Senior Cybersecurity Risk Officer
Company: Truist Bank
Location: Charlotte
Posted on: April 2, 2026
|
|
|
Job Description:
The position is described below. If you want to apply, click the
Apply Now button at the top or bottom of this page. After you click
Apply Now and complete your application, you'll be invited to
create a profile, which will let you see your application status
and any communications. If you already have a profile with us, you
can log in to check status. Need Help? If you have a disability and
need assistance with the application, you can request a reasonable
accommodation. Send an email to Accessibility (accommodation
requests only; other inquiries won't receive a response). Regular
or Temporary: Regular Language Fluency: English (Required) Work
Shift: 1st shift (United States of America) Please review the
following job description: Serve as the independent oversight and
effective challenge function to the Chief Information Security
Officer covering the Cyber Security and Identity and Access
Management domains. Provide guidance to senior leaders across the
company on critical cyber control failures and issues; use judgment
to escalate significant issues and emerging risks; evaluate,
determine and communicate cyber and access management domain
maturity to Executive Leadership and the Board of Directors;
consistently and appropriately apply second line of defense
corporate authority for managing Truist’s technology risk,
including driving our overall risk appetite for the company for
Cyber related functions. This role will also support effective risk
oversight of Cyber–Fraud integration, with particular emphasis on
fraud’s dependency on strong authentication, identity controls, and
core cyber operations capabilities. This includes overseeing
alignment between fraud prevention, IAM, and cyber defense teams to
enable consistent, enterprise level risk management. Following is a
summary of the essential functions for this job. Other duties may
be performed, both major and minor, which are not mentioned below.
Specific activities may change from time to time. 1. Technology
Risk Leadership - Provide independent risk oversight (i.e. second
line of defense/LOD2) for Truist Technology through the effective
identification, mitigation, monitoring and reporting of
operational, technology, and compliance related risks within
Enterprise Technology with a specifics focus on the Cyber and
Identity and Access Management domains. 2. Strategic Alignment –
Provide Cyber and Information Security Risk governance that
supports the Truist organization’s strategies and objectives while
operating within established risk appetites; Provide effective
challenge of the Corporate Cybersecurity Strategy for Truist 3.
Industry engagement- lead engagement of peer institution second
line functions to influence the industry build of the tech risk /
cyber second line functions 4. Penetration / Red Team testing- lead
execution of independent second line Red Team / Penetration
Testing; work is typically commissioned by the Board, the CEO and /
or the CRO. 5. Value Delivery – Ensure that cyber / information
security risk resources, activities and initiatives are aligned to
enable and sustain achievement of business objectives within
forecasted spend rates while reducing risks; 6. Cyber / Information
Security Risk Assessment– Provide independent assessment and
oversight of the maturity of information security and adequacy of
cyber controls pertaining to information security in meeting agreed
to business outcomes for performance, stability, security and
service availability. Assessments should leverage agreed upon
metrics produced by Business Unit Risk Management (BURM) /first
line of defense – LOD1) but challenged and validated as
appropriate; 7. Independent Challenge of LOD1 assessments - Review
and attest to/challenge adequacy of risk assessments (i.e. Risk &
Control Self-Assessments, Application Assessments, Change Risk
Assessments) produced by BURM; 8. Committee Engagement – Serve as
member of the Technology Risk Committee and participate in the
Enterprise and Board Risk Committees and the Board Technology
Committee, when applicable for Cybersecurity topics; 9. Regulatory
Engagement Oversight - Ensure effectiveness and structure in
regulatory engagement practices, including responses out of the
Corporate Cyber Security Group; 10. Training and Communication -
Encourage and monitor Cyber education, skills training and adoption
goals to drive improved Cyber risk culture and awareness 11. Policy
& Standard Leadership – Engage on Technology Risk policy
governance. Provide direction and guidance in the development,
implementation and communication of Cybersecurity policies,
procedures and standards; Oversight of multiple enterprise-wide
policies including Cyber Security and Identity and Access
Management and Truist Cloud. 12. Third Party Management Risk
Oversight - Monitor, assess and challenge as appropriate
significant third-party and vendor relationships within Enterprise
Technology; 13. Cross-Organizational Communication - Develop and
maintain effective channels of communication with other CROs,
control functions, Senior Business Unit (BU) management, as well as
regulatory agencies; 14. Talent Management - Lead, manage and
develop teammates directly and indirectly; influence cybersecurity
talent management through recommendations to Truist senior
leadership, including the Board of Directors, to inform decisions
on resource allocations to close control gaps. Qualifications
Required Qualifications: The requirements listed below are
representative of the knowledge, skill and/or ability required.
Reasonable accommodations may be made to enable individuals with
disabilities to perform the essential functions. 1. Bachelor’s
degree in financial-related discipline, or equivalent education and
related training 2. Fifteen years of experience or equivalent
proficiency in managing people with demonstrated high competency in
recruiting, developing, and coaching/mentoring 3. Fifteen - Twenty
years of experience in a financial institution with emphasis on
risk management or equivalent work experience 4. Ten years of large
scale technology operations and infrastructure background,
including extensive knowledge of technology policy, procedures and
regulations 5. Knowledge of key technology rules/regulations and
technology risk management practices (e.g. Federal Financial
Institutions Examination Council (FFIEC), Control Objectives for
Information and Related Technology (COBIT), NIST (National
Institute of Standards and Technology), Information Technology
Infrastructure Library (ITIL)). 6. Excellent leadership skills
including the ability to lead direct and indirect reports 7.
Excellent communication (verbal and written), presentation and
facilitation skills; ability to influence and communicate with
impact Preferred Qualifications: 1. Master’s degree in Finance or
Business equivalent 2. Professional designations such as Certified
Information Systems Auditor (CISA), Certified in Risk and
Information Systems Control (Information Systems Audit and Control
Association) (CRISC), Certified Project Manager (CPM) 3. Strategic
business and financial planning experience 4. Experience with audit
processes and techniques General Description of Available Benefits
for Eligible Employees of Truist Financial Corporation: All regular
teammates (not temporary or contingent workers) working 20 hours or
more per week are eligible for benefits, though eligibility for
specific benefits may be determined by the division of Truist
offering the position. Truist offers medical, dental, vision, life
insurance, disability, accidental death and dismemberment,
tax-preferred savings accounts, and a 401k plan to teammates.
Teammates also receive no less than 10 days of vacation (prorated
based on date of hire and by full-time or part-time status) during
their first year of employment, along with 10 sick days (also
prorated), and paid holidays. For more details on Truist’s generous
benefit plans, please visit our Benefits site . Depending on the
position and division, this job may also be eligible for Truist’s
defined benefit pension plan, restricted stock units, and/or a
deferred compensation plan. As you advance through the hiring
process, you will also learn more about the specific benefits
available for any non-temporary position for which you apply, based
on full-time or part-time status, position, and division of work.
Truist is an Equal Opportunity Employer that does not discriminate
on the basis of race, gender, color, religion, citizenship or
national origin, age, sexual orientation, gender identity,
disability, veteran status, or other classification protected by
law. Truist is a Drug Free Workplace. EEO is the Law E-Verify IER
Right to Work
Keywords: Truist Bank, Rock Hill , Senior Cybersecurity Risk Officer, IT / Software / Systems , Charlotte, South Carolina
