Language Fluency: English (Required)

Work Shift:

Please review the following job description:

Following is a summary of the essential functions for this job. Other duties may be performed both major and minor which are not mentioned below. Specific activities may change from time to time.

1. Technology Risk Leadership Provide independent risk oversight (i.e. second line of defense/LOD2) for Truist Technology through the effective identification mitigation monitoring and reporting of operational technology and compliance related risks within Enterprise Technology with a specifics focus on the Cyber and Identity and Access Management domains.

2. Strategic Alignment Provide Cyber and Information Security Risk governance that supports the Truist organizations strategies and objectives while operating within established risk appetites; Provide effective challenge of the Corporate Cybersecurity Strategy for Truist

3. Industry engagement lead engagement of peer institution second line functions to influence the industry build of the tech risk / cyber second line functions

4. Penetration / Red Team testing lead execution of independent second line Red Team / Penetration Testing; work is typically commissioned by the Board the CEO and / or the CRO.

5. Value Delivery Ensure that cyber / information security risk resources activities and initiatives are aligned to enable and sustain achievement of business objectives within forecasted spend rates while reducing risks;

6. Cyber / Information Security Risk Assessment Provide independent assessment and oversight of the maturity of information security and adequacy of cyber controls pertaining to information security in meeting agreed to business outcomes for performance stability security and service availability. Assessments should leverage agreed upon metrics produced by Business Unit Risk Management (BURM) /first line of defense LOD1) but challenged and validated as appropriate;

7. Independent Challenge of LOD1 assessments Review and attest to/challenge adequacy of risk assessments (i.e. Risk & Control SelfAssessments Application Assessments Change Risk Assessments) produced by BURM;

8. Committee Engagement Serve as member of the Technology Risk Committee and participate in the Enterprise and Board Risk Committees and the Board Technology Committee when applicable for Cybersecurity topics;

9. Regulatory Engagement Oversight Ensure effectiveness and structure in regulatory engagement practices including responses out of the Corporate Cyber Security Group;

10. Training and Communication Encourage and monitor Cyber education skills training and adoption goals to drive improved Cyber risk culture and awareness

11. Policy & Standard Leadership Engage on Technology Risk policy governance. Provide direction and guidance in the development implementation and communication of Cybersecurity policies procedures and standards; Oversight of multiple enterprisewide policies including Cyber Security and Identity and Access Management and Truist Cloud.

12. Third Party Management Risk Oversight Monitor assess and challenge as appropriate significant thirdparty and vendor relationships within Enterprise Technology;

13. CrossOrganizational Communication Develop and maintain effective channels of communication with other CROs control functions Senior Business Unit (BU) management as well as regulatory agencies;

14. Talent Management Lead manage and develop teammates directly and indirectly; influence cybersecurity talent management through recommendations to Truist senior leadership including the Board of Directors to inform decisions on resource allocations to close control gaps.

Qualifications

Required Qualifications:

The requirements listed below are representative of the knowledge skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

1. Bachelors degree in financialrelated discipline or equivalent education and related training

2. Fifteen years of experience or equivalent proficiency in managing people with demonstrated high competency in recruiting developing and coaching/mentoring

3. Fifteen Twenty years of experience in a financial institution with emphasis on risk management or equivalent work experience

4. Ten years of large scale technology operations and infrastructure background including extensive knowledge of technology policy procedures and regulations

5. Knowledge of key technology rules/regulations and technology risk management practices (e.g. Federal Financial Institutions Examination Council (FFIEC) Control Objectives for Information and Related Technology (COBIT) NIST (National Institute of Standards and Technoloy) Information Technology Infrastructure Library (ITIL)).

6. Excellent leadership skills including the ability to lead direct and indirect reports

7. Excellent communication (verbal and written) presentation and facilitation skills; ability to influence and communicate with impact

Preferred Qualifications:

1. Masters degree in Finance or Business equivalent

2. Professional designations such as Certified Information Systems Auditor (CISA) Certified in Risk and Information Systems Control (Information Systems Audit and Control Association) (CRISC) Certified Project Manager (CPM)

3. Strategic business and financial planning experience

4. Experience with audit processes and techniques