SOX Identity and Access Management Governance Strategist

About The Position

Requirements

• Bachelor’s degree in Business, Finance, Communications or equivalent education and related training.
• Eight to twelve years of financial services or risk management experience, and/or equivalent education, training and experience.
• Strong interpersonal and relationship management skills with ability to interact and communicate within all levels of organization, across functions, and within public sector/governmental agencies.
• Strong analytical, cognitive, conceptual, critical thinking and organizational skills.
• Demonstrated leadership, communication (verbal and written), presentation and facilitation skills.
• Demonstrated planning ability with demonstrated judgment, problem-solving and decision-making skills.
• Demonstrated proficiency in basic computer applications, such as Microsoft Office software products.

Nice To Haves

• Seven plus years of experience auditing SOX 404 / 302 ITGC controls, particularly within logical security and Identity & Access Management (IAM).
• Working knowledge of IAM concepts such as provisioning, de‑provisioning, role-based access, privileged access management (PAM), authentication/authorization mechanisms, and access review processes.
• Hands-on or oversight experience with IAM platforms (e.g., SailPoint, Active Directory / Azure AD, CyberArk, etc.).
• Experience supporting or executing ITGC walkthroughs, control testing, or evaluating IT control deficiencies.
• Familiarity with SOC 1 / SOC 2 reporting and related control environments.

Responsibilities

• ITGC Risk & Control Expertise (Logical Security Focus)
• Issue Resolution & Analytical Problem-Solving
• Governance Routines & Reporting
• Auditor Coordination & Request Management
• SOX Issue Management & Remediation Tracking
• Organizational & Project Management Skills
• Technology Partner Collaboration
• Provide coordination, effective challenge and robust independent oversight of policies, limits, and committees to drive effective governance structures and requirements to effectively manage and mitigate risks within assigned business units and support alignment with the overall corporate strategy.
• Provide consultative leadership and develop working relationships across assigned business units and committees to drive the implementation and execution of a multi-level governance document structure and comprehensive inventory for all defined governance materials.
• Support and contribute to the design, implementation, and execution of comprehensive, forward-looking and risk-based frameworks, processes, and systems for prioritizing, structuring, reviewing and approving governance materials throughout the company.
• Support the monitoring and execution of risk governance policies and procedures to establish defined processes, clear roles and responsibilities, and effective challenge routines.
• Identify and monitor risk governance exceptions, issues, and emerging trends across assigned business units and committees to drive their remediation, acceptance, or escalation to governing bodies.
• Document the governance and reporting program including methodologies, processes and procedures, report writing, conventions for consistently vetting and documenting findings and working papers.
• Lead the Development and maintenance of processes and procedures to ensure the accuracy of the reports produced by the team.
• Evaluate control weakness or key indicators exceeding risk limits and perform root cause analysis.
• Build a working knowledge of the business units strategic plan, key objectives, risk appetite statement, and RSCA process to understand the risks identified and controls applied to mitigate them in order to execute ad hoc risk management initiatives and controls testing.
• Assist in the detection of emerging and/or under recognized risks.
• Conduct data aggregation to support risk appetite framework and quarterly profile, including KRI's and ongoing risk identification.
• Assist business leaders in development of RAF metrics and thresholds.
• Generate content for regular management and risk program governance committees.
• Facilitate Risk Committee and other risk committee/working groups.
• Demonstrate Truist’s risk culture.

Benefits

• Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates.
• Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays.
• Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan.