Deputy CISO
About the role
The Deputy Chief Information Security Officer (Deputy CISO) is a critical leadership role at the heart of our cybersecurity program. Reporting directly to the CISO, this position leads the day-to-day security operations while helping shape and execute the enterprise cybersecurity strategy.
Responsibilities
- Partner with the CISO to further define and execute the enterprise cybersecurity strategy and roadmap
- Lead the day-to-day operations of the cybersecurity program, ensuring alignment with business priorities and risk tolerance
- Serve as acting CISO as necessary, providing leadership continuity and executive-level decision support
- Drive key initiatives including Zero Trust, identity security, vulnerability management, and enterprise risk programs
- Build, mentor and manage a high-performing, globally distributed cybersecurity team
- Support and actively contribute to operational functions (incident response, vulnerability management, security architecture, and monitoring)
- Strengthen governance by advancing policies, standards, and controls aligned to NIST, ISO, and CIS frameworks
- Partner with IT and engineering to embed secure architecture, cloud security, and DevSecOps practices
- Influence and collaborate with senior stakeholders across IT, legal, compliance, and business units
- Communicate cybersecurity posture, risks, and KPIs/KRIs to leadership and maintain coordination with Alcoa stakeholders to drive informed decision-making
Requirements
Proven leadership experience driving enterprise-wide cybersecurity strategy, transformation, and program maturity in complex, global environments. Experience in manufacturing and/or commodities is preferred.
Demonstrated ability to align security initiatives with business objectives, risk appetite, and regulatory expectations, translating strategy into measurable outcomes.
Track record of building and leading high-performing, globally distributed teams, with a strong focus on talent development and organizational scalability.
Expertise in cyber risk management, governance frameworks (NIST, ISO, CIS), and enterprise security operations, including incident response oversight.
Experience advising and influencing C-suite and board-level stakeholders on security posture, risk tradeoffs, and investment priorities.
Strong business and financial acumen, including budget ownership, vendor strategy, and ROI-based decision making; advanced degree and/or certifications (CISSP, CISM, CRISC) preferred.
Qualifications
Proven leadership experience driving enterprise-wide cybersecurity strategy, transformation, and program maturity in complex, global environments. Experience in manufacturing and/or commodities is preferred.
Demonstrated ability to align security initiatives with business objectives, risk appetite, and regulatory expectations, translating strategy into measurable outcomes.
Track record of building and leading high-performing, globally distributed teams, with a strong focus on talent development and organizational scalability.
Expertise in cyber risk management, governance frameworks (NIST, ISO, CIS), and enterprise security operations, including incident response oversight.
Experience advising and influencing C-suite and board-level stakeholders on security posture, risk tradeoffs, and investment priorities.
Strong business and financial acumen, including budget ownership, vendor strategy, and ROI-based decision making; advanced degree and/or certifications (CISSP, CISM, CRISC) preferred.
Skills
Proven leadership experience driving enterprise-wide cybersecurity strategy, transformation, and program maturity in complex, global environments. Experience in manufacturing and/or commodities is preferred.
Demonstrated ability to align security initiatives with business objectives, risk appetite, and regulatory expectations, translating strategy into measurable outcomes.
Track record of building and leading high-performing, globally distributed teams, with a strong focus on talent development and organizational scalability.
Expertise in cyber risk management, governance frameworks (NIST, ISO, CIS), and enterprise security operations, including incident response oversight.
Experience advising and influencing C-suite and board-level stakeholders on security posture, risk tradeoffs, and investment priorities.
Strong business and financial acumen, including budget ownership, vendor strategy, and ROI-based decision making; advanced degree and/or certifications (CISSP, CISM, CRISC) preferred.
Benefits
Competitive compensation packages, including pay-for-performance variable pay, recognition and rewards programs.
401(k), employer match up to 6%, additional employer retirement income contribution (no vesting period).
Healthcare benefits: medical, Rx, dental, vision, flexible spending account, health savings account (generous employer contribution), life and accident insurance.
Work-life balance programs: flexible work scheduling, hybrid/remote working.
Paid time off: 15 vacation days prorated in the 1st year based on hire date, 12 paid holidays, 7 illness days, Care for Family leave up to 40 days, up to 5 bereavement days, maximum of 30 jury duty days, and up to 10 days annual training for military leave.
Pay
Competitive compensation packages, including pay-for-performance variable pay, recognition and rewards programs.
Schedule
Flexible work scheduling, hybrid/remote working.