Director, Cybersecurity Governance, Risk, and Compliance (GRC)
Leadership And Management
Provide operational oversight and serve as the leadership point of contact for the Cybersecurity Governance, Risk, and Compliance team. Manage, mentor, coach, and train cybersecurity staff. Manage internal and external vendors and teams conducting security assessments. Proactively gather evidence from key stakeholders prior to external assessments and automate attestations when possible.
Strategy, Planning, And Execution
Manage and continuously improve an effective cybersecurity awareness program for all of ATI. Develop and deliver briefings, reports, dashboards, and metrics for various levels of management and leadership. Maintain responsibility for deadlines and provide analytical support for budgets in managed area.
Governance, Risk, And Compliance (GRC)
Continuously evaluate cybersecurity controls to ensure effectiveness, compliance and adherence to key controls and policies. Work with stakeholders across Cybersecurity, Internal Audit, Digital Technology, and the business to collaborate and execute cybersecurity standards and requirements. Manage and ensure proper documentation of technical and non-technical risk and vulnerability assessments of digital technology. Provide technical advisory services to business and technology teams concerning cybersecurity compliance, controls, and measurement. Identify areas for improvement and assist in the development of solutions.
Basic Qualifications
- At least five (5) years of experience in a leadership role, performing risk and vulnerability management and implementing cybersecurity frameworks, such as NIST and CMMC.
- At least three (3) years of experience with risk management frameworks and implementation, as well as vulnerability analysis and metrics.
- A High School Diploma or GED required.
- Must be eligible to obtain a security clearance.
Preferred Qualifications (in Addition To Basic Qualifications)
- Bachelor's Degree in Cybersecurity, Information Systems, Computer Science, Engineering, or related discipline.
- Prior experience working in a manufacturing or industrial business environment.
- Industry standard certification in cybersecurity (OSCP, CISSP, CISA, etc.).
- Experience with third party and supply chain risk.
Skills & Knowledge
- Applied knowledge in: Cybersecurity concepts and technical implementations, Cybersecurity standards, policies, and frameworks, Cybersecurity risk management, Common risk and cybersecurity assessment methods, Cybersecurity laws, regulations, and standards, Understanding of information technology, and cybersecurity compliance assessment methods, Working knowledge of network interoperability, cybersecurity, and survivability issues, including cybersecurity best practices and standards.
- Ability to communicate effectively across various levels and organizational lines.
- Reasoning and problem-solving skills.
- Ability to work independently with limited supervision.