Cybersecurity Third Party Incident/SOC Manager

About The Position

Requirements

• Bachelor’s degree and six to eight years of experience in systems engineering or administration or an equivalent combination of education and work experience
• Deep specialized and/or broad functional knowledge in applied enterprise information security technologies including but not limited to firewalls, intrusion detection/prevention systems, network operating systems, identity management, database activity monitoring, encryption, content filtering, and Mainframe security
• Previous experience in leading complex IT projects.

Nice To Haves

• Master’s degree or MBA and seven (7+) years of experience or an equivalent combination of education and work experience in Information Security banking.
• Strong knowledge on cybersecurity risks, frameworks, best practices, and industry/regulatory requirements.
• Knowledge and experience in use of cyber security frameworks in assessing programs.
• Knowledge or experience delivering Information Security projects.
• Knowledge of Cybersecurity Operations - Threat Intelligence, Threat Detection, Security Monitoring, Incident Response.
• Knowledge of InfoSec platforms, CrowdStrike, Splunk, SIEM, CyberArk, SailPoint, etc.
• CISSP Certification
• Banking or financial services experience
• Other security certifications (e.g., CCNA Security, GSEC, GCED, GPPA, etc.)
• Other technical Certifications (e.g., CCNA, RHCE, MCSE, etc.)

Responsibilities

• Vendor Incident & Investigation Management Lead triage and investigation of vendor breach notifications, SaaS compromises involving third parties, and external exploitation of vendor-managed systems. Determine whether the organization is impacted and identify affected data, systems, and users. Coordinate response with SOC, Vendor Risk Management, Cyber Command Center, Legal, Privacy, Compliance, and Application Security teams. Ensure evidence collection and forensic integrity for vendor-related incidents. Preparing and presenting project updates for executive leadership. May lead IT cybersecurity initiatives and typically leads moderately complex projects and participate in larger, more complex initiatives. Solves complex technical and operational problems.
• Holistic Vendor Risk Profiling Build and maintain dynamic vendor risk profiles incorporating: Data sensitivity and access levels External risk ratings (e.g., SecurityScorecard, BitSight) Threat intelligence and breach history Internal telemetry and detection results Classify vendors by inherent risk, residual risk, and incident likelihood. Continuously update vendor risk posture based on incidents, new integrations, and external threat activity.
• Detection & Monitoring Strategy (Third-Party Focus) Oversee detection strategy for vendor-related abuse cases and SaaS misuse by third parties. Partner with Detection Engineering and SOAR teams to improve alert quality and reduce false positives. Ensure cyber third-party risks are covered by alerts and automated playbooks.
• Incident Response & Playbooks Own and maintain playbooks for: Vendor breach response SaaS abuse by third parties Exposure of vendor-managed assets Ensure consistent execution of containment actions, stakeholder notifications, and contractual/regulatory response obligations. Lead tabletop exercises focused on supply chain and vendor compromise scenarios.
• Vendor & Stakeholder Engagement Serve as the primary operational security contact for critical vendors during incidents. Provide evidence-based assessments of vendor security posture. Recommend risk treatment actions such as access suspension, integration restrictions, or contract controls.
• Metrics, Reporting & Continuous Improvement Define and track KPIs for vendor incident response, detection coverage, and vendor risk trends. Produce executive-level reporting on vendor-related incidents and emerging supply-chain threats. Drive maturity improvements in third-party monitoring, automation, and risk correlation.

Benefits

• All regular teammates (not temporary or contingent workers) working 20 hours or more per week are eligible for benefits, though eligibility for specific benefits may be determined by the division of Truist offering the position.
• Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates.
• Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays.
• Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan.