Information Security & Risk Analyst (ITAR/800-171/CMMC, ISO27001, GDPR)

Kennametal Inc. (NYSE: KMT) brings together materials science, technical expertise, innovative thinking and superior customer service to help the world fly, drive, power and build. Our tools, materials and wear-resistant solutions enable customers to run longer, cut faster and machine with greater precision. Kennametal is built for performance, and every day approximately 8,700 employees are helping customers in more than 60 countries stay competitive. Kennametal generated $2.0 billion in revenues in fiscal 2022.

Learn more at www.kennametal.com. Follow @Kennametal: Twitter, Instagram, Facebook, LinkedIn and YouTube.

Job Title: Analyst IT Security- Information Security & Risk Management

Location: Bangalore      

Global Job purpose (A brief statement indicating the basic purpose of the job)

The Info Security, Risk & Compliance Team Member will be responsible for the management of Kennametal’s information protection technologies, including managing Kennametal’s Microsoft compliance portal including Data Classification, Data Labeling and Data Loss Prevention.  In addition, this team member will be responsible for leading risk assessments, conducting risk analysis and monitoring mitigation plans.   This Team Member is also instrumental in helping ensure Kennametal remains aware of and meets compliance requirements, conducts essential risk management activities for Kennametal by executing risk assessments and supporting Kennametal’s information classification and protection efforts. 

Major tasks and responsibilities

• Consult and guide Kennametal business partners on information classification and labeling
• Provide input to information protection controls, including Data Loss Prevention technologies
• Serve as a technical resource for structured cybersecurity risk assessment and analysis
• Monitor and consult on risk treatment

Risk Management

• Conduct structured risk assessments
• Develop risk mitigation status reports
• Provide qualified guidance on SOC alerting conditions and necessary data sources

Information Security

• Identify confidentiality, integrity, and availability requirements of Kennametal data and information
• Build security controls commensurate with information security requirements
• Consult on information classification and labeling efforts

Cybersecurity Compliance Management

• Research and investigate laws and compliance requirements related to information security, including data privacy, data protection, and data breach disclosure

Qualifications (Education, skills, experiences)

• B.S in information assurance (or related field) with minimum of 3 years’ experience
• Experience with Data Classification and Data Labeling Technologies, Microsoft Azure Information Protection experience is a plus
• Experience with Data loss Prevention technologies

• Experience with enterprise information security, including information classification programs
• Experience with managing global compliance requirements (e.g., GDPR, SOX, Chinese Cybersecurity laws, US data breach disclosure)

• Exemplary verbal and written communication skills (English business fluent spoken and written)
• Demonstrated ability to think strategically and perform detailed, complex analysis and data interpretation
• Effective interpersonal skills, out-of-the-box thinking and ability to interface with all levels of staff
• Ability to work under pressure and deal with ambiguous situations
• Ability to travel globally

Ideal, but not required

• Experience in a global corporation
• Experience with enterprise risk management and structured risk assessment programs
• Practical experience with risk assessments (e.g., FAIR, OCTAVE, NIST 800-30, others)
• Certified Information Systems Security Professional (CISSP) certification or equivalent
• Experience with managing global compliance requirements related to cybersecurity and data privacy, with specific focus on ITAR/800-171/CMMC, ISO27001, GDPR and other data privacy regulations
• Understanding of ITIL/ service management concepts

Equal Opportunity Employer