Cybersecurity Program Strategist - Assessments and Remediation

Truist•Atlanta, GA

20h•Onsite

About The Position

Provides technical expertise and leadership to internal business clients for their Cybersecurity related projects and initiatives by working with Corporate Information Security Management and internal lines of business. Responsible for oversight and communication of the cybersecurity programs, which includes: providing strategic direction and prioritization of new security controls/initiatives to address emerging threats; managing portfolio reporting and delivery of cybersecurity controls/capabilities to address risks in our environment. This position is onsite, office-centric (5 days a week), based in a Truist core location in Atlanta (GA), Wilson or Raleigh (NC)What Success Looks Like in the First 6–12 Months: Actively engages with lines of business and security teams to understand initiatives in-flight and directly support projects with clear, actionable cybersecurity guidance. Takes ownership of issue management within Archer, including drafting findings, coordinating with control owners, defining remediation actions, and following up to drive timely issue closure. Personally develops and maintains clear, well‑structured findings and remediation documentation that can be used both operationally and in executive‑level readouts with minimal rework. Participates hands‑on in reviews of business application requests and releases., applying an understanding of TDLC/SDLC processes to identify gaps, risks, and improvement opportunities early in the lifecycle. Actively reviews and evaluates cybersecurity controls and assessment outputs such as SAST, DAST, penetration testing, and IAM findings, helping teams interpret results and prioritize remediation efforts. Performs detailed analysis to support cybersecurity initiatives, turning assessment results, metrics, and trend data into practical recommendations that improve execution and risk reduction. Works directly with business and technology partners to clarify expectations, refine processes, and close gaps in procedures, rather than relying solely on escalation paths. Builds credibility through consistent follow‑through, responsiveness, and the ability to balance risk management expectations with real‑world delivery constraints.

Requirements

Bachelor's degree in business administration, technology related field or equivalent education and related training
Five years of demonstrated progressive experience in Cybersecurity experience
Foundational knowledge of cybersecurity terms, concepts, disciplines and frameworks

Nice To Haves

Knowledge of financial services industry and all applicable regulations and industry standards
Cyber security certifications such a Security +, CISA, CEH are a plus
Basic familiarity with GitLab SaaS and CI/CD pipelines, including an understanding of how security controls and testing activities integrate into the software delivery lifecycle.
Advanced familiarity with Archer (preferred), ServiceNow (preferred), IBM OpenPages or other Governance Risk and Compliance (GRC) platform

Responsibilities

Partner closely with lines of business and internal IT teams to thoughtfully evaluate initiatives, releases, and projects, ensuring technical and cybersecurity requirements are clearly understood and aligned to business objectives.
Serve as a trusted advisor by researching and translating business needs into practical, risk‑aware technical solutions through collaboration with internal delivery and application teams, solution providers, and subject matter experts.
Clearly communicate and document findings, recommended solutions, impact analysis, and associated risks in a manner tailored for senior leadership and C‑Suite audiences.
Lead issue management and remediation efforts within Archer, ensuring issues are accurately documented, ownership is clear, and remediation plans are actionable, measurable, and effectively tracked through resolution.
Document cybersecurity findings and remediation strategies with executive‑level clarity, balancing technical accuracy with business context to support informed decision‑making.
Oversee and perform qualitative and quantitative analysis to help guide program strategy and inform both near‑term execution and longer‑term planning.
Provide informed recommendations on cybersecurity projects and initiatives, incorporating an understanding of the Technology Delivery Lifecycle/Software Delivery Lifecycle (TDLC/SDLC) frameworks and how security controls are integrated throughout the lifecycle.
Demonstrate working knowledge of foundational cybersecurity controls and practices, such as SAST, DAST, penetration testing, identity and access management (IAM), and related risk‑reduction techniques.
Consult with business leaders to help design, refine, and mature processes and procedures that strengthen security, resilience, and regulatory alignment.
Maintain awareness of enterprise technology, infrastructure, standards, and strategic direction, leveraging this understanding to guide partners toward secure, scalable solutions that support overall business goals.

Benefits

medical
dental
vision
life insurance
disability
accidental death and dismemberment
tax-preferred savings accounts
401k plan
no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment
10 sick days (also prorated)
paid holidays
defined benefit pension plan
restricted stock units
deferred compensation plan