Senior Security Advisor enhancing security measures to align with corporate objectives at Desjardins. Leading development of strategic initiatives and overseeing best practices in security.
About the role
- Senior Cybersecurity Risk & Compliance Analyst responsible for executing cybersecurity risk management and compliance monitoring at Kennametal. Collaborating with stakeholders to identify and mitigate cybersecurity risks.
Responsibilities
- Lead structured cybersecurity risk assessments across business, IT, and OT environments.
- Perform qualitative and quantitative risk analysis using recognized methodologies (e.g., NIST 800-30, FAIR, OCTAVE).
- Maintain cybersecurity risk register entries, including risk statements, impact analysis, likelihood assessments, and remediation tracking.
- Monitor and report the status and effectiveness of risk mitigation plans.
- Develop and present cybersecurity risk status metrics and summaries for leadership review.
- Serve as a subject-matter expert for cybersecurity risk identification and treatment guidance.
- Identify confidentiality, integrity, and availability (CIA) requirements for information assets.
- Support Kennametal’s information classification and data protection programs.
- Provide risk-based input into data protection controls, including Data Loss Prevention (DLP) strategies.
- Advise stakeholders on appropriate handling, labeling, and protection of sensitive data.
- Research and investigate laws and compliance requirements related to information security, including data privacy, data protection, and data breach disclosure.
- Support internal and external audit activities by providing risk and control documentation.
- Assist in mapping cybersecurity risks to compliance obligations and control frameworks.
- Track compliance-related remediation actions and report status to stakeholders.
- Act as a trusted advisor to business and IT stakeholders on cybersecurity risk topics.
- Collaborate with SOC, IT Operations, Security Engineering, Legal, Privacy, and Third-Party Risk teams.
- Translate technical cybersecurity risks into business-impact language for non-technical audiences.
Requirements
- 3-5 Years relevant work experience
- Bachelor’s degree in information security, Information Systems, Computer Science, or related field
- 5–8 years of experience in cybersecurity risk management, GRC, or enterprise risk roles
- Demonstrated hands-on experience conducting formal cybersecurity risk assessments
- Working knowledge of major cybersecurity frameworks (NIST RMF, NIST CSF, ISO 27001)
- Strong written and verbal communication skills
- Ideal but not required: Experience working in a global enterprise environment, Exposure to data privacy and regulatory compliance (GDPR, U.S. breach laws, SOX), Familiarity with IT service management concepts (ITIL), Experience with enterprise risk management programs or GRC platforms, CISSP, CISM, CRISC, or similar certification.
Benefits
- Health insurance
- Retirement plans
- Paid time off
- Flexible work arrangements
- Professional development opportunities
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Controls Professional assessing internal control frameworks at Barclays, improving control effectiveness and managing risks to ensure compliance with regulations.
Senior Information Security Engineer at Wells Fargo investigating insider threats and strengthening cybersecurity measures. Conducting advanced investigations and collaborating with cyber teams to mitigate risks.
Staff Product Manager overseeing enterprise security product strategy for Tenable. Collaborating with various teams to deliver customer - focused solutions and product features.
Information Systems Security Officer managing operational security posture for information systems at GDIT. Collaborating closely with ISSM and ISO, handling security aspects, and ensuring compliance with security standards.
Program Security Representative providing multi - discipline security support for Special Access Programs. Ensuring compliance, developing policies, and conducting security assessments in a military context.
Senior Cyber Security Project Manager at Airbus Protect managing medium complexity projects in Cyber Security Consulting. Focusing on project leadership and team management in diverse client settings.
Security Architect responsible for designing cloud security architectures for leading brands. Ensuring compliance and guiding incident response strategies in AWS environments.
Senior Security Consultant for ISMS Management at Bundesdruckerei GmbH in Berlin. Responsible for security analysis, management, and advisory roles on cybersecurity issues.
IT - Systemadministrator managing Video Surveillance and Alarm Systems at Mühlbauer. Supporting technical solutions for multimedia and conference systems with project involvement and ticket handling.