Cybersecurity Process Control and Effectiveness Director - Cyber Maturity Assessment Lead

About The Position

Requirements

• Bachelor’s degree or equivalent
• 15 years’ technical experience working in the GRC control function
• 10 years’ experience as a manager
• 10 yeas’ experience in operational planning, tactical planning, and execution
• 10 years managing simple and structured work
• 10 years managing complex and unstructured work
• 10 years’ experience leading diverse teams, such as teammates, contract workers, onshore, offshore resources, and/or managed services
• 5 years’ experience and expert-level technical knowledge of product knowledge and processes for specific IAM areas (e.g., Active directory, RACF, Idaptive, CyberArk, PRIVA, Oracle OIM, Persistent Ignite)
• 10 years’ experience and basic functional knowledge of tools and processes for the broader IAM capability
• 7 years’ experience and expert-level strength in soft skills and interpersonal communications
• 10 years’ technical experience working for a top 10 US bank
• 10 years’ experience collaborating with the following functions: a) infrastructure b) application development c) application support d) business unit risk management e) technology risk f) audit and g) external auditors
• 10 years’ experience collaborating with the following peer functions in corporate cyber security
• 10 years’ experience managing the remediation of regulatory matters and internal findings
• 10 years’ experience in strategic planning and applying industry best practices to operations (NIST, FFIEC)

Nice To Haves

• Understand multiple approaches to designing IAM technical solutions
• Experience in waterfall and agile project management methodologies
• Experience managing contracts for IAM managed service providers
• CISSP Certification
• Process re-engineering

Responsibilities

• Align with IAM-wide priorities that define ‘our what’ that may change based on business need
• Consistently align with Truist Vision, Mission and Values and demonstrate ‘our how’ IAM works: o Accountability: set expectations, hold teams accountable, check-in and provide feedback o Remove ‘IAM Blinders’: take a Truist-wide approach to owning and resolving challenges o Strengthen Team: coach-up, performance manage, develop, and reward top performers/visibility o Management System: establish and cascade a predictable schedule for team engagement o Continuous Improvement: consistently seeking ways to get better
• May manage a team of 5 to 7 direct report teammates and contract workers who oversee defined structured process tasks; may have oversight for complex, unstructured processes.
• Perform hiring, coaching, terminations, disciplinary action, and performance reviews to enable and maintain the strategy.
• Oversee operational and tactical plans in support of business objectives; develop cross-departmental, and cross-CCS business cases to solve problems by making technical and financial tradeoffs.
• Apply a balance of 40% technical and 60% functional knowledge to deliver quality results.
• Design and implement the governance, risk, and compliance strategy on time and within budget: Formal Services Level Agreements (SLAs) Policy, standards, controls, key risk indicators, key performance indicators and metric reporting
• Improve the user experience and reduce the turnover of critical resources
• Incorporates a) request b) provisioning c) deprovisioning d) normal access e) privileged access f) attestations g) identity governance administration h) identify management platforms i) production support j) authentication k) authorization and l) cloud
• Enables the cross-CCS needs of Architecture, Cyber Assurance, Cyber Defense and GRC Accounts for the business needs for all lines of business and ET&O partner organizations, which includes, but is not limited to, Consumer, Wholesale, Insurance, Corporate Functions, Enterprise Data and Operations
• Alignment with the CCS GRC, Business Unit Risk Management, Technology Risk, Truist Audit Services and Regulatory Relations, as well as the needs of the lines of business that they support
• Engagement with Corporate Communications and Human Resources to enable teammate and contract worker adoption and adherence to the core elements needed to protect the bank
• Support of other functions seeking to improve their risk posture
• Engagement model for partnering with Divisional CISOs to drive effectiveness and efficiency
• Proactively engage with stakeholders to make them aware and willing to adopt our solutions, which includes managing up, out, and down to avoid surprises and position our solutions to be successful.

Benefits

• medical
• dental
• vision
• life insurance
• disability
• accidental death and dismemberment
• tax-preferred savings accounts
• 401k plan
• vacation
• sick days
• paid holidays
• defined benefit pension plan
• restricted stock units
• deferred compensation plan