Sr Manager Global Information Security and Compliance
Kennametal
- Pittsburgh, PA
- Permanent
- Full-time
- Manage and provide technical guidance and leadership to multiple teams of security professionals aligned to the Kennametal security strategy
- Extend the reach of the CISO in influencing the adoption of security improvements across Kennametal, and advocate for cybersecurity improvements with business leaders and project owners
- Provide rapid technical security decisions for stakeholders
- Continuously improve Kennametal's Operations Technology Security practices
- Influence, drive momentum, and promote operational excellence and security maturity
- Develop and maintain a comprehensive information security and compliance strategy, framework, and roadmap that aligns with the business goals and industry best practices.
- Establish and enforce information security and compliance policies, standards, and procedures, and monitor compliance with internal and external audits, regulations, and contracts.
- Oversee the security and compliance of the IT infrastructure, systems, applications, and data, and ensure the implementation of security tools, technologies, and processes.
- Build and maintain strong relationships with internal and external stakeholders, such as business units, vendors, customers, regulators, and auditors, and communicate security and compliance requirements, expectations, and best practices.
- Reduce risk to Kennametal through the development and adoption of structured risk management practices
- Implement and monitor Key Performance Indicators and measurements to evaluate the state of the security program
- Continuously identify indicators of operational security weaknesses and take appropriate improvement actions
- Support analysis and management reporting for enterprise security improvements
- Support the Kennametal Managed Security Service Provider relationships
- Support high-impact incident management and act as an escalation point for security incidents
- Assist in the design, implementation, and management of a cyber threat intelligence program
- Manage US Government information security compliance requirements (NIST 800-171/CMMC)
- Support Global Data Privacy compliance efforts
- Support global audit requirements
- Encourage adoption of standard security architectures and solutions
- 7 to 10 years' experience in roles related to advanced information security
- M.S in information assurance (or related technical field) with minimum of 7 years' experience with enterprise security topics (incident response, IAM, risk, vulnerability management, cyber intelligence, security architecture, insider threat, supply chain risk management, DR/BCP, others)
- Familiarity with industry standards for cybersecurity (NIST CSF, CMMC, ISO27001, ATT&CK, others)
- Experience with NIST 800-171 compliance
- Strong network security knowledge
- At least 3 years' experience managing teams of security professionals.
- Exemplary verbal and written communication skills (English business fluent spoken and written)
- Demonstrated ability to think strategically and perform detailed, complex analysis and data interpretation
- Ability to work under pressure and deal with ambiguous situations
- Experience in a global corporation, including German Workers Councils
- Familiarity with global data privacy regulations and requirements (e.g., GDPR, Chinese PIPL, others)
- Familiarity with Zero Trust and/or SASE concepts, cloud architectures, and Operations Technology, standard cybersecurity frameworks
- Hands-on experience with OT Security
- Familiarity with ITIL
- Understanding of security concerns related to software development practices (secure coding, DevSecOpsā¦)
- Foundational understanding of insider threat
- Experience with information sharing and analysis center(s) (ISACs)
- Candidates must be US Citizens
- General security certification (CISSP, GIAC, CISM)
- Technical security certifications (various)