The position is described below. If you want to apply click the Apply Now button at the top or bottom of this page. After you click Apply Now and complete your application youll be invited to create a profile which will let you see your application status and any communications. If you already have a profile with us you can log in to check status.

Need Help

If you have a disability and need assistance with the application you can request a reasonable accommodation. Send an email to Accessibility (accommodation requests only; other inquiries wont receive a response).

Regular or Temporary:

Language Fluency: English (Required)

Work Shift:

Please review the following job description:

ESSENTIAL DUTIES AND RESPONSIBILITIES
Following is a summary of the essential functions for this job. Other duties may be performed both major and minor which are not mentioned below. Specific activities may change from time to time.

1. Stakeholder Management: Collaborate with different lines of business and IT organizations to understand their operations identify control needs and provide guidance on control implementation.
2. Risk Assessment and Prioritization: Identify risks across the enterprise including financial operational compliance and reputational risks through analysis of processes and internal controls.
3. Business Process Control Design and Implementation: Design implement and sustain robust business processes controls and procedures to mitigate inherent risk.
4. Technology Portfolio Strategy and Implementation: Design implement and maintain a robust portfolio of data protection and insider threat investigations technologies to support a comprehensive domain strategy.
5. Control Monitoring and Evaluation: Develop and implement metrics and regularly assess the effectiveness of data protection processes and controls to identify and remediate identified gaps.
6. Control Reporting and Communication: Prepare reports on enterprise-wide data protection process and control efficacy to include risk assessment results and policy adherence status to the board senior management and relevant stakeholders.
7. Controls Strategy and Roadmap Development: Create enterprise-wide strategies and roadmaps to reduce risk through the implementation and maturity of preventative detective and corrective data protection controls.
8. People Leadership: Set the tone for the enterprise that aligns with industry controls best practices to enable the enterprise to achieve its financial and non-financial Objectives and Key Results (OKRs).
9. Financial Management: Own the budget and develop business cases to make labor hardware and software investments to protect the enterprise data environment while staying within financial forecast.
10. Continuous Improvement: Proactively identify opportunities to enhance expand and mature the data protection controls and control framework to optimize risk management processes.

QUALIFICATIONS
Required Qualifications:
The requirements listed below are representative of the knowledge skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

1. Data Loss Prevention 7 10 years leading the engineering and operations for on-premises cloud application programming interfaces and software as a service across the enterprise and subs and affiliates.

2. Encryption 7 10 years deployment and execution of encryption technologies and processes across infrastructure applications and containers across on-premises cloud and sub or affiliate entities.

3. Data Tagging & Labeling 5 7 years implementing and leveraging enterprise-class data tagging and labeling technologies and processes including driving stakeholder engagement and education.

4. Insider Threat Investigations 5 7 years leading the engineering implementation operations and case management for a robust insider threat investigation program.

5. UEBA (User & Entity Behavior Analytics) 3 5 years leading the engineering implementation and operations of an enterprise UEBA solution.

6. Business Process Reengineering 5 7 years experience with strategic evaluation of business processes and collaborative reengineering to maximize efficacy efficiency and sustainability.

7. Remediation Management 7 10 years leading operations teams that are accountable for remediating data loss prevention encryption and insider threat exposures with stakeholders across the lines of business and enterprise technology.

8. Line of Defense Management 7 10 years engaging with risk partner and audit teams to develop and evidence solutions that quantifiably reduce risk and enable capability maturity.

9. Tools Management 5 7 years leveraging enterprise-class data loss prevention data discovery / tagging / labeling encryption UEBA and insider threat management tools to automate and improve processes reporting and workflow executed by internal and external stakeholders.

10. Strategic Planning 7 10 years showing a proactive and action-oriented disposition to strategic planning to enable proactive scalable and integrated roadmaps for a top US bank.

11. Governance Risk and Controls (GRC) 3 5 years demonstrating ability to work across lines of defense to define and drive the success criteria needed to guide execution as an enterprise control function in meeting the expectations from authoritative sources (e.g. NYDFS GLBA NIST FFIEC).

12. Business Acumen 7 10 years understanding needs of the business presenting options and making decisions while not disrupting or negatively impacting the business the associate or customer experience.

13. Emotional Intelligence 7 10 years demonstrating it in formal and informal settings including professionalism situational awareness and personal accountability to strengthen securitys reputation.

14. Executive Relationships 7 10 years building mutual-respect and partnership with senior leaders in lines of business enterprise technology risk partners audit regulatory relations and prudential regulators.

15. Executive Presence 7 10 years independently managing relationships with the board C-level leadership line of business and enterprise technology leaders lines of defense and prudential regulators.

16. Program Management 7 10 years planning building and managing the execution of enterprise-wide transformation programs that reduce risk and improve efficiency across the enterprise.

17. Collaboration 7 10 years proactively engaging stakeholders to assess design implement and sustain solutions based on a shared understanding which is used to socialize and adopt process and controls.

18. Bachelors Degree computer science information security or a related field (or equivalent experience).

Preferred Qualifications:

1. Top US Bank Experience 7 10 years leading security and enterprise technology teams in a comparable environment to Truist in terms of size scope complexity and scalability

2. Executive Communications 7 10 years demonstrating clear focused concise and adaptable written and verbal communication when engaging with stakeholders representing diverse backgrounds and levels.

3. Enterprise-wide Change Leadership 5 7 years across multiple lines of business and enterprise technology teams to reduce risk and fundamentally change the way we interact and work as a company

4. Leadership Development 5 7 years designing and developing career paths for direct reports and high potential resources to strengthen and grow the team while improving the enterprise control function.

5. Organizational Change Management 3 5 years - defining prioritizing and socializing the people process and technology changes required and collaborating to implement improved enterprise capabilities.

6. Third Party Management 3 5 years leading top tier consulting firm engagements to access the skills capacity and scale to execute large-scale projects and/or managed services engagements.

7. Controls Best Practices 5 7 years applying National Institute of Standards and Technology (NIST 2.0) Center for Internet Security (CIS) or other industry frameworks.

8. UCF 3 5 years - applying the Unified Compliance Framework (UCF) to define and close gaps with authoritative sources

General Description of Available Benefits for Eligible Employees of Truist Financial Corporation: All regular teammates (not temporary or contingent workers) working 20 hours or more per week are eligible for benefits though eligibility for specific benefits may be determined by the division of Truist offering the offers medical dental vision life insurance disability accidental death and dismemberment tax-preferred savings accounts and a 401k plan to teammates. Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment along with 10 sick days (also prorated) and paid holidays. For more details on Truists generous benefit plans please visit our Benefits site. Depending on the position and division this job may also be eligible for Truists defined benefit pension plan restricted stock units and/or a deferred compensation plan. As you advance through the hiring process you will also learn more about the specific benefits available for any non-temporary position for which you apply based on full-time or part-time status position and division of work.

Truist is an Equal Opportunity Employer that does not discriminate on the basis of race gender color religion citizenship or national origin age sexual orientation gender identity disability veteran status or other classification protected by law. Truist is a Drug Free Workplace.

EEO is the Law E-Verify IER Right to Work