EY TC-CS-SRCR-Risk Compliance-Governance Analyst-Senior 

India, Karnataka, Bengaluru 

903052705

JOB DESCRIPTION:

The Analyst must have a strong understanding of cybersecurity controls design, implementation, and attestations to validate that policy requirements are being met, establishing, and maintaining relationships with key stakeholders and supporting other Cybersecurity GRC processes as applicable.

JOB RESPONSIBILITIES:

• Maintain strong knowledge and understanding of Caterpillar’s global operating environment, enterprise cybersecurity landscape as well as the Enterprise Cybersecurity Governance Framework (ECGF) and its inherent components.
• Maintain strong knowledge of Caterpillar’s adopted cybersecurity standards, frameworks, and applicable regulatory obligations (e.g., ISO-27001/2, PCI, CMMC, CIS, NYDFS, FFIEC, SWIFT, CTPAT)
• Develop and execute a robust monitoring program for security exceptions.
• Engage and hold cybersecurity process owners accountable for monitoring their processes in alignment with policy, standards, and controls, providing relevant input/review insights as applicable.
• Develop self-assessment programs to validate that security policy, standards and control requirements are satisfied.
• Assess new, or changes to existing, exception processes, and follow change management process to make improvements as applicable.
• Establish and maintain relationships with key business partners across the organization.
• Serve as a liaison in the internal and external audits, provide supporting evidence and assess any identified issues and remediation action plans. Caterpillar: Confidential Green
• Partner with security SMEs and stakeholders across the enterprise in executing exception risk analyses.
• Support annual planning, budgeting, and project implementation activities within the cybersecurity governance function.
• Consistently demonstrate excellent stakeholder collaboration, communication, and customer-oriented skills, and project management capabilities

MINIMUM QUALIFICATIONS:

• Bachelor’s degree from an accredited college/university
• At least two (2) relevant cybersecurity certifications (e.g., CISM, CISSP, CCSP, CISA, CRISC, CGEIT, COBIT Foundations)
• 5+ years working with global cybersecurity industry standards, frameworks, and regulatory requirements such as ISO-27001/2, PCI, CMMC, NYDFS, FFIEC, SWIFT, CTPAT
• 5+ years of experience working with the Microsoft Office/O365 Suite
• 5+ years of data management, analysis, transformation, systems workflow modeling and implementation
• Big Four (4), or management/IT consulting experience is a plus.

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.