Cybersecurity Third Party Risk Management Director

Truist Bank•Charlotte, NC

2d•Onsite

About The Position

Truist is seeking a senior leader to transform, modernize, and operate the Cybersecurity Third-Party Risk Management (CTPRM) function within Truist Protection Services (TPS). Reporting to the Head of Security Governance, this role will redefine how cyber third-party risk is identified, assessed, and continuously monitored—leveraging agentic AI, automation, and advanced analytics to scale decision-making across Truist’s ecosystem. This leader will drive the evolution from traditional, manual assessment models to intelligent, adaptive, and technology-driven risk management capabilities. The role partners closely with the Enterprise Third Party Risk Operations Function (TPROF), second line Risk, Business Information Security Officers (BISOs), Sourcing, Legal, and Technology teams to strengthen Truist’s cyber supply chain posture at scale. The ideal candidate has led CTPRM teams in a large, regulated environment, can translate technical risk into clear business decisions, and can drive measurable program outcomes at scale.

Requirements

BS IT/ Computer Science / Cyber Security, MIS, Economics, Finance, Operations Management, or a related discipline. MBA or related graduate degree a plus.
15+ years professional experience in top 10 USA banks or other financial institution, consulting firm, and/ or software company, preferably within a merger/acquisition environment with significant transformational change with people, process, and technology.
10+ years information security and third-party security threat and risk assessment and management experience, including using industry frameworks such as ITIL, COBIT, NIST CSF, CIS RAM, MITRE.
2+ years’ experience with digital banking deployed on public cloud platforms and (strong plus) leveraging artificial intelligence technologies.
Broad knowledge of Information Security frameworks (e.g., NIST, FFIEC), regulations (SOX, GLBA, NYDFS), functions (Anticipate, Protect, Detect, Respond) and information security controls.
Expertise working across IT and business functions and with second and third lines of defense, and regulators.
Demonstrates strong relationship management skills. Proven ability to quickly build trust and rapport with others in order to structure problems, build consensus, and negotiate agreement.
Proven ability to manage large, deadline-driven projects in a way that reduces risk, ensures predictable results, meets or exceeds its timeline.
Thrives in a fast-paced environment, can think and act both tactically and strategically.
Exhibits high degree of creativity, self-motivation, and commitment to task.
Ability to create a strong network of relationships among peers, internal partners, external constituencies, and decision makers to deliver end products.
Experience preparing materials for and comfortable presenting to executive management.
Excellent written and oral communication skills.
Strong coordination, influencing and negotiation skills.
Excellent risk-based judgement and decision making
Passionate about building world-class Information Security programs.

Nice To Haves

MBA or related graduate degree

Responsibilities

Architect and lead the transformation of the Cyber Third-Party Risk Management (CTPRM) operating model, embedding agentic AI, automation, and intelligent workflows to significantly improve scalability, speed, and risk insight.
Drive a culture of automation and innovation—challenging legacy processes, reducing manual effort, and continuously identifying opportunities to apply AI and emerging technologies to improve program effectiveness.
Own the cyber contract deviation (exception) governance process—including intake, risk analysis, decision support, approvals, documentation, and ongoing monitoring/expiration, in partnership with Legal.
Build, lead, and continuously improve the third-party cybersecurity assessment activities(methodology, scoping, testing/evidence standards, quality assurance) and drive timely remediation of identified Third Party Sub-Issues and risks.
Leverage agentic AI, technology, data, third-party intelligence, and strategic partners to scale assessment throughput, improve risk signal quality, and increase automation where appropriate.
Partner with BISOs and business leaders to integrate cyber third-party risk into business decisions, onboarding, change management, and ongoing Third Party performance/risk reviews.
Hire, develop, and retain a high-performing team of cybersecurity and third-party cybersecurity risk professionals; set clear goals, coaching, and a strong culture of accountability and collaboration.
Partner with second line Risk to align oversight expectations, strengthen issue management, and reduce Truist’s exposure to cyber supply chain and concentration risk.
Establish strong cross-functional working relationships and alignment across TPS, Enterprise TPROF, Technology, Procurement, Legal, and business stakeholders, embodying a “we deliver together” culture.
Support regulatory exams and internal audit engagements related to information security and third-party cybersecurity risk; ensure timely, accurate responses, sustainable remediation, and strong control evidence.