Location: Suzhou, 32, China
Date Posted: Aug 21, 2019
As an Information Security Officer (IT analyst III) – you will be a fulltime information security subject matter professionals within the GIS information security team serving as a trusted information security advisor for the business to enable the business and help the business partners conduct the business securely. This position is a non-supervisory role that reports directly to the AP regional information security manager.
Duties/Responsibilities may include, but are not limited to:
Provide consultation on information security objectives and compliance with relevant security standards, policies, and procedures. Serve as trusted advisor to effectively communicate complex security risks in a manner that is easily understood and actionable. Enable the business to leverage enterprise-wide security solutions. Advise on processes and methodologies required when evaluating purchased product, new internal solutions, or outsourcing IT systems through TPRM (third party risk assessment).
Test and evaluate information security controls and techniques to ensure they are efficiently and effectively implemented. Conduct Information Security Compliance Assessments according to the process and issue quality reports on time. Help with the risk owners through the remediation process.
Support Data Loss Prevention (DLP) and Computer Security Incident Response Team (CSIRT) when necessary. Communicate in a timely fashion to update the DLP/CSIRT team. Coordinate incident response needs within area of responsibility in the event of an enterprise CSIRT incident or investigation.
Support the Caterpillar’s Information Security Awareness program. Ensure Information Security Awareness material is included in orientation for new staff, or third-party professionals, where applicable by law. Identify the need for customized awareness or phishing result messages specific to business areas. Develop and present messages in alignment with Information Security directives.
Contribute to team effort and develop peer ISOs by acting as backup ISO, cross-training, and sharing job responsibilities as appropriate.
Travel may be required.
Relevant degree and understanding for information security
Knowledgeable of the appropriate programming languages and development life cycles management; computing hardware and software; and current deployment processes and tools
Experience in security, integration, infrastructure system administration, or support work
Obtain one of the following certifications within eighteen months and maintain in good standing: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Controls (CRISC). CISSP preferred.
Understanding for Caterpillar policies and procedures, and a general understanding of Caterpillar’s organizations; experience with information security.