Cybersecurity Analyst IV - Data Protection

Carpenter Technology Corporation is a leading producer and distributor of premium specialty alloys, including titanium alloys, nickel and cobalt based superalloys, stainless steels, alloy steels and tool steels.  Carpenter Technology’s high-performance materials and advanced process solutions are an integral part of critical applications used within the aerospace, transportation, medical and energy markets, among other markets.  Building on its history of innovation, Carpenter Technology’s wrought and powder technology capabilities support a range of next-generation products and manufacturing techniques, including novel magnetic materials and additive manufacturing.

CYBERSECURITY ANALYST IV – DATA PROTECTION

PRIMARY RESPONSIBILITIES FOR THE CYBERSECURITY ANALYST IV – DATA PROTECTION

• Leads data protection related projects, control assessment, and information lifecycle management. 
• Assist in the review of data protection requirements of business functions and document the available solutions and processes; DLP, Tokenization, Logical Access Controls, Encryption, and other related data protection technologies
• Lead working committees and orchestrate Data Protection Advocates embedded in each business function.
• Collaborates with Cybersecurity and IT teams to keep Data Leakage Prevention (DLP) infrastructures in optimal ready state.
• Creates/updates standard operating procedures and as-built documentation.  Routinely publishes performance metrics.
• Promote Data-Centric Security design and operations
• Partners with Legal to evaluate new compliance obligations, confirms systems in scope, assesses risk, and recommends actions for IT and Business Policy and Process improvements.
• Develops and advances data protection awareness campaigns including Policy and Best Practices
• Advises multiple teams (IT, Manufacturing, R&D, Customer Solutions, Managers, etc.) with data classification, proper data handling, data truncation/masking, record retention, policies, and best practices.  Contributes to business enabling initiatives.  Provides prescriptive guidance regarding secure handling of data. 
• Assists with incident handling and digital forensic examination
• Enables Artificial Intelligence and Machine Learning technology in a data secure manner
• Examines design and operational effectiveness of security controls.  Coordinates audit engagements led by Internal Audit, Regulator, or external audit firm.
• Performs assessment of internal and third-party cybersecurity risk.  Examines audit reports (e.g., SOC 1, SOC 2, ISO 27001, etc.).  Prepares responses to customer inquiries about Carpenter compliance related to IT and Security.
• Routinely publishes Governance, Risk, and Compliance (GRC) metrics.
• Perform all other duties and special projects as assigned.

REQUIRED FOR THE CYBERSECURITY ANALYST IV – DATA PROTECTION

• Bachelor of Science degree in computer science or related field preferred.
• Associate's degree in computer science or related field minimum required with a combination of Cybersecurity related certifications (e.g., CISSP, CISM, GCIH, GCIA, CEH, Security+, etc.) and additional 2 years' experience.
• Strong understanding of Data Protection Legislation, GDPR and CUI requirements including impact and risk assessments
• Advanced understanding of Data Management technology and principles
• Minimum 9 years of related experience with Data Protection, Access Management, Security Operations, Vulnerability Management, Logica Access Controls, Compliance, or Audit
• Advanced understanding of information technology
• Advanced knowledge of multiple security domains and common security controls
• Expert knowledge of 3-6 security domains
• Strong understanding of data protection regulations and standards, with enterprise-wide application
• Review and improve data usage, data protection controls, and data architecture across Corporate and Manufacturing Systems
• Adoption of security best practices and industry standards (e.g. NIST, ISO, CIS, COBIT, OWASP, etc.)
• Basic understanding of Cloud environment (AWS and Azure) and secure design
• Security Incident Planning and Handling
• Lead for large IT/Cybersecurity projects
• Multi-task and manage demands of multiple projects, incidents, and tasks
• Meet deadlines and manage changing priorities
• Perform effectively both independently and in a team environment
• Security Initiative Project Management

PREFERRED FOR THE CYBERSECURITY ANALYST IV-DATA PROTECTION

• Strong collaboration skills and comfortable working in a team environment
• Manage stressful situations associated with cyber-attack and compliance
• Influence fellow technical staff regarding security, compliance, and risk
• Identifies opportunities for improvement and makes constructive suggestions for change
• Perform research and communicating findings to technical and non-technical audience
• Ability to liaise with and brief senior stakeholders

Carpenter Technology Company offers a competitive salary and a comprehensive benefits package including life, medical, dental, vision, flexible spending accounts, disability coverage, 401k with company contributions as well as many other options to employees.

Carpenter Technology Corporation’s policy is to fully and effectively maintain a program of equal employment opportunity and nondiscrimination for all employees, to employ affirmative action for all protected classes, and to recruit and develop the best qualified persons available regardless of age, race, color, religion, sex, gender identity, sexual orientation, marital status, national origin, political affiliation or any other characteristic protected by law. The Company also will recruit, develop and provide opportunities for qualified persons with disabilities and protected veterans.