Cybersecurity Process Control and Effectiveness Director

About The Position

Requirements

• Bachelor’s degree or equivalent
• 15 years’ technical experience working in the GRC control function
• 10 years’ experience as a manager
• 10 yeas’ experience in operational planning, tactical planning, and execution
• 10 years managing simple and structured work
• 10 years managing complex and unstructured work
• 10 years’ experience leading diverse teams, such as teammates, contract workers, onshore, offshore resources, and/or managed services
• 5 years’ experience and expert-level technical knowledge of product knowledge and processes for specific IAM areas (e.g., Active directory, RACF, Idaptive, CyberArk, PRIVA, Oracle OIM, Persistent Ignite)
• 10 years’ experience and basic functional knowledge of tools and processes for the broader IAM capability
• 7 years’ experience and expert-level strength in soft skills and interpersonal communications
• 10 years’ technical experience working for a top 10 US bank
• 10 years’ experience collaborating with the following functions: a) infrastructure b) application development c) application support d) business unit risk management e) technology risk f) audit and g) external auditors
• 10 years’ experience collaborating with the following peer functions in corporate cyber security
• 10 years’ experience managing the remediation of regulatory matters and internal findings
• 10 years’ experience in strategic planning and applying industry best practices to operations (NIST, FFIEC)

Nice To Haves

• 8 years of relevant experience in information security governance, risk, or compliance or policy management.
• Deep expertise, knowledge and experience with industry frameworks including NIST, CRI, NYDFS, etc.
• Expert communicator and writer with experience preparing written material for executive audiences.
• CISSP Certification
• Banking or financial services experience
• Cybersecurity certification (CISSP, CISM, CISA, other)

Responsibilities

• Facilitate centralized governance by partnering with Security Defense to ensure consistency of execution across Truist Protection Services, including but not limited to Adherence; Issue Management; Process, Risk, and Controls; Enforcement; and Governance.
• Provide SME support for completion of policy adherence, regulatory, and maturity assessments, including evidence review
• Assess and disposition risk of non-compliance and consult on remediation
• Facilitate design and review of process, risk, & control framework
• Facilitate management of metric results and reporting, including actions on breached metrics
• Utilize knowledge of program risk to assist in developing materials for escalation to leadership
• Alignment with the CCS GRC, Business Unit Risk Management, Technology Risk, Truist Audit Services and Regulatory Relations, as well as the needs of the lines of business that they support
• Engagement model for partnering with Divisional CIOs and BISOs to drive effectiveness and efficiency

Benefits

• Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates.
• Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays.
• Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan.