Security, Risk & Compl Analyst

Huechuraba, CL
Finning international Inc

Position Overview:

Responsible for supporting and maintaining Finning’s overall IT risk management program, identifying, evaluating and reporting on information security risks in a manner that meets Finning’s regulatory and other compliance requirements. Work with the various business units and other internal groups and organisations to implement practices that meet Finning’s defined policies and standards for information risk management.

Job Description:

Major Job Functions

Manage all risk related activities across FinUK BP&S, including planning, testing, reporting, and remediation recommending appropriate remediation activities. Manage risk policy, mitigation, and controls in conjunction with Chief Information Security Officer (CISO) to ensure effective management remediation efforts.

Work with Finning business units and departments to facilitate risk analysis and management. Identify acceptable residual risks and establish roles and responsibilities related to information classification and protection.

Design and conduct threat and risk assessments. Manage the oversight of technical risk assessments (e.g. vulnerability scanning, penetration testing). Manage information asset and application risk assessments. Manage third party risk assessments.

Conduct risk reviews for new applications. Review risk assessments and analyse IT control activities to provide reports and recommendations to the BP&S leadership team and CISO.

Coordinate information security and risk management projects across BP&S and the wider Finning business.

Individual Competencies

  • Customer Focus: Being successful means continuously paying attention to customer needs and adapting as these evolve. This heightens the importance of building strong customer relationships and delivering customer centric solutions
  • Cultivates Innovation: Paying attention to what customers want and need – new and improved products, services, solutions, and experiences. Taking initiative and collaborating with people who have diverse points of view. Embrace the mindset you and Finning are never done, never satisfied, never standing still
  • Drives Results: Infusing the team and organisations with a sense of urgency. Creating a culture where organisational performance is always top of mind. Communicating a vision, setting priorities, developing and executing plans that achieve the desired outcome for Finning
  • Courage: Being comfortable with the conflict that is inherent to being a champion of an idea or course of action. Meeting tough situations head-on to constructively resolve them. Saying what needs to be said at the right time, to the right person, in the right manner to effect change
  • Specific Skills

    Ability to build and maintain harmonious and positive relationships with co-workers, staff and external contacts, and to work effectively in a professional team environment

    Excellent written and verbal skills – including the ability to effectively communicate security and risk related concepts to technical and non-technical audiences – and good interpersonal and collaborative skills

    Good communication skills when interacting with people at all levels – from developers to the board of directors – building a positive rapport

    High degree of initiative, dependability, and ability to work with little supervision

    High level of personal integrity, with the ability to handle confidential and otherwise sensitive matters professionally and with the appropriate level of judgement and maturity

    Solid skills as a negotiator, to facilitate commitment to appropriate levels of residual risk from line of business leaders (desirable)



    Basic knowledge of a broad range of standards and frameworks (e.g. ITIL, ISO 27001, CMMI) and risk management methodologies (e.g. COBIT, COSO)


    A deep understanding of strategic business risks 

    Familiarity with the Caterpillar organisation and/or heavy equipment manufacturing is an asset 

    Ability to develop a comprehensive and deep understanding of Finning’s business, market and industry, and relate that knowledge to identified operations and IT-related risks

    Knowledge necessary to propose relevant IT responses to changing business risks and regulatory changes


    Maintain an understanding of current developments within the industry and regional legislative and regulatory frameworks that could affect established Finning IT policies and practices. Manage, communicate, and develop Finning’s risk and control matrix. Address deficiencies identified by automated assessments, monitoring reviews, internal and external audits, and self-assessments to ensure appropriate remedial measures are taken. Assist in the development of tools, training, policies, and procedures to support the security, risk and compliance program. Provide analytical support to the management team regarding metrics, reporting and special projects. Identify and implement opportunities for automation or efficiencies to improve governance/audit controls within BP&S. Review workflows, hand-offs, process steps and existing policies and procedures; analyse areas for improvement and provide recommendations. Identify and monitor non-compliance and raise when appropriate. Develop, promote and monitor the regional Finning’s Records Retention program and ensure alignment with Finning’s global records management practices. Work with business units to ensure data is properly classified. Maintains relationship with the Risk, Assurance and Advisory Services (RAAS) group. Provides oversight and management of audit finding remediation, including generating requirements for full remediation, providing feedback and suggestions on managerial responses to findings, and tracking progress. Works within the information security governance process to define control recommendations that are both efficient and effective. Coordinate Information Security Awareness initiatives. Prepare and present relevant material in collaboration with the Information Security Manager and Security Champions. Build positive empathic relationships with the Finning group and primary 3rd party providers. Work with 3rd party suppliers and BP&S to ensure approved processes are followed. Provide feedback to the Functional Excellence Manager on 3rd party supplier and BP&S performance. Responsibility for review of IT controls relating to service availability, governance, user access, security, data, network and 3rd party operations. Compliance and security oversight of 3rd party managed services. Responsibility to change control oversight, review, communication, authorisations. Review policy documentation for change control, incident management, asset coordination, disaster recovery, and security. Management and coordination of performance, response, and remedial actions relating to internal and external IT audits and 3rd party security assessments. Operational review of system vulnerability scan and event audit outputs and coordination of follow up activity. Ensure positive feedback from management/leadership team.

    Education and Experience

    Educated to Degree level

    3 to 5 years’ experience in IT risk management or a related discipline

    Experience of outsource services (desirable)

    Working Environment

    Office Based

    Internal requirements:

    - Current level: 3B at least

    - Current evaluation: 3.0 at least

    - Current job position: 1 year

    We are committed to diversity at Finning, to building and sustaining a diverse and inclusive workforce and as an equal opportunity employer we encourage applications from all qualified individuals. Finning does not discriminate against applicants based on genders, races, national and ethnic origins, religions, ages, sexual orientation, marital and family status, and/or mental or physical disabilities.


    Huechuraba, CL

    By clicking apply you will leave devsnap. Please be careful. You should never have to pay to apply.
    A new version is available REFRESH