Manage overall IT risk, serve as the division’s IT risk consultant and conduct periodic current state assessments to determine and manage the division’s risk portfolio. This role also should understand risk management best practices to define, implement and manage a relevant risk management framework. In addition, this role will be responsible for conducting internal and external research and analysis to identify emerging risk. This individual will assist and support the Enterprise Risk Management process execution and aid in IT risk special projects.
Individuals in this position are expected to lead interactions with internal customers at all levels from staff to senior management across Global Information Services and Caterpillar Corporate Governing bodies such as Corporate Risks & Controls, Corporate Legal, Corporate Ethics & Compliance, and Corporate Internal Auditing & Advisory Services. Incumbent may also interact externally with Caterpillar’s external auditors. Incumbent supports global geographic regions.
PRIMARY RESPONSIBILITIES INCLUDE
• Develop, implement and manage IT Risk Management framework and governance structure.
• Lead assessments when appropriate and use a variety of tools and methods in the execution of current state risk assessments. These would include, but are not limited to: interviews, facilitated meetings, software-based diagnostic tools, risk knowledge or best practices databases, questionnaires and surveys and risk summarization tools.
• Develop, implement and manage IT risk profiles which highlights the business unit’s areas of risk focus. This requires working with various business unit departments to gather data such as Cybersecurity and IT Controls and external business units such as IAAS (formerly CACD).
• Engage with the ITCG division and GIS stakeholders to identify control reporting needs. This includes metric identification, dashboard views, report frequency, use and distribution.
• Establish and manage division’s risk tolerance level
• Assist in and support the development of summary reports as needed to provide assurance to the IT Council, Executive Office and the Audit Committee of the Board of Directors.
• Assist with conducting Business Risk Management assessments in the business unit, including gathering information prior to the assessments, organization/preparation/distribution of advance material, and support of the assessment event.
• Proactively researches best practices and learns new technologies and systems to Identify emerging risk, and advance knowledge of reporting and analysis
• Works with the business and other control functions to conclude on the root cause of issues and provide guidance and advice on the design and implementation of effective internal control to appropriately mitigate risk.
• Supports key projects and/or initiatives to ensure that risk issues are being addressed on a timely basis
• Work closely with division’s compliance organization to ensure key compliance risk areas are identified, reported and managed.
BACKGROUND / EXPERIENCE
• Requires a Bachelor’s degree or 6-8 years of progressively complex IT experience, generally gained through staff assignments in Information Services and related areas
• Requires strong and deep knowledge of risk management framework and best practices which includes identification, assessment and treatment methodologies.
• Requires ability to analyze, aggregate and develop risk reports
• Requires a deep level of understanding and experience from more than one IT business operation and/or process including but not limited to application development and support, infrastructure implementations, and consolidations and support
• Experience analyzing and providing recommendations for governance and risk compliance
• Familiarity with industry standard control frameworks (e.g., ITIL, COBIT, NIST, ISO)
• Holds strong personal relationships and has created a solid informal network; understands the organization's culture and the network of relationships that gets things done
• Independently performs non-routine and complex analysis and solves problems with limited supervision
• Strong attention to detail in analysis and deliverables
• Clear and concise in oral and written communication. Risk issues are clearly articulated and at the right level of detail and draft deliverables require minimal revisions
• Manages multiple complex tasks simultaneously, adjusting priorities as needed
• Strategically acts on opportunities for improvement in quality or core processes
• Leads change through providing the vision – explaining how to achieve goals, defining success and the time frame, defining the desired state, and providing the context or reasons behind the changes that can be easily understood
• Understands and effectively communicates the enterprise vision to different audiences, inspires and motivates others to work towards the future
• Works across organizational boundaries; takes the path to move projects forward with the least complication
• Develops sound plans; thoroughly lays out tasks, resources, and schedules
• Outstanding at decision making; determines the best course of action from among alternatives; uses experience and wisdom to find superior solutions
• Adds significant value in a brainstorming setting; has no problem generating new and innovative ideas
• Motivated and resourceful learner
• Tenacious; has a well-deserved reputation for seeing things through
This is a remote work opportunity if the employee is located outside of the Peoria, IL area.
Caterpillar is not currently hiring individuals for this position who now or in the future require sponsorship for employment visa status; however, as a global company, Caterpillar offers many job opportunities outside of the U.S. which can be found through our employment website at www.caterpillar.com/careers