Cyber Governance Jobs (NOW HIRING)

Howmet Aerospace Inc. has an exciting opportunity to join our dynamic Cybersecurity team as a Manager, Cybersecurity Policy, Risk & Governance. This position will report directly to the Chief Information Security Officer (CISO).  This strategic role is responsible for leading the development, implementation, and oversight of our Cyber Policy, Risk & Governance strategy related to evolving cyber regulations and laws.

This role requires deep technical expertise, strong leadership, and the ability to translate complex regulatory and security requirements into scalable, business-friendly solutions.  As a subject matter expert in Cyber Policy, Risk & Governance, you will play a pivotal role in ensuring that cybersecurity controls are effectively designed, implemented, and communicated across the organization to protect Howmet Aerospace’s global information assets.

Major activities/key challenges:

This position does the following in accordance with all applicable International, Federal, State and local laws/regulations and the Company’s policies, procedures and guidelines:  

• Align cybersecurity governance strategy with Howmet’s strategic priorities, business strategies, and standard processes.

• Partner with Global Information Services (GIS) directors/teams and functional groups (HR, Legal, Privacy, Trade Compliance, EHS, etc.) to standardize and evolve cybersecurity posture.

• Consult with Business Unit (BU) and Functional Area Leaders to assess governance and risk needs, delivering impactful programs in policy development, training, mentorship, and risk management.

• Lead the global governance and risk management process to support cybersecurity maturity and performance alignment.

• Build, lead, and mentor a high-performing cyber governance & risk team, fostering innovation and accountability.

• Design and deliver training, communications, and tools to support cybersecurity initiatives across GIS and BU teams.

• Develop and implement change management strategies to support adoption of new cybersecurity policies and practices.

• Provide organizational maturity assessments and interventions to enhance cybersecurity capabilities.

• Monitor industry trends, conduct benchmarking, and recommend solutions aligned with Howmet’s cybersecurity strategy.

• Collaborate with CIS teams to align business processes and technology platforms for optimal governance and risk outcomes.

• Support the CISO in strategic planning, compliance certifications (e.g., CMMC, ISO 27001), and regulatory interpretation (e.g., NIST 800-171, NIS2, UK Cyber Essentials).

• Create and manage procedures, work instructions, and contribute to corporate cybersecurity policies and standards.

• Track and report performance metrics to guide program investments and continuous improvement.

• Oversee internal teams and external vendors to meet governance and risk objectives within budget and timelines.

• Represent CIS in cross-business planning initiatives and support CISO in governance-related audits, customer inquiries, and leadership engagements.

• Serve as a leadership proxy for the CISO when required.

Essential knowledge, skills, and abilities:

• Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint, Visio, Project, Outlook, SharePoint).

• Expertise in designing and delivering GRC programs and cybersecurity governance frameworks.

• Strong understanding of global cybersecurity laws, regulations, and standards (e.g., NIST CSF & RMF, ISO 27001, TISAX, AirCyber).

• Ability to interpret and apply regulatory requirements to policy development and risk mitigation strategies.

• Skilled in risk tracking and analysis using tools such as risk registers.

• Strong analytical and decision-making capabilities based on data and cybersecurity trends.

• Experience in incident response planning and governance issue resolution.

• Exceptional communication and presentation skills for both technical and non-technical audiences.

• Proven ability to influence and collaborate across all organizational levels without direct authority.

• Experience presenting to executive leadership and boards.

• Deep understanding of IT systems, infrastructure, and cybersecurity technologies.

• Demonstrated leadership, problem-solving, and change management skills in a global, decentralized environment.

Basic Qualifications:

• Bachelor’s degree in business administration, Cybersecurity, Management of Information Systems (MIS), or a related field from an accredited institution.

• At least 5 years of experience leading cybersecurity programs, including 2+ years in cyber 

  governance and risk management in a global organization.

• At least one Industry certifications such as CISSP, ISO 27001, CMMC CCP or equivalent.

• Hands on experience implementing successful ISO27001 certifications 

• Must be legally authorized to work in the United States without sponsorship.

Preferred Qualifications:

• Juris Doctor (JD) in Cyber Law, Intellectual Property Law, or related governance field.

• Advanced certifications: CMMC CCA, CISM, ISO 27001 Lead Implementer, ITIL, CRISC, GRC, or CISO-level credentials.

• Experience leading global cyber governance programs in a complex enterprise environment; preferably in a manufacturing environment

Work Location & Travel Requirements
This position follows a hybrid or remote work model based on the candidate’s proximity to a Howmet Aerospace facility:

• Candidates located within 65 miles of a Howmet facility will be expected to work a hybrid schedule aligned with local site expectations.
• Candidates located outside of a commuting distance may be eligible for remote work, with predetermined travel to the Pittsburgh Howmet Corporate Center (typically one week per month or as business needs require).
• Outside of remote and hybrid location travel schedules, additional travel up to 25% may be required. 

Howmet Aerospace reserves the right to modify work location expectations based on evolving business needs

Salary Range: $110k - $130k/year approximation (actual compensation is subject to variation due to factors such as education, experience, skillset, and/org. location).