IT Risk & Compliance Professional

Caterpillar Inc.•Nashville, TN

1d•$112,710 - $169,060•Onsite

About The Position

Your Work Shapes the World at Caterpillar Inc. When you join Caterpillar, you're joining a global team who cares not just about the work we do – but also about each other. We are the makers, problem solvers, and future world builders who are creating stronger, more sustainable communities. We don't just talk about progress and innovation here – we make it happen, with our customers, where we work and live. Together, we are building a better world, so we can all enjoy living in it. We are seeking an analytical, detail-oriented, and technically proficient IT Risk & Compliance Professional to join our Enterprise IT Controls team. The IT Risk & Compliance Professional acts as the primary subject matter expert and trusted advisor for Enterprise IT Controls compliance. Incumbents lead interactions with internal customers at all levels from staff to senior management across Caterpillar IT and Caterpillar Corporate Governing bodies such as Corporate Legal, Corporate Ethics & Compliance, and Corporate Internal Auditing & Compliance. Incumbent provides global support. What You Will Do: Provide Guidance on Execution of Enterprise IT Controls: Provide guidance and train teams on ownership, implementation, and execution of Enterprise IT Controls. Communicate, implement, and manage organizational change of IT control changes and ownership. Coordinate and lead training of Process Owners, Execution Owners, and Execution teams on IT Controls requirements. Develop strong relationships with Process Owners and Execution Owners. Overall key contact for IT controls and governance compliance. Provide Guidance on Remediation of IT Controls: Provide enterprise governance and consultation on IT controls policies, processes, deadlines, and testing. Ensure IT Control self-attestation participants understand results and make recommendations based upon implications. Provide guidance to execution teams to help ensure control issues are remediated timely. Challenge stakeholders on root causes of risk and effectiveness of remediation activities. Sustain Control Environment: Coordinate the scheduling, monitoring and management of internal self-attestations collaborating with Process Owners, Execution Owners and Execution teams across the enterprise. Train impacted Process Owners, Execution Owners and Execution Team Members on how to complete self-attestations. Lead risk assessment reviews of processes to ensure compliance, proactively manage risk, and contribute to the annual risk management process. Escalate non-compliance to controls or deadlines to IT Management. Ensure IT controls and governance tools and artifacts remain in alignment with the current organization and responsibilities. Engage with Process Owners to understand compliance for their process(es) and make process improvement recommendations. Lead teams in continuous improvement activities within the IT Control framework. Execute User Acceptance Testing (UAT) for changes/enhancements to the ServiceNow IRM module for the self-attestation process. Lead projects on the continuous improvement of the IT Controls methodology. Reporting: Identify and document reporting requirements to ensure relevant risk and compliance reporting to IT management. Communicate relevant risk and compliance status to appropriate Process Owners and/or Execution Owners.

Requirements

A bachelor’s degree or progressively complex experience, generally gained through assignments in Information Services and related areas (e.g., Cyber, Digital, Accounting, Engineering, Finance & Financial Products, Human Resources, Legal, Logistics, Manufacturing & Supply Chain, Marketing & Product Support, Purchasing & Procurement, etc.).
A proficient level of understanding and experience from more than one IT business operation and/or process including but not limited to application development and support, and infrastructure implementation and support.
Experience with processes, tools and techniques for assessing and controlling an organization's exposure to IT risks of various kinds, and ability to apply knowledge of risk management appropriately to diverse situations.
Ability to understand multiple perspectives, evaluate effectiveness and efficiency of process(es), communicate appropriately, and make recommendation(s) with a strategic enterprise perspective.
Preference for an auditing, compliance, cybersecurity, or risk management background and/or experience in managing risk through identification, assessment, and mitigation.

Nice To Haves

Prior experience(s) with identity and access management, role-based access control (RBAC), proactive risk identification, continuous control monitoring, and process maturity analysis.
Hands-on experience with Governance, Risk, and Compliance (GRC) platforms, specifically ServiceNow Integrated Risk Management (IRM) and/or AuditBoard.
Proven ability to configure, manage, and optimize workflows within these tools to support risk assessments, control monitoring, audit management, and compliance reporting.
Familiarity with integrating GRC tools into enterprise environments and leveraging automation for continuous control monitoring.
Hands-on experience with data analysis and visualization tools/platforms (Snowflake, SQL, Power BI, Tableau, Microsoft Excel, etc.) & techniques.
Strong initiative, accountability, process focus, and communication skills.
Experience in delivering difficult issues and messages to business partners and/or IT leadership while maintaining composure.
Industry and professional certification(s) (e.g., CRISC, CISA, CISM, CISSP, CIA, CPA, etc.) or be willing to obtain one within one year of starting.