Our culture believes in Powering Your Potential. We provide global opportunities to develop your career, make your community a better place and work with today's most innovative thinkers to solve the world's toughest problems.

We believe in flexibility for you to explore your passions while making an impact through meaningful work within our inclusive workforce. That's what #LifeAtCummins is all about.

CYBERSECURITY RISK ANALYST - SENIOR

Description

Leads the support of the organization's cybersecurity framework, including policy, standards and baselines. Understands and applies appropriate handling of risk and compliance from internal and external perspectives to assure that existing and new technology solutions meet the organization's cybersecurity risk requirements.

Understands and applies Cummins cybersecurity policies and industry data privacy principles.

Leads cybersecurity risk identification utilizing identified Cummins risk management frameworks while providing guidance to the team to evaluate severity and mitigation plans.

Coaches and develops less experienced team members.

Understands and applies frameworks and standards (eg NIST, ISO, ITIL, Cobit) in a manner specific to Cummins processes and controls.

Provides cybersecurity technical expertise for technology solutions.

Collaborates with stakeholders on requests for new and changing technology solutions, acting as a trusted business partner and advisor.

Skills

Regulatory Risk Compliance Management - Evaluates the design and effectiveness of controls against established industry frameworks and regulations to assess adherence with legal/regulatory requirements.

Cybersecurity Risk Management - Identifies and assesses the potential impact of Cybersecurity risks against established Cybersecurity industry frameworks, regulations and organizational policies to develop and implement risk mitigation strategies in alignment with business objectives.

Action oriented - Taking on new opportunities and tough challenges with a sense of urgency, high energy, and enthusiasm.

Ensures accountability - Holding self and others accountable to meet commitments.

Training Delivery - Instructs learners in a manner that engages and adjusts to individual and group needs resulting in knowledge, skills and abilities that can be applied on the job.

Business insight - Applying knowledge of business and the marketplace to advance the organization's goals.

Tech savvy - Anticipating and adopting innovations in business-building digital and technology applications.

Manages complexity - Making sense of complex, high quantity, and sometimes contradictory information to effectively solve problems.

Balances stakeholders - Anticipating and balancing the needs of multiple stakeholders.

Resourcefulness - Securing and deploying resources effectively and efficiently.

Organizational savvy - Maneuvering comfortably through complex policy, process, and people-related organizational dynamics.

Persuades - Using compelling arguments to gain the support and commitment of others.

Education, Licenses, Certifications

2 or 4 year College, university, or equivalent degree in Cybersecurity, IT, or a related subject or equivalent industry experience required.

This position may require licensing for compliance with export controls or sanctions regulations.

Experience

Intermediate level of relevant work experience required. 3-5 years of experience

At least 5 years of experience in vulnerability management technical roles with a demonstrated experience leading cybersecurity vulnerability management efforts and technical solutions with engineers. Strong understanding of network topologies and how they affect vulnerability criticality and likelihood of impact and exploitation. Ability to execute work efforts timely and thoroughly while providing processes, documentation and training others. Strong working understanding of vulnerability management network scanning tools such as Qualys, Tenable and Rapid7 and remediation of vulnerabilities. Strong understanding of cybersecurity best practices and frameworks such as NIST, MITRE, and OWASP Work closely with infrastructure and application teams for on-prem and cloud assets to advise and assist in remediation of vulnerabilities within proper timeframes and track remediation and assist in incident response activities. Strong understanding of vulnerability criticality and ability to discuss patching or configuration solutions as well as mitigations with stakeholders. Ability to create vulnerability assessments and provide stakeholders with the information to enable them to effectively reduce risk and prioritize best approaches. Strong team player with ability to work harmoniously and cooperatively in a team environment. Position is hybrid but will need the ability to travel at a minimum of 10% to other Cummins locations when necessary.

Compensation and Benefits

Base salary rate commensurate with experience. Additional benefits vary between locations and include options such as our 401(k) Retirement Savings Plan, Cash Balance Pension Plan, Medical/Dental/Life Insurance, Health Savings Account, Domestic Partners Coverage and a full complement of personal and professional benefits.

Compensation and Benefits

Salary range is $85,000 to $126,000. Please note that the salary range provided is a good faith estimate on the applicable range. The final salary offer will be determined after taking into account relevant factors, including a candidate's qualifications and experience, where appropriate.

Additional benefits vary between locations and include options such as our 401(k) Retirement Savings Plan, Cash Balance Pension Plan, Medical/Dental/Life Insurance, Health Savings Account, Domestic Partners Coverage and a full complement of personal and professional benefits.

Cummins and E-verify

At Cummins, we are an equal opportunity and affirmative action employer dedicated to diversity in the workplace. Our policy is to provide equal employment opportunities to all qualified persons without regard to race, gender, color, disability, national origin, age, religion, union affiliation, sexual orientation, veteran status, citizenship, gender identity and/or expression, or other status protected by law. Cummins validates right to work using E-Verify. Cummins will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS), with information from each new employee's Form I-9 to confirm work authorization.

Job SYSTEMS/INFORMATION TECHNOLOGY

Primary Location United States-Indiana-Columbus-US, IN, Columbus, Corporate Office Building

Job Type Experienced - Exempt / Office

Recruitment Job Type Exempt - Experienced

Job Posting Jul 27, 2023, 2:00:00 AM

Unposting Date Ongoing

Organization Corporate

Role Category Hybrid - Potential for Partial Remote

Req ID: 2300068W