Enterprise Control Data Protection Director

About The Position

Requirements

• Data Loss Prevention – 7 – 10 years leading the engineering and operations for on-premises, cloud, application programming interfaces, and software as a service across the enterprise and subs and affiliates.
• Encryption – 7 – 10 years deployment and execution of encryption technologies and processes across infrastructure, applications, and containers across on-premises, cloud and sub or affiliate entities.
• Data Tagging & Labeling – 5 – 7 years implementing and leveraging enterprise-class data tagging and labeling technologies and processes, including driving stakeholder engagement and education.
• Insider Threat Investigations – 5 – 7 years leading the engineering, implementation, operations, and case management for a robust insider threat investigation program.
• UEBA (User & Entity Behavior Analytics) – 3 – 5 years leading the engineering, implementation, and operations of an enterprise UEBA solution.
• Business Process Reengineering – 5 – 7 years experience with strategic evaluation of business processes and collaborative reengineering to maximize efficacy, efficiency, and sustainability.
• Remediation Management – 7 – 10 years leading operations teams that are accountable for remediating data loss prevention, encryption, and insider threat exposures with stakeholders across the lines of business and enterprise technology.
• Line of Defense Management – 7 – 10 years engaging with risk partner and audit teams to develop and evidence solutions that quantifiably reduce risk and enable capability maturity.
• Tools Management – 5 – 7 years leveraging enterprise-class data loss prevention, data discovery / tagging / labeling, encryption, UEBA, and insider threat management tools to automate and improve processes, reporting and workflow executed by internal and external stakeholders.
• Strategic Planning – 7 – 10 years showing a proactive and action-oriented disposition to strategic planning to enable proactive, scalable, and integrated roadmaps for a top US bank.
• Governance, Risk and Controls (GRC) –3 – 5 years demonstrating ability to work across lines of defense to define and drive the success criteria needed to guide execution as an enterprise control function in meeting the expectations from authoritative sources (e.g., NYDFS, GLBA, NIST, FFIEC).
• Business Acumen – 7 – 10 years understanding needs of the business, presenting options and making decisions while not disrupting or negatively impacting the business, the associate or customer experience.
• Emotional Intelligence – 7 – 10 years demonstrating it in formal and informal settings, including professionalism, situational awareness and personal accountability to strengthen security’s reputation.
• Executive Relationships – 7 – 10 years building mutual-respect and partnership with senior leaders in lines of business, enterprise technology, risk partners, audit, regulatory relations and prudential regulators.
• Executive Presence – 7 – 10 years independently managing relationships with the board, C-level leadership, line of business and enterprise technology leaders, lines of defense and prudential regulators.
• Program Management – 7 – 10 years planning, building, and managing the execution of enterprise-wide transformation programs that reduce risk and improve efficiency across the enterprise.
• Collaboration – 7 – 10 years proactively engaging stakeholders to assess, design, implement and sustain solutions based on a shared understanding, which is used to socialize and adopt process and controls.
• Bachelor’s Degree – computer science, information security, or a related field (or equivalent experience).

Nice To Haves

• Top US Bank Experience – 7 – 10 years leading security and enterprise technology teams in a comparable environment to Truist in terms of size, scope, complexity and scalability
• Executive Communications – 7 – 10 years demonstrating clear, focused, concise and adaptable written and verbal communication when engaging with stakeholders representing diverse backgrounds and levels.
• Enterprise-wide Change Leadership – 5 – 7 years across multiple lines of business and enterprise technology teams to reduce risk and fundamentally change the way we interact and work as a company
• Leadership Development – 5 – 7 years designing and developing career paths for direct reports and high potential resources to strengthen and grow the team while improving the enterprise control function.
• Organizational Change Management – 3 – 5 years - defining, prioritizing and socializing the people, process and technology changes required and collaborating to implement improved enterprise capabilities.
• Third Party Management – 3 – 5 years leading top tier consulting firm engagements to access the skills, capacity and scale to execute large-scale projects and/or managed services engagements.
• Controls Best Practices – 5 – 7 years applying National Institute of Standards and Technology (NIST 2.0), Center for Internet Security (CIS) or other industry frameworks.
• UCF – 3 – 5 years - applying the Unified Compliance Framework (UCF) to define and close gaps with authoritative sources

Responsibilities

• Stakeholder Management: Collaborate with different lines of business and IT organizations to understand their operations, identify control needs, and provide guidance on control implementation.
• Risk Assessment and Prioritization: Identify risks across the enterprise, including financial, operational, compliance, and reputational risks, through analysis of processes and internal controls.
• Business Process, Control Design and Implementation: Design, implement and sustain robust business processes, controls, and procedures to mitigate inherent risk.
• Technology Portfolio Strategy and Implementation: Design, implement, and maintain a robust portfolio of data protection and insider threat investigations technologies to support a comprehensive domain strategy.
• Control Monitoring and Evaluation: Develop and implement metrics and regularly assess the effectiveness of data protection processes and controls to identify and remediate identified gaps.
• Control Reporting and Communication: Prepare reports on enterprise-wide data protection process and control efficacy to include risk assessment results and policy adherence status to the board, senior management, and relevant stakeholders.
• Controls Strategy and Roadmap Development: Create enterprise-wide strategies and roadmaps to reduce risk through the implementation and maturity of preventative, detective and corrective data protection controls.
• People Leadership: Set the tone for the enterprise that aligns with industry controls best practices to enable the enterprise to achieve its financial and non-financial Objectives and Key Results (OKRs).
• Financial Management: Own the budget and develop business cases to make labor, hardware and software investments to protect the enterprise data environment while staying within financial forecast.
• Continuous Improvement: Proactively identify opportunities to enhance, expand and mature the data protection controls and control framework to optimize risk management processes.

Benefits

• Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates.
• Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays.
• Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan.