Enterprise Control Data Protection Director

Truist•Atlanta, GA

1d•Onsite

About The Position

This is an executive-level role accountable for transforming the data protection function across the enterprise, including data loss prevention, data tagging and labeling, encryption, insider threat investigations, and user & entity behavior analytics (UEBA). It is a line of business and IT facing role focused on identifying, assessing, and mitigating risks by designing, implementing, and monitoring business processes, risks, and controls to ensure compliance with laws, rules, and regulations. The goal is to protect the organization’s data from unauthorized use or disclosure while maintaining operational efficiency. This involves collaboration with prudential regulators, the board of directors, senior executives in the lines of business, enterprise technology, external and internal auditors, risk management, governance and controls office, and regulatory relations to evaluate and improve business processes, controls, and procedures. The role is responsible for driving the technology strategy, engineering, and operational functions of the Data Protection program for both on-premise and cloud-based data. It requires enterprise-wide exposure, visibility, and accessibility, and must be located in Charlotte, Atlanta, or Raleigh in an office-centric workstyle.

Requirements

7 – 10 years leading the engineering and operations for on-premises, cloud, application programming interfaces, and software as a service across the enterprise and subs and affiliates for Data Loss Prevention.
7 – 10 years deployment and execution of encryption technologies and processes across infrastructure, applications, and containers across on-premises, cloud and sub or affiliate entities.
5 – 7 years implementing and leveraging enterprise-class data tagging and labeling technologies and processes, including driving stakeholder engagement and education.
5 – 7 years leading the engineering, implementation, operations, and case management for a robust insider threat investigation program.
3 – 5 years leading the engineering, implementation, and operations of an enterprise UEBA solution.
5 – 7 years experience with strategic evaluation of business processes and collaborative reengineering to maximize efficacy, efficiency, and sustainability.
7 – 10 years leading operations teams that are accountable for remediating data loss prevention, encryption, and insider threat exposures with stakeholders across the lines of business and enterprise technology.
7 – 10 years engaging with risk partner and audit teams to develop and evidence solutions that quantifiably reduce risk and enable capability maturity.
5 – 7 years leveraging enterprise-class data loss prevention, data discovery / tagging / labeling, encryption, UEBA, and insider threat management tools to automate and improve processes, reporting and workflow executed by internal and external stakeholders.
7 – 10 years showing a proactive and action-oriented disposition to strategic planning to enable proactive, scalable, and integrated roadmaps for a top US bank.
3 – 5 years demonstrating ability to work across lines of defense to define and drive the success criteria needed to guide execution as an enterprise control function in meeting the expectations from authoritative sources (e.g., NYDFS, GLBA, NIST, FFIEC).
7 – 10 years understanding needs of the business, presenting options and making decisions while not disrupting or negatively impacting the business, the associate or customer experience.
7 – 10 years demonstrating emotional intelligence in formal and informal settings, including professionalism, situational awareness and personal accountability to strengthen security’s reputation.
7 – 10 years building mutual-respect and partnership with senior leaders in lines of business, enterprise technology, risk partners, audit, regulatory relations and prudential regulators.
7 – 10 years independently managing relationships with the board, C-level leadership, line of business and enterprise technology leaders, lines of defense and prudential regulators.
7 – 10 years planning, building, and managing the execution of enterprise-wide transformation programs that reduce risk and improve efficiency across the enterprise.
7 – 10 years proactively engaging stakeholders to assess, design, implement and sustain solutions based on a shared understanding, which is used to socialize and adopt process and controls.
Bachelor’s Degree in computer science, information security, or a related field (or equivalent experience).

Nice To Haves

7 – 10 years leading security and enterprise technology teams in a comparable environment to Truist in terms of size, scope, complexity and scalability.
7 – 10 years demonstrating clear, focused, concise and adaptable written and verbal communication when engaging with stakeholders representing diverse backgrounds and levels.
5 – 7 years leading enterprise-wide change across multiple lines of business and enterprise technology teams to reduce risk and fundamentally change the way the company interacts and works.
5 – 7 years designing and developing career paths for direct reports and high potential resources to strengthen and grow the team while improving the enterprise control function.
3 – 5 years defining, prioritizing and socializing the people, process and technology changes required and collaborating to implement improved enterprise capabilities.
3 – 5 years leading top tier consulting firm engagements to access the skills, capacity and scale to execute large-scale projects and/or managed services engagements.
5 – 7 years applying National Institute of Standards and Technology (NIST 2.0), Center for Internet Security (CIS) or other industry frameworks.
3 – 5 years applying the Unified Compliance Framework (UCF) to define and close gaps with authoritative sources.

Responsibilities

Collaborate with different lines of business and IT organizations to understand their operations, identify control needs, and provide guidance on control implementation.
Identify risks across the enterprise, including financial, operational, compliance, and reputational risks, through analysis of processes and internal controls.
Design, implement and sustain robust business processes, controls, and procedures to mitigate inherent risk.
Design, implement, and maintain a robust portfolio of data protection and insider threat investigations technologies to support a comprehensive domain strategy.
Develop and implement metrics and regularly assess the effectiveness of data protection processes and controls to identify and remediate identified gaps.
Prepare reports on enterprise-wide data protection process and control efficacy to include risk assessment results and policy adherence status to the board, senior management, and relevant stakeholders.
Create enterprise-wide strategies and roadmaps to reduce risk through the implementation and maturity of preventative, detective and corrective data protection controls.
Set the tone for the enterprise that aligns with industry controls best practices to enable the enterprise to achieve its financial and non-financial Objectives and Key Results (OKRs).
Own the budget and develop business cases to make labor, hardware and software investments to protect the enterprise data environment while staying within financial forecast.
Proactively identify opportunities to enhance, expand and mature the data protection controls and control framework to optimize risk management processes.

Benefits

medical
dental
vision
life insurance
disability
accidental death and dismemberment
tax-preferred savings accounts
401k plan
no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment
10 sick days (also prorated)
paid holidays
defined benefit pension plan (depending on the position and division)
restricted stock units (depending on the position and division)
deferred compensation plan (depending on the position and division)