|Date Posted||May 1, 2018|
This individual is responsible for the Cyber Security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the digital ecosystem in which Carpenter operates. This role is based in Reading, PA and reports directly to the Chief Information Officer.
- Establish and maintain the information security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the digital ecosystem in which we operate.
- Responsible for identifying, evaluating and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives.
- Develop an information security vision and strategy that is aligned to organizational priorities and enables, facilitates the organization’s business objectives and ensures senior stakeholder buy-in and mandate
- Develop an overall cybersecurity program that creates a cyber resilient enterprise
- Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
- Develop an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensure senior stakeholder buy-in and mandate.
- Develop and enhance an up-to-date information security management framework based on the NIST 800-171
- Provide regular reporting on the current status of the information security program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes.
- An undergraduate degree
- A minimum of ten experience, with five years in a leadership role
- A minimum of three years in a direct cybersecurity capacity
- Must have received the Certified Information Systems Security Professional (CISSP) certification
Knowledge, Skills and Abilities:
- Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials with emphasis on CISSP.
- Knowledge of common information security management frameworks - NIST 800-171
- Experience utilizing and managing existing third party MSSPs
- Direct experience working with tools like Qualys and Kenna
- Excellent communication, analytical and program management skills. The ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
- Project management skills: financial/budget management, scheduling and resource management
- Demonstrated compliance and program management experience
Communicating & Influencing Skills:
- Strong communication, leadership and interactive skills that that can work effectively across multiple cross functional boundaries and can be involved with continuous improvement problem solving tasks.
- Self-Starter who can creatively drive continuous improvement on their own initiative.
- Relate complex inforation technology concepts to employees and management.
- Interact effectively with employees and management at all levels, influencing and supporting people through applying technical knowledge or rational arguments.
- Understands the climate, culture, and relationships within an organization, how things happen and are accomplished, what works, and what doesn't work.
Carpenter Technology Company offers a competitive salary and a comprehensive benefits package including life, medical, dental, vision, flexible spending accounts, disability coverage, 401k with company contributions as well as many other options to employees.
Carpenter Technology Corporation’s policy is to fully and effectively maintain a program of equal employment opportunity and nondiscrimination for all employees, to employ affirmative action for all protected classes, and to recruit and develop the best qualified persons available regardless of age, race, color, religion, sex, gender identity, sexual orientation, marital status, national origin, political affiliation or any other characteristic protected by law. The Company also will recruit, develop and provide opportunities for qualified persons with disabilities and protected veterans.