Director, Cybersecurity Governance, Risk, and Compliance (GRC)

About the position ATI is seeking a knowledgeable Cybersecurity professional to join our organization as the Director of Cybersecurity Governance, Risk, and Compliance (GRC) as we continue to grow our team. As a leader in the Cybersecurity organization, this individual will work proactively with internal and external stakeholders, including auditors, executives, and project teams, to document and implement practices that meet ATI's defined policies, standards, and procedures. This role requires a strategic thinker who can align cybersecurity initiatives with overall business objectives. The successful candidate will be a passionate people leader who has familiarity and an appreciation of the field’s concepts, standards, and frameworks, as well as a solid digital technology skillset. The director will also play a significant role in helping to influence the organization at all levels to effect change in the way the organization thinks about cybersecurity. Ideally this person will sit at our Enterprise Resource Center located in Pittsburgh, PA, or our Corporate Headquarters in Dallas, TX.

Responsibilities

• Provide operational oversight and serve as the leadership point of contact for the Cybersecurity Governance, Risk, and Compliance team.
• Manage, mentor, coach, and train cybersecurity staff.
• Manage internal and external vendors and teams conducting security assessments.
• Proactively gather evidence from key stakeholders prior to external assessments and automate attestations when possible.
• Manage and continuously improve an effective cybersecurity awareness program for all of ATI.
• Develop and deliver briefings, reports, dashboards, and metrics for various levels of management and leadership.
• Maintain responsibility for deadlines and provide analytical support for budgets in managed area.
• Continuously evaluate cybersecurity controls to ensure effectiveness, compliance and adherence to key controls and policies.
• Work with stakeholders across Cybersecurity, Internal Audit, Digital Technology, and the business to collaborate and execute cybersecurity standards and requirements.
• Manage and ensure proper documentation of technical and non-technical risk and vulnerability assessments of digital technology.
• Provide technical advisory services to business and technology teams concerning cybersecurity compliance, controls, and measurement.
• Identify areas for improvement and assist in the development of solutions.

Requirements

• At least five (5) years of experience in a leadership role, performing risk and vulnerability management and implementing cybersecurity frameworks, such as NIST and CMMC.
• At least three (3) years of experience with risk management frameworks and implementation, as well as vulnerability analysis and metrics.
• High School Diploma or GED required.
• Must be eligible to obtain a security clearance.
• Applied knowledge in: Cybersecurity concepts and technical implementations, Cybersecurity standards, policies, and frameworks, Cybersecurity risk management, Common risk and cybersecurity assessment methods, Cybersecurity laws, regulations, and standards.
• Understanding of information technology, and cybersecurity compliance assessment methods.
• Working knowledge of network interoperability, cybersecurity, and survivability issues, including cybersecurity best practices and standards.
• Ability to communicate effectively across various levels and organizational lines.
• Reasoning and problem-solving skills.
• Ability to work independently with limited supervision.

Nice-to-haves

• Bachelor's Degree in Cybersecurity, Information Systems, Computer Science, Engineering, or related discipline.
• Prior experience working in a manufacturing or industrial business environment.
• Industry standard certification in cybersecurity (OSCP, CISSP, CISA, etc.).
• Experience with third party and supply chain risk.