TC-CS-SRCR-Risk and Compliance-Risk Analyst-Senior

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

The Cybersecurity Risk Analyst will work directly with Cybersecurity practitioners within the Governance, Risk and Compliance (GRC) organization at Caterpillar. They will be responsible for day-to-day analysis of assessment findings and responses, analyzing/gathering metrics, and analyzing documentation related to cybersecurity.

Responsibilities

• Work with information system experts and cybersecurity practitioners in the GRC space to analyze and document findings and coordinate the writing and tracking of remediation/mitigation plans.
• Work with information system experts and cybersecurity practitioners in the GRC space to analyze and document residual control deficiencies and associated risk based on qualitative and quantitative frameworks.
• Manage escalations for tasks that are not being completed when expected.
• Participate in team review meetings and process improvement activities.

Qualifications

Basic Qualifications:

• Excellent problem solving, analytical, critical thinking, decision-making, communication, organization, task, and time management skills.
• Strong interpersonal skills, having the ability to work independently and as part of a team and the ability to work with appropriate subject matter expects (security architects, IT owners, etc.).
• Ability to adjust to multiple demands, changing priorities, ambiguity, and rapid change, while multitasking effectively

Key Competencies:

• Process-oriented and strong organizational skills
• Excellent written and verbal communication skills
• Proficient in Microsoft O365 products

Ideal Candidate Will Also Have:

• Experience with ServiceNow GRC or IRM module.
• Broad exposure to systems, operating software, applications, storage, networks, application development, scripting languages and database management.
• CISSP, CTPRP, CISM, CRISC or other security-related certification or ability and willingness to obtain within one year.
• 5+ years’ experience with assessments focused on information security compliance.
• Experience working within ISO 27000 series frameworks.
• Experience working in a security environment including cybersecurity procedures, standards, technology controls and industry leading practices including information security risk assessment.
• Exposure to other frameworks such as COBIT, ITIL, NIST

EY | Building a better working world 

 
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.  

 
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.  

 
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.