Director Model Risk Governance Jobs in Washington, PA

Howmet Aerospace Inc. (NYSE: HWM), headquartered in Pittsburgh, Pennsylvania, is a leading global provider of advanced engineered solutions for the aerospace and transportation industries. Our primary businesses focus on jet engine components, aerospace fastening systems, titanium structural parts and forged wheels. With $8.3 Billion in revenue in 2025, our products play a crucial role in enabling fuel efficiency and lightweighting, contributing to our customers' success and making a positive impact on the world. To learn more about the way Howmet Aerospace Inc. is advancing the sustainability of our customers, markets, and communities where we operate, review the 2025 Environmental Social and Governance report at www.howmet.com/esg-report. Follow: LinkedIn, Twitter, Instagram, Facebook, and YouTube.

Equal Opportunity Employer:

Howmet is proud to be an Equal Employment Opportunity employer. We are committed to creating an inclusive environment for all employees. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or other applicable legally protected characteristics.

If you need assistance to complete your application due to a disability, please email TalentAcquisitionCoE_Howmet@howmet.com

Basic Qualifications:

• Bachelor's degree in business administration, Cybersecurity, Management of Information Systems (MIS), or a related field from an accredited institution.

• At least 5 years of experience leading cybersecurity programs, including 2+ years in cyber 

  governance and risk management in a global organization.

• At least one Industry certifications such as CISSP, ISO 27001, CMMC CCP or equivalent.

• Hands on experience implementing successful ISO27001 certifications 

• Must be legally authorized to work in the United States without sponsorship.

Preferred Qualifications:

• Juris Doctor (JD) in Cyber Law, Intellectual Property Law, or related governance field.

• Advanced certifications: CMMC CCA, CISM, ISO 27001 Lead Implementer, ITIL, CRISC, GRC, or CISO-level credentials.

• Experience leading global cyber governance programs in a complex enterprise environment; preferably in a manufacturing environment

Work Location & Travel Requirements
This position follows a hybrid or remote work model based on the candidate's proximity to a Howmet Aerospace facility:

• Candidates located within 65 miles of a Howmet facility will be expected to work a hybrid schedule aligned with local site expectations.
• Candidates located outside of a commuting distance may be eligible for remote work, with predetermined travel to the Pittsburgh Howmet Corporate Center (typically one week per month or as business needs require).
• Outside of remote and hybrid location travel schedules, additional travel up to 25% may be required. 

Howmet Aerospace reserves the right to modify work location expectations based on evolving business needs

Salary Range: $110k - $130k/year approximation (actual compensation is subject to variation due to factors such as education, experience, skillset, and/org. location).

Howmet Aerospace Inc. has an exciting opportunity to join our dynamic Cybersecurity team as a Manager, Cybersecurity Policy, Risk & Governance. This position will report directly to the Chief Information Security Officer (CISO).  This strategic role is responsible for leading the development, implementation, and oversight of our Cyber Policy, Risk & Governance strategy related to evolving cyber regulations and laws.

This role requires deep technical expertise, strong leadership, and the ability to translate complex regulatory and security requirements into scalable, business-friendly solutions.  As a subject matter expert in Cyber Policy, Risk & Governance, you will play a pivotal role in ensuring that cybersecurity controls are effectively designed, implemented, and communicated across the organization to protect Howmet Aerospace's global information assets.

Major activities/key challenges:

This position does the following in accordance with all applicable International, Federal, State and local laws/regulations and the Company's policies, procedures and guidelines:  

• Align cybersecurity governance strategy with Howmet's strategic priorities, business strategies, and standard processes.

• Partner with Global Information Services (GIS) directors/teams and functional groups (HR, Legal, Privacy, Trade Compliance, EHS, etc.) to standardize and evolve cybersecurity posture.

• Consult with Business Unit (BU) and Functional Area Leaders to assess governance and risk needs, delivering impactful programs in policy development, training, mentorship, and risk management.

• Lead the global governance and risk management process to support cybersecurity maturity and performance alignment.

• Build, lead, and mentor a high-performing cyber governance & risk team, fostering innovation and accountability.

• Design and deliver training, communications, and tools to support cybersecurity initiatives across GIS and BU teams.

• Develop and implement change management strategies to support adoption of new cybersecurity policies and practices.

• Provide organizational maturity assessments and interventions to enhance cybersecurity capabilities.

• Monitor industry trends, conduct benchmarking, and recommend solutions aligned with Howmet's cybersecurity strategy.

• Collaborate with CIS teams to align business processes and technology platforms for optimal governance and risk outcomes.

• Support the CISO in strategic planning, compliance certifications (e.g., CMMC, ISO 27001), and regulatory interpretation (e.g., NIST 800-171, NIS2, UK Cyber Essentials).

• Create and manage procedures, work instructions, and contribute to corporate cybersecurity policies and standards.

• Track and report performance metrics to guide program investments and continuous improvement.

• Oversee internal teams and external vendors to meet governance and risk objectives within budget and timelines.

• Represent CIS in cross-business planning initiatives and support CISO in governance-related audits, customer inquiries, and leadership engagements.

• Serve as a leadership proxy for the CISO when required.

Essential knowledge, skills, and abilities:

• Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint, Visio, Project, Outlook, SharePoint).

• Expertise in designing and delivering GRC programs and cybersecurity governance frameworks.

• Strong understanding of global cybersecurity laws, regulations, and standards (e.g., NIST CSF & RMF, ISO 27001, TISAX, AirCyber).

• Ability to interpret and apply regulatory requirements to policy development and risk mitigation strategies.

• Skilled in risk tracking and analysis using tools such as risk registers.

• Strong analytical and decision-making capabilities based on data and cybersecurity trends.

• Experience in incident response planning and governance issue resolution.

• Exceptional communication and presentation skills for both technical and non-technical audiences.

• Proven ability to influence and collaborate across all organizational levels without direct authority.

• Experience presenting to executive leadership and boards.

• Deep understanding of IT systems, infrastructure, and cybersecurity technologies.

• Demonstrated leadership, problem-solving, and change management skills in a global, decentralized environment.