Job Description

Global Job purpose (A brief statement indicating the basic purpose of the job) The Risk, Compliance, & InfoSec Team Member conducts essential risk management activities for Kennametal. This is accomplished by executing risk assessments and supporting Kennametal’s information classification and protection efforts. In addition, the Team Member is instrumental in helping ensure Kennametal remains aware of and meets compliance requirements. The jobholder will be responsible for the information protection technologies, leading risk assessments, conducting risk analysis and monitoring mitigation plans. Geographical scope Global Major tasks and responsibilities

• Serve as a technical resource for structured cybersecurity risk assessment and analysis
• Consult and guide Kennametal business partners on information classification and labeling
• Provide input to information protection controls, including Data Loss Prevention technologies
• Monitor and consult on risk treatment

Risk Management

• Conduct structured risk assessments
• Develop risk mitigation status reports
• Provide qualified guidance on SOC alerting conditions and necessary data sources

Information Security

• Identify confidentiality, integrity, and availability requirements of Kennametal data and information
• Build security controls commensurate with information security requirements
• Consult on information classification and labeling efforts

Cybersecurity Compliance Management

• Research and investigate laws and compliance requirements related to information security, including data privacy, data protection, and data breach disclosure

Other Areas of Effort

• Support the achievement of the Global IT Strategy

Work relations Internal:

• Global Business stakeholders (process owners, key users, management)
• Teams and team/department leads within IT

Qualifications (Education, skills, experiences)

• B.S in information assurance (or related field) with minimum of 3 years’ experience
• Practical experience with risk assessments (e.g., FAIR, OCTAVE, NIST 800-30, others)
• Experience with managing global compliance requirements (e.g., GDPR, SOX, Chinese Cybersecurity laws, US data breach disclosure)
• Understanding of ITIL/ service management concepts
• Exemplary verbal and written communication skills (English business fluent spoken and written)
• Demonstrated ability to think strategically and perform detailed, complex analysis and data interpretation
• Effective interpersonal skills, out-of-the-box thinking and ability to interface with all levels of staff
• Ability to work under pressure and deal with ambiguous situations
• Ability to travel globally

Ideal, but not required

• Experience in a global corporation
• Experience with enterprise risk management and structured risk assessment programs
• Experience with enterprise information security, including information classification programs
• Experience with Data loss Prevention technologies
• Certified Information Systems Security Professional (CISSP) certification or equivalent
• Experience with managing global compliance requirements related to cybersecurity and data privacy, with specific focus on ITAR/800-171/CMMC, ISO27001, GDPR and other data privacy regulations

Pay Grade - 4 Global Job purpose (A brief statement indicating the basic purpose of the job) The Risk, Compliance, & InfoSec Team Member conducts essential risk management activities for Kennametal. This is accomplished by executing risk assessments and supporting Kennametal’s information classification and protection efforts. In addition, the Team Member is instrumental in helping ensure Kennametal remains aware of and meets compliance requirements. The jobholder will be responsible for the information protection technologies, leading risk assessments, conducting risk analysis and monitoring mitigation plans. Geographical scope Global Major tasks and responsibilities

• Serve as a technical resource for structured cybersecurity risk assessment and analysis
• Consult and guide Kennametal business partners on information classification and labeling
• Provide input to information protection controls, including Data Loss Prevention technologies
• Monitor and consult on risk treatment

Risk Management

• Conduct structured risk assessments
• Develop risk mitigation status reports
• Provide qualified guidance on SOC alerting conditions and necessary data sources

Information Security • • Identify confidentiality, integrity, and availability requirements of Kennametal data and information

• Build security controls commensurate with information security requirements
• Consult on information classification and labeling efforts

Cybersecurity Compliance Management

• Research and investigate laws and compliance requirements related to information security, including data privacy, data protection, and data breach disclosure

Other Areas of Effort

• Support the achievement of the Global IT Strategy

Work relations Internal:

• Global Business stakeholders (process owners, key users, management)
• Teams and team/department leads within IT

Qualifications (Education, skills, experiences)

• B.S in information assurance (or related field) with minimum of 3 years’ experience
• Practical experience with risk assessments (e.g., FAIR, OCTAVE, NIST 800-30, others)
• Experience with managing global compliance requirements (e.g., GDPR, SOX, Chinese Cybersecurity laws, US data breach disclosure)
• Understanding of ITIL/ service management concepts
• Exemplary verbal and written communication skills (English business fluent spoken and written)
• Demonstrated ability to think strategically and perform detailed, complex analysis and data interpretation
• Effective interpersonal skills, out-of-the-box thinking and ability to interface with all levels of staff
• Ability to work under pressure and deal with ambiguous situations
• Ability to travel globally

Ideal, but not required

• Experience in a global corporation
• Experience with enterprise risk management and structured risk assessment programs
• Experience with enterprise information security, including information classification programs
• Experience with Data loss Prevention technologies
• Certified Information Systems Security Professional (CISSP) certification or equivalent
• Experience with managing global compliance requirements related to cybersecurity and data privacy, with specific focus on ITAR/800-171/CMMC, ISO27001, GDPR and other data privacy regulations