Manager, Cybersecurity Policy, Risk & Governance

Howmet Aerospace Inc. has an exciting opportunity to join our dynamic Cybersecurity team as a Manager, Cybersecurity Policy, Risk & Governance. This position will report directly to the Chief Information Security Officer (CISO). This strategic role is responsible for leading the development, implementation, and oversight of our Cyber Policy, Risk & Governance strategy related to evolving cyber regulations and laws.

This role requires deep technical expertise, strong leadership, and the ability to translate complex regulatory and security requirements into scalable, business-friendly solutions. As a subject matter expert in Cyber Policy, Risk & Governance, you will play a pivotal role in ensuring that cybersecurity controls are effectively designed, implemented, and communicated across the organization to protect Howmet Aerospace's global information assets.

This role is based at Howmet's Corporate Headquarters located in Pittsburgh, PA and follows a hybrid schedule of two remote days per week. The role requires less than 25% domestic travel.

Major activities/key challenges:

This position does the following in accordance with all applicable International, Federal, State and local laws/regulations and the Company's policies, procedures and guidelines:

• Align cybersecurity governance strategy with Howmet's strategic priorities, business strategies, and standard processes.

• Partner with Global Information Services (GIS) directors/teams and functional groups (HR, Legal, Privacy, Trade Compliance, EHS, etc.) to standardize and evolve cybersecurity posture.

• Consult with Business Unit (BU) and Functional Area Leaders to assess governance and risk needs, delivering impactful programs in policy development, training, mentorship, and risk management.

• Lead the global governance and risk management process to support cybersecurity maturity and performance alignment.

• Build, lead, and mentor a high-performing cyber governance & risk team, fostering innovation and accountability.

• Design and deliver training, communications, and tools to support cybersecurity initiatives across GIS and BU teams.

• Develop and implement change management strategies to support adoption of new cybersecurity policies and practices.

• Provide organizational maturity assessments and interventions to enhance cybersecurity capabilities.

• Monitor industry trends, conduct benchmarking, and recommend solutions aligned with Howmet's cybersecurity strategy.

• Collaborate with CIS teams to align business processes and technology platforms for optimal governance and risk outcomes.

• Support the CISO in strategic planning, compliance certifications (e.g., CMMC, ISO 27001), and regulatory interpretation (e.g., NIST 800-171, NIS2, UK Cyber Essentials).

• Create and manage procedures, work instructions, and contribute to corporate cybersecurity policies and standards.

• Track and report performance metrics to guide program investments and continuous improvement.

• Oversee internal teams and external vendors to meet governance and risk objectives within budget and timelines.

• Represent CIS in cross-business planning initiatives and support CISO in governance-related audits, customer inquiries, and leadership engagements.

• Serve as a leadership proxy for the CISO when required.

Essential knowledge, skills, and abilities:

• Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint, Visio, Project, Outlook, SharePoint).

• Expertise in designing and delivering GRC programs and cybersecurity governance frameworks.

• Strong understanding of global cybersecurity laws, regulations, and standards (e.g., NIST CSF & RMF, ISO 27001, TISAX, AirCyber).

• Ability to interpret and apply regulatory requirements to policy development and risk mitigation strategies.

• Skilled in risk tracking and analysis using tools such as risk registers.

• Strong analytical and decision-making capabilities based on data and cybersecurity trends.

• Experience in incident response planning and governance issue resolution.

• Exceptional communication and presentation skills for both technical and non-technical audiences.

• Proven ability to influence and collaborate across all organizational levels without direct authority.

• Experience presenting to executive leadership and boards.

• Deep understanding of IT systems, infrastructure, and cybersecurity technologies.

• Demonstrated leadership, problem-solving, and change management skills in a global, decentralized environment.

Basic Qualifications:

• Bachelor's degree in business administration, Cybersecurity, Management of Information Systems (MIS), or a related field from an accredited institution.

• At least 5 years of experience leading cybersecurity programs, including 2+ years in cyber governance and risk management in a global organization.

• At least one Industry certifications such as CISSP, ISO 27001, CMMC CCP or equivalent.

• Must be legally authorized to work in the United States without sponsorship.

Preferred Qualifications:

• Juris Doctor (JD) in Cyber Law, Intellectual Property Law, or related governance field.

• Advanced certifications: CMMC CCA, CISM, ISO 27001 Lead Implementer, ITIL, CRISC, GRC, or CISO-level credentials.

• Experience leading global cyber governance programs in a complex enterprise environment; preferably in a manufacturing environment

Salary Range: $110k - $130k/year approximation (actual compensation is subject to variation due to factors such as education, experience, skillset, and/org. location).