This job posting is no longer active.
Location: Nashville, TN, United States
Date Posted: Dec 21, 2019
JOB SUMMARY: Serve as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization's information security policies. A key element of the role is working with executive management to determine acceptable levels of risk for the organization. Establish and maintain a corporate-wide information security management program to ensure that information assets are adequately protected. Provide overall security services, program ownership and compliance governance for multiple security programs in order to support critical business and process requirements. Manage people, processes and technologies used worldwide to support the security mission while accountable for tracking progress and measurements that align with regulatory requirements.
JOB RELATED STATISTICS:
Annual Department Expense Budget: $15 Million
Annual Capital Security Expense Budget: $5-15 Million
Personnel: 5-7 Exempt;
10-30 Agency Workers
PRINCIPAL DUTIES AND RESPONSIBILITIES:
Provide leadership to the Financial Products Division information security organization.
Directs functions related to multiple complex global security programs in the logical security domain within portfolios and projects.
Works directly with the Financial Products Division (FPD) line units within Caterpillar to facilitate risk assessment and risk management processes.
Develops and enhances an information security management framework for the FPD within Caterpillar.
Collaborates and partners with the corporate IT and other divisional IT functions through committees to ensure the consistent application of policies and standards across all technology projects, systems and services.
Leverages and applies corporate IT security procedures, guidelines and directives where applicable to the FPD.
Works closely with the Corporate Caterpillar CISO to align security strategy, practices and standards.
Partners with business stakeholders across the company to raise awareness of risk management concerns.
Manages staff and projects related to developing business and technical security solutions with operational procedures to provide security risk mitigation to the enterprise.
Researches and analyzes new processes and technologies available in the security industry facilitating alignment with corporate systems and strategies. Develops business cases to secure approval for implementation of new systems and technologies.
Maximizes security programming while minimize costs and advising on risk mitigation to acceptable levels.
Manages the development and maintenance of methods and systems for measurement indicators for degree to which strategic project goals, objectives and metrics are met.
Plans, develops and directs multiple information and/or traditional security functions at the delegation of management including but not limited to, compliance programming, crisis management, security architecture, computer security incident response, computer security monitoring, travel security, insider threat, investigative processes and project management.
Provides leadership and coordinates corporate development of security systems, programs or processes impacting business or other corporate process partners.
Participates in setting security strategies for parts of the organization within areas of ownership that impact business outcomes.
Acts as a change agent for programs of ownership and responsibilities that include creating, developing, maintaining and tracking integrated initiatives for effective operations.
Oversees governance development, management and deployment for training, communications, program channel delivery and assessment for continual process improvement.
Develops, maintains and coordinates auditable actions for the analytic and technical aspects of security.
Maintains integrity of programs and systems within areas of ownership.
Provides corporate-wide focus for efforts relating to compliance with government laws and regulations and with enterprise policies on business ethics and conduct.
Oversees selection, testing and secure installation of security mitigation logical and physical equipment.
Identifies and mitigates threats and vulnerabilities associated with compromising security issues.
Maintains current situational awareness of global threats to the enterprise and personal through critical risk assessment and security threat analysis.
Directs the development of complex logical and physical security protective measures and creates measurement tools for vulnerability assessments.
Provides guidance and expertise in the development and maintenance of risk management programming to assess, prioritize, manage and logical and/or security risks.
Develops and manages the capital and expense budget for the security risk assessment operations and enterprise security programs represented within the areas of assignment ownership.
Participates in accomplishment of continuous improvement objectives for the department. Progress toward accomplishment of these is measured through maintenance of necessary measurements and analysis of associated data. Participates in the identification of problem areas and development of resolutions to address them.
Understands the Equal Opportunity and Harassment policies of the company, applies them in all aspects of management and maintains an environment, which is consistent with these policies.
SKILLS, ABILITIES, AND KNOWLEDGE:
Thorough knowledge of and advanced ability to apply math computation skills including basic addition, subtraction, multiplication, and division, as well as statistics and other mathematical concepts used in modeling.
Extensive knowledge of procedures and operations of the functional business areas.
Thorough knowledge of data processing philosophies and techniques.
Advanced ability to identify systems deficiencies and recommend and develop new software/programs to correct the deficiencies.
Thorough knowledge of computer operating systems and equipment capabilities.
Thorough knowledge of security procedures and software and how to implement such software.
Advanced ability to train and advise employees on security processes and procedures.
Advanced ability to coach and train staff to apply human relation skills.
Advanced ability to communicate complex security topics and issues into concise and simple business terms for key stakeholders.
Demonstrated ability to hold courageous conversations and collaborate effectively across multiple stakeholder groups.
Ability to establish a security vision that assesses current and future business needs and desire to change in order to meet the evolving needs of the business.
General understanding of business operations including the technical infrastructure, general business processes of a financial services company.
Broad company knowledge and the ability to develop close relationships with senior management of operating groups globally to help evaluate key risks.
Thorough ability to brief executive management on the status of security issues affecting operations globally.
Thorough ability to establish and maintain a well-developed network of international professional contacts in law enforcement, intelligence agencies and corporate security departments.
Must possess excellent people skills with the ability to interact with and influence senior management to further the security risk assessment program with an ability to set, manage and meet expectations with clients.
Exceptional leadership, organizational and interpersonal skills, demonstrated persuasive and influencing capabilities and an ability to lead and motivate others.
Proven ability to identify the need and lead management teams in complex analytical planning, critical review and proactive problem solving.
Proven ability to work quickly and independently with attention to detail and sensitivity to deadlines.
EDUCATION/EXPERIENCE: A 4-year college or university degree in any of the business disciplines and a minimum of 10 years exempt experience in major law enforcement, intelligence, public service or private sector security organization developing implementing, and/or managing large-scale, high-profile corporate programs and a thorough knowledge of Information Security are recommended. Experience in asset protection and information security with complex information security experience in the financial services industry is recommended. Experience in risk management and relevant security assessments is recommended. Thorough understanding and application of security in different cultures, working across different countries, and experience in an international environment is required. Must have at least one of the following active certifications: CISA, CISM, CRISC, CISSP or CFE. Other related certifications such as ITIL, PMP, SANS/GSEC, CIPP. Relevant experience may be substituted for education.
Chief Information Security Officer - Financial Products Division
Financial Services industry experience
Must have at least one of the following active certifications: CISA, CISM, CRISC, CISSP or CFE
EEO/AA Employer. All qualified individuals – including minorities, females, veterans and individuals with disabilities – are encouraged to apply.
Caterpillar is not currently hiring individuals for this position who now or in the future require sponsorship for employment visa status; however, as a global company, Caterpillar offers many job opportunities outside of the U.S. which can be found through our employment website at www.caterpillar.com/careers.
Chief Information Security Officer, Information Security, CISO, CISA, CISM, CRISC, CISSP, CFE, Financial Services, Banking, Captive Finance