, GDPR, POPI, LGDP, etc.)
- Industry certifications such as CISSP, CISM, CISA or CRISC a plus.
Additional Information
Komatsu is an Equal Opportunity Workplace and an Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.
