Cybersecurity Senior Manager (Risk and Issue Management)

About The Position

Requirements

• Bachelor’s degree and eight years of experience in systems engineering or administration or an equivalent combination of education and work experience.
• Deep specialized and/or broad functional knowledge in applied enterprise information security technologies including but not limited to firewalls, intrusion detection/prevention systems, network operating systems, identity management, database activity monitoring, encryption, content filtering, and Mainframe security.
• Previous experience in leading complex IT projects

Nice To Haves

• Master’s degree or MBA and ten years of experience or an equivalent combination of education and work experience.
• CISSP, CRISC, CISM and/or CISA Certification
• Banking or financial services experience.
• Broad knowledge of Information Security frameworks (e.g. NIST, FFIEC), regulations (SOX, GLBA, NYDFS), functions (Anticipate, Protect, Detect, Respond) and cyber controls.
• Expertise with information security risk management, working across IT and Business functions and with Second and Third lines of Defense, and Regulators. This includes experience using industry frameworks such as ITIL, COBIT, NIST CSF, CIS RAM
• Ability to create a strong network of relationships among peers, internal partners, external constituencies and decision makers to deliver end products.
• Experience preparing materials for and comfortable presenting to executive management
• Excellent written and oral communication skills
• Strong coordination, influencing and negotiation skills
• Excellent risk-based judgement and decision making

Responsibilities

• Perform oversight of the TPS Issue Management portfolio and ensure resources are allocated to support remediation monitoring, closure package creation and validation periods.
• Define and support issue management governance routines to ensure the health of the issue management CCS portfolio maintaining metrics within tolerance.
• Execute and lead issue management intake process providing issue owners and identifiers with support to properly document issues in our risk register in alignment with our Enterprise Issue Management framework and ensuring appropriate mapping to requirements, processes, risks and controls.
• Facilitate and coordinate meetings with different stakeholders engaged in risk and issue management to define appropriate remediation plans while adhering to the Enterprise Risk Management frameworks.
• Build strong partnership with Senior Leadership Team and finding owners as well as Business Unit Risk Teams to ensure issues are remediated in a timely manner and risks are escalated as needed.
• Ensure remediation plans incorporate sustainable processes and deliverables are clearly established and agreed upon.
• Provide information security risk management leadership and support to the Information Security team operational functions e.g. GRC, Cyber Operations, Cyber Protection, Identity & Access management.
• Establish Information Security key risk indicators for the Program and work with Second Line IT Risk Management to align these with executive reporting and the banks risk appetite. Ensure these KRIs are defined, implemented, tracked and reported monthly.
• Work with BISOs, Issue owners, technical SMEs, GCO and 2LoD to ensure there is consistency on risk evaluation and appropriate documentation of risk rationale and mitigating controls driving the ratings.
• Track Issue Management portfolio health and monitor remediation status.
• Prepare evidence package, closure narratives and appropriate documentation to support closure of regulatory and audit findings.
• Build executive materials for walkthroughs with Senior Leadership Team and regulators to ensure remediation actions are clearly articulated, demonstrating risk reduction.
• Coordinate review and validation sessions with all three lines of defense and ensure questions and requests are addressed in a timely manner for issue closure.
• Drive continuous improvement by utilizing industry-proven frameworks/methodologies, collecting feedback and metrics (quality, delivery rate, etc.) and developing resource capabilities.
• Establish strong collaboration, working partnerships and alignment across teams in Truist, with a special focus on Second Line IT Risk Management team. Develop a strong “we deliver together” culture.

Benefits

• Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates.
• Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays.
• Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan.