Director, Cybersecurity Governance, Risk, and Compliance (GRC)

Position

Director of Cybersecurity Governance, Risk, and Compliance (GRC)

Location

Enterprise Resource Center, Pittsburgh, PA or Corporate Headquarters, Dallas, TX (Hybrid)

About the role

As Director of Cybersecurity GRC, you will lead a team to document and implement practices that meet ATI’s policies, standards, and procedures, working proactively with auditors, executives, and project teams to align cybersecurity initiatives with overall business objectives.

Responsibilities

• Provide operational oversight and serve as the leadership point of contact for the Cybersecurity Governance, Risk, and Compliance team; manage, mentor, coach, and train cybersecurity staff.
• Manage internal and external vendors and teams conducting security assessments; gather evidence from key stakeholders before external assessments and automate attestations when possible.
• Manage and continuously improve an effective cybersecurity awareness program for all of ATI.
• Develop and deliver briefings, reports, dashboards, and metrics for various levels of management and leadership; maintain deadlines and provide analytical support for budgets in the managed area.
• Continuously evaluate cybersecurity controls to ensure effectiveness, compliance and adherence to key controls and policies.
• Work with stakeholders across Cybersecurity, Internal Audit, Digital Technology, and the business to collaborate and execute cybersecurity standards and requirements.
• Manage and ensure proper documentation of technical and non-technical risk and vulnerability assessments of digital technology.
• Provide technical advisory services to business and technology teams concerning cybersecurity compliance, controls, and measurement; identify areas for improvement and assist in the development of solutions.

Basic Qualifications

• At least five (5) years of experience in a leadership role, performing risk and vulnerability management and implementing cybersecurity frameworks such as NIST and CMMC.
• At least three (3) years of experience with risk management frameworks and implementation, as well as vulnerability analysis and metrics.
• High School Diploma or GED required.
• Must be eligible to obtain a security clearance.

Preferred Qualifications

• Bachelor’s Degree in Cybersecurity, Information Systems, Computer Science, Engineering, or related discipline.
• Prior experience working in a manufacturing or industrial business environment.
• Industry standard certification in cybersecurity (OSCP, CISSP, CISA, etc.).
• Experience with third‑party and supply‑chain risk.

Skills & Knowledge

• Applied knowledge in cybersecurity concepts and technical implementations.
• Cybersecurity standards, policies, and frameworks.
• Cybersecurity risk management.
• Common risk and cybersecurity assessment methods.
• Cybersecurity laws, regulations, and standards.
• Understanding of information technology and cybersecurity compliance assessment methods.
• Working knowledge of network interoperability, cybersecurity, and survivability issues, including best practices and standards.
• Ability to communicate effectively across various levels and organizational lines.
• Reasoning and problem‑solving skills.
• Ability to work independently with limited supervision.

Equal Employment Opportunity Statement

ATI and its subsidiary companies will provide equal employment opportunities to all applicants without regard to applicant’s race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, veteran status, disability status, or any other status protected by federal or state law. The company will provide reasonable accommodations to allow an applicant to participate in the hiring process if so requested.