IT Risk & Compliance Professional

We are seeking an analytical detail‑oriented and technically proficient IT Risk & Compliance Professional to join our Enterprise IT Controls team. The IT Risk & Compliance Professional acts as the primary subject matter expert and trusted adviser for Enterprise IT Controls compliance, leading interactions with internal customers at all levels and providing global support.

• Provide guidance and train teams on ownership implementation and execution of Enterprise IT Controls.
• Communicate, implement and manage organizational change of IT control changes and ownership.
• Coordinate and lead training of Process Owners, Execution Owners and Execution teams on IT Controls requirements.
• Develop strong relationships with Process Owners and Execution Owners.
• Be the key contact for IT controls and governance compliance.
• Provide enterprise governance and consultation on IT controls policies, processes, deadlines and testing.
• Ensure IT Control self‑attestation participants understand results and make recommendations based upon implications.
• Provide guidance to execution teams to help ensure control issues are remediated timely.
• Challenge stakeholders on root causes of risk and effectiveness of remediation activities.
• Coordinate scheduling, monitoring and management of internal self‑attestations across enterprise.
• Train impacted Process Owners, Execution Owners and Execution Team Members on how to complete self‑attestations.
• Lead risk assessment reviews of processes to ensure compliance, proactively manage risk and contribute to the annual risk management process.
• Escalate non‑compliance to controls or deadlines to IT Management.
• Ensure IT controls and governance tools and artifacts remain in alignment with current organization and responsibilities.
• Engage with Process Owners to understand compliance for their processes and make improvement recommendations.
• Lead teams in continuous improvement activities within the IT Control framework.
• Execute User Acceptance Testing (UAT) for changes/enhancements to the ServiceNow IRM module for the self‑attestation process.
• Lead projects on the continuous improvement of the IT Controls methodology.
• Identify and document reporting requirements to ensure relevant risk and compliance reporting to IT management.
• Communicate relevant risk and compliance status to appropriate Process Owners and/or Execution Owners.

• Process Management: Knowledge of business process improvement tools and techniques; ability to understand, monitor, update, control or enhance existing business or work processes.
• IT Risk Management: Knowledge of processes, tools and techniques for assessing and controlling an organization’s exposure to IT risks; ability to apply risk management appropriately to diverse situations.
• Analytical Thinking: Knowledge of techniques and tools that promote effective analysis; ability to determine root causes of problems and create alternative solutions.
• Data Gathering and Reporting: Knowledge of tools, techniques and processes for gathering and reporting data; ability to practice them in specific departments/divisions.

• Bachelor’s degree.
• Proficient in English.
• Experience from more than one IT business operation/process (e.g., application development/support, infrastructure implementation/support).
• Experience with processes, tools and techniques for assessing and controlling an organization’s exposure to IT risks and applying risk management appropriately.
• Ability to understand multiple perspectives, evaluate effectiveness and efficiency of processes, communicate appropriately and make recommendations with a strategic enterprise perspective.
• Preference for a background in auditing, compliance, cybersecurity or risk management, or experience managing risk through identification, assessment and mitigation.

• Prior experience with identity and access management, role‑based access control (RBAC), proactive risk identification, continuous control monitoring and process maturity analysis.
• Hands‑on experience with GRC platforms such as ServiceNow IRM and/or AuditBoard.
• Proven ability to configure, manage and optimize workflows within these tools to support risk assessments, control monitoring, audit management and compliance reporting.
• Familiarity with integrating GRC tools into enterprise environments and leveraging automation for continuous control monitoring.
• Hands‑on experience with data analysis and visualization tools/platforms (Snowflake, SQL, Power BI, Tableau, Microsoft Excel, etc.).
• Strong initiative, accountability, process focus and communication skills.
• Experience delivering difficult issues and messages to business partners or IT leadership while maintaining composure.
• Industry/commercial certifications such as CRISC, CISA, CISM, CISSP, CIA, CPA or willingness to obtain one within one year of starting.

• This position may require 10 % travel.
• Position requires onsite work five days a week.
• Extends maternity and paternity leave.
• Benefit eligibility may vary by position and location; benefits may change subject to legal requirements.

• Medical plan
• Dental plan
• Medicines reimbursement
• Psychological, Legal, Social and Finance Support Program
• Private pension plan
• Profit share
• Meal assistance
• Christmas basket
• Transportation
• Life and personal insurance

Caterpillar reserves the right to change or modify benefits at any time subject to prior notice and in compliance with legal requirements.

Employee resources groups: Young Professional Women In Networking, LAMBDA (LGBTQIA), Latin Group, and Active in Sport.

Caterpillar is an Equal Opportunity Employer. Qualified applicants of any age are encouraged to apply.

Recruitment notes: The Recruitment & Selection area does not use personal emails or emails from other domains, and does not request any type of payment for the selection process.

Job posting dates: dezembro 10 2025 - janeiro 4 2026.

Important: Include resume in English in your profile in Workday and check application status directly in Workday.