Deputy Chief Information Security Officer (CISO) - Application Security & Identity and Access Management

Career Area:
Technology, Digital and Data
Job Description:
Your Work Shapes the World at Caterpillar Inc.
When you join Caterpillar, you're joining a global team who cares not just about the work we do - but also about each other. We are the makers, problem solvers, and future world builders who are creating stronger, more sustainable communities. We don't just talk about progress and innovation here - we make it happen, with our customers, where we work and live. Together, we are building a better world, so we can all enjoy living in it.
Deputy CISO- Application Security & Identity and Access Management
IT professionals at Caterpillar get the opportunity to make a global impact that enables profitable growth by responsive IT solutions with operational excellence. We equip the enterprise with the tools and resources that drive collaboration, innovation and solutions that help our customers build a better world.
Supporting the business operations of more than 500 facilities worldwide in more than 190 countries, you will connect every aspect of our business from order management systems that keep our production lines running to ecommerce solutions for customers ordering parts online to collaboration tools that keep us connected as well as securing and protecting our connected assets around the globe.
The Deputy Chief Information Security Officer (DCISO) over Identity Access Management, Threat and Vulnerability Management, and Application Security is a senior Caterpillar cybersecurity position. This role requires a highly resourceful, experienced, self-driven individual with the ability to partner, execute, and lead through influence.
What You Will Do:

• Report to the Chief Information Security Officer and interact with other Deputy Chief Information Security Officers, Regional Security Directors, Business Risk Management personnel, business unit leadership, department heads and supervisors to enhance security risk management capabilities utilizing effective security risk management practices and tools.
• Manage and lead the Cybersecurity organization through strategic planning as well as project and program management. This position requires extensive collaboration to ensure the cybersecurity program has appropriately addressed risk, providing dependable, complete, and timely reporting of risk management issues and strategies.
• Drive strategic initiatives and participate in a wide variety of engagements on behalf of the Cybersecurity team. This role underscores the presumption that secure access to information, data, networks, and operations is critical to achieving enterprise business objectives.
• Accountability for overseeing, leading, and directing the enterprise Threat and Vulnerability Management program, working to reduce technical risk to an acceptable level in support of positive business outcomes.
• Management and execution of our Identity and Access Management (IAM) products and services across the extended global enterprise, and modernize IAM service offerings, to secure and protect Caterpillar, and improve productivity and customer experience.
• Oversee delivery of the enterprise application development security program, establishing the foundational structure for secure application development, secure coding practices, and continuous education across the enterprise.
• Develop and implement strategic and operational processes that enable business success while mitigating risk.
• Collaborate closely with other leaders to ensure information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected throughout the digital ecosystem, even when the cybersecurity program may not be responsible for the underlying technology.
• Contribute to identifying, assessing, and managing security risks in a manner that meets compliance, quality, legal and regulatory requirements, and aligns with and supports the company risk posture. This includes assessing third-party service providers, partners, joint ventures, and acquisitions.
• The DCISO position assists in establishing and maintaining Caterpillar's relationship with the information security industry and profession. Building and maintaining relationships are necessary for the successful execution of the cybersecurity program.
• The DCISO will lead a team of 2-4 senior managers with a team of approximately 100 Caterpillar personnel and a team of external consultants.
• The DCISO provides decision support and governance through informal and formal means, including but not limited to metrics, dashboards, risk analysis and mitigation, acceptance, and reporting.
• The DCISO will provide the CISO with strategic recommendations and drive strategic initiatives and projects on behalf of the Cybersecurity leadership team.

Information Security Strategy and Architecture:

• Providing vision and leadership in the development and execution of an enterprise information security strategy and roadmap, including aligning with enterprise business strategy, gaining executive approval and support, and overseeing successful execution.

• Developing and maintaining practical and actionable information security policies and standards that reflect the needs of the business while keeping pace with changes in the business environment, technology, industry standards, regulations, and threats to effectively mitigate and manage risk to the business.

• Developing and implementing policies, procedures and systems required for maintaining and enhancing overall security goals.

• Providing overall information security services and information security technology infrastructure and data to support critical business and process requirements.

• Collaborating with other leaders in the creation and maintenance of a security architecture for the enterprise and participating in the solution selection and process development.

• Ensuring governance and supportive programming for the enterprise in the arena of information classification and categorization as related to risk and information security.

• Developing information security requirements for information technology infrastructure initiatives and enterprise applications and, as appropriate, reviewing, and approving security design of initiatives.

• Building and maintaining relationships necessary for the successful execution of the information security program. This includes developing and maintaining external and internal relationships to influence information security policy, standards, and programs, and enhancing secure interoperability with extended entities.

• Measuring compliance with policy as part of assessing the overall information security risk posture of the enterprise and initiating programs to achieve and maintain an adequate information security posture.

• Providing regular reports to the CISO and other senior leaders regarding information security risk posture of the enterprise.

Information Security Risk Management:

• Consulting in the development of IT strategies for business units as an advisor on information security risks.

• Identifying areas of potential information security risk within the IT infrastructure and driving mitigation strategies to reduce these risks to acceptable levels.

• Developing and employing ongoing information security communications, awareness and learning programs tailored to the evolving needs of the business and specific requirements of various user groups through change management.

• Supporting a global information security program to ensure consistent messaging by Segment and Business Units underpinned by respective Enterprise Procedures.

