Sr Manager Global Information Security and Compliance

• Manage and provide technical guidance and leadership to multiple teams of security professionals aligned to the Kennametal security strategy
• Extend the reach of the CISO in influencing the adoption of security improvements across Kennametal, and advocate for cybersecurity improvements with business leaders and project owners
• Provide rapid technical security decisions for stakeholders
• Continuously improve Kennametal's Operations Technology Security practices
• Influence, drive momentum, and promote operational excellence and security maturity
• Develop and maintain a comprehensive information security and compliance strategy, framework, and roadmap that aligns with the business goals and industry best practices.
• Establish and enforce information security and compliance policies, standards, and procedures, and monitor compliance with internal and external audits, regulations, and contracts.
• Oversee the security and compliance of the IT infrastructure, systems, applications, and data, and ensure the implementation of security tools, technologies, and processes.
• Build and maintain strong relationships with internal and external stakeholders, such as business units, vendors, customers, regulators, and auditors, and communicate security and compliance requirements, expectations, and best practices.

• Reduce risk to Kennametal through the development and adoption of structured risk management practices

• Implement and monitor Key Performance Indicators and measurements to evaluate the state of the security program
• Continuously identify indicators of operational security weaknesses and take appropriate improvement actions
• Support analysis and management reporting for enterprise security improvements
• Support the Kennametal Managed Security Service Provider relationships
• Support high-impact incident management and act as an escalation point for security incidents

• Assist in the design, implementation, and management of a cyber threat intelligence program

• Manage US Government information security compliance requirements (NIST 800-171/CMMC)
• Support Global Data Privacy compliance efforts
• Support global audit requirements
• Encourage adoption of standard security architectures and solutions

• 7 to 10 years' experience in roles related to advanced information security
• M.S in information assurance (or related technical field) with minimum of 7 years' experience with enterprise security topics (incident response, IAM, risk, vulnerability management, cyber intelligence, security architecture, insider threat, supply chain risk management, DR/BCP, others)
• Familiarity with industry standards for cybersecurity (NIST CSF, CMMC, ISO27001, ATT&CK, others)
• Experience with NIST 800-171 compliance
• Strong network security knowledge
• At least 3 years' experience managing teams of security professionals.
• Exemplary verbal and written communication skills (English business fluent spoken and written)
• Demonstrated ability to think strategically and perform detailed, complex analysis and data interpretation
• Ability to work under pressure and deal with ambiguous situations

• Experience in a global corporation, including German Workers Councils
• Familiarity with global data privacy regulations and requirements (e.g., GDPR, Chinese PIPL, others)
• Familiarity with Zero Trust and/or SASE concepts, cloud architectures, and Operations Technology, standard cybersecurity frameworks
• Hands-on experience with OT Security
• Familiarity with ITIL
• Understanding of security concerns related to software development practices (secure coding, DevSecOps…)
• Foundational understanding of insider threat
• Experience with information sharing and analysis center(s) (ISACs)

• Candidates must be US Citizens
• General security certification (CISSP, GIAC, CISM)
• Technical security certifications (various)

Kennametal