About Kennametal
With over 80 years as an industrial technology leader, Kennametal Inc. delivers productivity to customers through materials science, tooling and wear-resistant solutions. Customers across aerospace and defense, earthworks, energy, general engineering and transportation turn to Kennametal to help them manufacture with precision and efficiency. Every day approximately 8,700 employees are helping customers in nearly 100 countries stay competitive. Kennametal generated $2.1 billion in revenues in fiscal 2023. Learn more at www.kennametal.com. Follow @Kennametal: Twitter, Instagram, Facebook, LinkedIn and YouTube.
Job Title : Senior Cybersecurity Risk & Compliance Analyst (Sr Specialist IT Security) (47392)
Job Summary
The Senior Cybersecurity Risk & Compliance Analyst is responsible for executing and maintaining Kennametal's enterprise cybersecurity risk management and compliance monitoring activities. This role leads structured cyber risk assessments, supports information classification and protection programs, and monitors the effectiveness of risk mitigation activities.
The role operates as a senior individual contributor and works closely with IT, Security Engineering, Legal, Privacy, and business stakeholders to ensure cybersecurity risks are identified, analyzed, documented, and communicated in alignment with regulatory and business requirements.
Key Job Responsibilities
Cybersecurity Risk Management
- Lead structured cybersecurity risk assessments across business, IT, and OT environments.
- Perform qualitative and quantitative risk analysis using recognized methodologies (e.g., NIST 800-30, FAIR, OCTAVE).
- Maintain cybersecurity risk register entries, including risk statements, impact analysis, likelihood assessments, and remediation tracking.
- Monitor and report the status and effectiveness of risk mitigation plans.
- Develop and present cybersecurity risk status metrics and summaries for leadership review.
- Serve as a subject-matter expert for cybersecurity risk identification and treatment guidance.
Information Security
- Identify confidentiality, integrity, and availability (CIA) requirements for information assets.
- Support Kennametal's information classification and data protection programs.
- Provide risk-based input into data protection controls, including Data Loss Prevention (DLP) strategies.
- Advise stakeholders on appropriate handling, labeling, and protection of sensitive data.
Cybersecurity Compliance Management
- Research and investigate laws and compliance requirements related to information security, including data privacy, data protection, and data breach disclosure
- Support internal and external audit activities by providing risk and control documentation.
- Assist in mapping cybersecurity risks to compliance obligations and control frameworks.
- Track compliance-related remediation actions and report status to stakeholders.
Stakeholder Engagement
- Act as a trusted advisor to business and IT stakeholders on cybersecurity risk topics.
- Collaborate with SOC, IT Operations, Security Engineering, Legal, Privacy, and Third-Party Risk teams.
- Translate technical cybersecurity risks into business-impact language for non-technical audiences.
Years of Relevant Work Experience Required: 3- 5 Years
- Bachelor's degree in information security, Information Systems, Computer Science, or related field.
- 58 years of experience in cybersecurity risk management, GRC, or enterprise risk roles.
- Demonstrated hands-on experience conducting formal cybersecurity risk assessments.
- Working knowledge of major cybersecurity frameworks (NIST RMF, NIST CSF, ISO 27001).
- Strong written and verbal communication skills with the ability to brief technical and non-technical audiences.
Ideal, But Not Required
- Experience working in a global enterprise environment.
- Exposure to data privacy and regulatory compliance (GDPR, U.S. breach laws, SOX).
- Familiarity with IT service management concepts (ITIL).
- Experience with enterprise risk management programs or GRC platforms.
- CISSP, CISM, CRISC, or similar certification
Equal Opportunity Employer
