Cybersecurity Compliance Specialist

Caterpillar Inc.•Nashville, TN

1d•$128,470 - $208,770•Onsite

About The Position

When you join Caterpillar, you're joining a global team who cares not just about the work we do – but also about each other. We are the makers, problem solvers, and future world builders who are creating stronger, more sustainable communities. We don't just talk about progress and innovation here – we make it happen, with our customers, where we work and live. Together, we are building a better world, so we can all enjoy living in it. Cybersecurity Compliance Specialist Role Definition: The Cyber Compliance Specialist is responsible for delivering cybersecurity compliance expertise to support the execution and sustainability of the enterprise Cyber Compliance program related workstreams. This role requires strong analytical skills, has an enterprise-wide scope and focuses on monitoring, assessing, and validating the effectiveness of cybersecurity controls, processes, and technologies. The specialist partners closely work with business, technical, and risk stakeholders to ensure compliance requirements are met & risks are appropriately identified, documented, and remediated. Success in this role depends on excellent communication, cross functional collaboration, and the ability to work on multiple complex projects.

Requirements

Bachelor’s degree from an accredited institution preferably in Information Technology, Information Security, Cybersecurity or equivalent discipline.
Strong knowledge of cybersecurity control frameworks and standards such as ISO 27001, NIST CSF, CIS Controls, CMMC and related compliance requirements.
Active, nationally recognized cybersecurity certification (s) (CTPRP, CISSP, CISM, CRISC)
Experience in cybersecurity, governance, risk, and/or compliance functions supporting enterprise environments.
Demonstrated ability to analyze complex compliance problem sets and apply detailed diagnostic and critical thinking skills.
Ability to adjust to multiple demands, changing priorities, ambiguity, and rapid change, while multitasking effectively
Excellent verbal and written communication skills with the ability to explain technical and compliance topics to both technical and non‑technical audiences.
Strong collaboration and interpersonal skills, with the ability to work effectively across business units and functional teams, to interact effectively with senior management

Nice To Haves

Hands on experience with GRC platforms (e.g., ServiceNow IRM, Archer, Auditboard etc.,)
Knowledge of different cybersecurity technologies and tools
Experience supporting customer security due diligence or questionnaire response processes.
Experience in the complexities of working in a large global organization
Communicating Complex Concepts: Knowledge of effective presentation tools and techniques to ensure clear understanding; ability to use summarization and simplification techniques to explain complex technical concepts in simple, plain language appropriate to the audience.
Consulting: Knowledge of techniques, roles, and responsibilities in providing technical or business guidance to clients, both internal and external; ability to apply consulting knowledge appropriately.
Cybersecurity Standards and Policies: Knowledge of developing cybersecurity policies, standards, and procedures; ability to develop and communicate policies, standards and procedures that guide interactions with customers.
Cybersecurity Risk Management: Knowledge of tools, techniques, approaches, and processes of cybersecurity risk management; ability to ensure organizational network operation and minimize negative effect by cybersecurity risks.
Information Security Management: Knowledge of the processes, tools, and techniques of information security management; ability to deploy and monitor information security systems, while detecting, controlling, and preventing violations of IT security.
Information Technology (IT) Security Policies: Knowledge of IT security policies, standards, and procedures; ability to utilize a variety of administrative skills sets and technical knowledge to ensure cyber security compliance.

Responsibilities

Deliver cybersecurity and compliance expertise for the execution and continuous improvement of cybersecurity compliance processes, workflows, and supporting tools.
Facilitate and execute cybersecurity assessments of targeted technologies and processes, exercising sound judgment in evaluating control design and effectiveness.
Coordinate and facilitate responses to customer and stakeholder cybersecurity questionnaires, ensuring accurate and consistent representation of security controls and practices.
Help design automation, simplify processes and deployment of trust portal to facilitate customer security inquiries.
Analyze, review and monitor the effectiveness of cybersecurity controls across applications, systems, and processes to ensure alignment with frameworks and standards (E.g., ISO, PCI, NIST, SWIFT etc.).
Maintain up-to-date documentation of processes.
Effectively balance cyber hygiene, incremental improvement, and future-focused projects in a manner which reduces cyber risk and facilitates enterprise efforts to achieve expanded offerings, services growth, and sustainability
Document clear, defensible assessment conclusions and communicate results to business partners, technical contacts, managers, and stakeholders.
Develop, modify, and support compliance process workflows and contribute to the development of key performance metrics to measure compliance effectiveness.
Perform additional cyber compliance activities as assigned in support of expanded offerings, evolving program needs and workstreams.