Position Summary:
Lead team with the delivery of security services (e.g., GRC, IAM, SOC, Security Engineering, Compliance, Patch and Vulnerability Management). Develop and Manage staff. Govern security and grow security awareness. Plan and Manage Resources (e.g., financial, project, people, technology)
Principal Purpose of Position:
- Provides leadership, and well as operational and tactical direction to diverse teams including cybersecurity analysts, auditors, and IT.
- Governs using policies, standards, procedures, and technical controls
- Develops and manages staff
- Plans and manages resources (e.g., financial, project, people, technology)
- Applies best practices from authoritative sources such as NIST, CIS, ISO, OWASP, and SANS
- Leads security operations including handling requests from Business and IT teams.
- Guides internal customers with security policy and assists with security awareness
- Serves as lead security incident handler and guides incident response
- Monitors threat intelligence feeds and updates security metrics
- Examines malware and malicious scripts
- Advises executive leadership team with strategies to sustain compliance and mitigate risk
- Researches, evaluates, recommends, and implements IT security solutions (e.g., firewalls, intrusion detection, malware prevention, endpoint protection, etc.)
- Guides patch and vulnerability management
- Tests effectiveness of security program and controls
- Communicates effectively with business to identify needs and evaluate alternative secure solutions
- Establishes quality and technical standards
- Manages vendors and managed security service providers
- Performs internal compliance assessments and responds to regulator/customer inquires
Education and/or Training:
- B.S. degree (required) or M.S. degree (desired) in computer science or information technology
- Relevant IT and security certifications including CISSP, CISM, GCIH, and GSLC (2 of the 4 certifications required)
Relevant Work Experience:
- 11 - 15 years of related experience with Security, Audit, or other relative system experience
- 3 - 5 years of related experience leading IT or Security teams
- Staff management role responsible with technical services
- Deep understanding of security best practices and industry standards (e.g. Expert knowledge of security domains and common security controls
- Security Operations management
- Security infrastructure implementation and lifecycle management
- Security Incident Response Team experience, ideally as team lead
- Recruiting and developing team members
- Strong analytical and problem-solving skills
- Vendor selection and management
Planning/Organizing/Managerial Knowledge:
(Ranges from task-focused to integrating related functions, to broadly strategic integration)
- Managing operations, projects, and security incidents simultaneously
- Positively influence others without use of authority
- Budget forecasting and expense management
- Continuous process improvement based on lessons learned and best practices
- Project Management and Governance
Communicating & Influencing Skills:
(Does the job require communication, reasoning with others, or changing behaviors?)
- Strong collaboration skills and comfortable working in a team environment
- Ability to manage stressful situations associated with cyber-attack
- Influence IT and Business customers regarding security, compliance, and risk
- Credibly communicate cybersecurity concepts to technical and non-technical audience
Carpenter Technology Company offers a competitive salary and a comprehensive benefits package including life, medical, dental, vision, flexible spending accounts, disability coverage, 401k with company contributions as well as many other options to employees.
Carpenter Technology Corporation's policy is to fully and effectively maintain a program of equal employment opportunity and nondiscrimination for all employees, to employ affirmative action for all protected classes, and to recruit and develop the best qualified persons available regardless of age, race, color, religion, sex, gender identity, sexual orientation, marital status, national origin, political affiliation or any other characteristic protected by law. The Company also will recruit, develop and provide opportunities for qualified persons with disabilities and protected veterans.