• Developing close relationships with management of operating groups globally to help evaluate key risks.

• Leveraging information security investments to enhance business, administration, and compliance processes.

• Overseeing the acquisition and maintenance of industry certifications including ISO, SOC2, CMMC and others as applicable.

What You Have:
Basic Qualifications:

• Bachelor's degree in computer science, information systems, engineering, business administration or a related field is required.

• A minimum of 8 years executive leadership in information security policy, standards, architecture, technology, and programs.

• Strong understanding of information security and the relationship between threat, vulnerability, and information value in the context of risk management.
• Experience providing robust Identity Access Management services in a high regulatory environment.

• A proven history of developing and implementing a comprehensive strategy and plan for managing information security internationally is required.

• An understanding and application of information security in different cultures, working across different countries, and experience in an international environment is required.

• Experience in a leadership role, high level analytical skills, exceptional relationship management competencies, and relevant project management work experience with a demonstrated record to lead and execute information security compliance and risk mitigation programs.

Top Candidates Will Also Have:

• Master's degree in computer science, information systems, engineering, business administration or a related field is required.

• At least one or more of the following active certifications: CISA, CISM, CRISC, CISSP or CFE.

• Other related certifications such as ITIL, PMP, SANS/GSEC, CIPP, CGEIT, CPA/CA.

• Experience with SOX and implementation of IT General Controls.

• Extensive knowledge of company products and policies, organizational units, and strategic direction with demonstrated diversity in thought and skill.

• Experience with a global company leading organizational change.

Skills Needed:

• Budgeting: Knowledge of organization's budget process; ability to apply policies and practices for planning and administering a budget.
• Crisis Management: Knowledge of crisis management concepts and techniques; ability to predict, avert, mitigate, and recover from an event that has or could have a severely negative impact on the business.
• Planning: Tactical, Strategic: Knowledge of effective planning techniques and ability to contribute to operational (short term), tactical (1-2 years) and strategic (3-5 years) planning in support of the overall business plan.
• Risk Management: Knowledge of processes, tools, and techniques for assessing and controlling an organization's exposure to risks of various kinds; ability to apply knowledge of risk management appropriately to diverse situations.
• Talent Management: Knowledge of the critical competencies required to achieve intended results; ability to generate consistent approaches for hiring, selection, retaining and leveraging talent across the organization.
• Team Management: Knowledge of effective team building techniques; ability to form and manage effective teams.
• Information Technology (IT) Security Policies: Knowledge of IT security policies, standards, and procedures; ability to utilize a variety of administrative skill sets and technical knowledge to ensure cyber security compliance.
• Cyber Security: Knowledge of network attacks and the defenses used; ability to defend and prevent electronic threats, theft, and attacks.

Additional Info:

• This role will be based onsite 5 days per week in Irving, TX, Nashville, TN or Peoria, IL with ~15-20% travel.
• Domestic relocation assistance is available for those who qualify.
• Sponsorship is NOT available.

What You Will Get:

• Our goal at Caterpillar is for you to have a rewarding career. Our teams are critical to the success of our customers who build a better world.
• Here you earn more than just a salary because we value your performance. We offer a total rewards package that provides benefits on day one (medical, dental, vision, RX, and 401K) along with the potential of an annual bonus. Additional benefits include paid vacation days and paid holidays.

About Caterpillar -
Caterpillar Inc. is the world's leading manufacturer of construction and mining equipment, off-highway diesel and natural gas engines, industrial gas turbines and diesel-electric locomotives. For nearly 100 years, we've been helping customers build a better, more sustainable world and are committed and contributing to a reduced-carbon future. Our innovative products and services, backed by our global dealer network, provide exceptional value that helps customers succeed.
#LI
Summary Pay Range:
$185,400.00 - $278,160.00
Compensation and benefits offered may vary depending on multiple individualized factors, job level, market location, job-related knowledge, skills, individual performance and experience. Please note that salary is only one component of total compensation at Caterpillar.
Benefits:
Subject to plan eligibility, terms, and guidelines. This is a summary list of benefits.

• Medical, dental, and vision benefits*
• Paid time off plan (Vacation, Holidays, Volunteer, etc.)*
• 401(k) savings plans*
• Health Savings Account (HSA)*
• Flexible Spending Accounts (FSAs)*
• Health Lifestyle Programs*
• Employee Assistance Program*
• Voluntary Benefits and Employee Discounts*
• Career Development*
• Incentive bonus*
• Disability benefits
• Life Insurance
• Parental leave
• Adoption benefits
• Tuition Reimbursement

* These benefits also apply to part-time employees
This position requires working onsite five days a week.
Relocation is available for this position.
Visa Sponsorship is not available for this position. This employer is not currently hiring foreign national applicants that require or will require sponsorship tied to a specific employer, such as, H, L, TN, F, J, E, O. As a global company, Caterpillar offers many job opportunities outside of the U.S which can be found through our employment website at www.caterpillar.com/careers.
Posting Dates:
August 4, 2025 - August 14, 2025
Any offer of employment is conditioned upon the successful completion of a drug screen.
Caterpillar is an Equal Opportunity Employer, Including Veterans and Individuals with Disabilities. Qualified applicants of any age are encouraged to apply.
Not ready to apply? Join our Talent Community.