The position is described below. If you want to apply, click the Apply Now button at the top or bottom of this page. After you click Apply Now and complete your application, you'll be invited to create a profile, which will let you see your application status and any communications. If you already have a profile with us, you can log in to check status.

Need Help?

If you have a disability and need assistance with the application, you can request a reasonable accommodation. Send an email to Accessibility (accommodation requests only; other inquiries won't receive a response).

Regular or Temporary:

Regular

Language Fluency:  English (Required)

Work Shift:

1st shift (United States of America)

Please review the following job description:

An executive-level role that is accountable for transforming the data protection function, inclusive of data loss prevention, data tagging and labeling, encryption, insider threat investigations, and user & entity behavior analytics (UEBA) across the enterprise. This is a line of business and IT facing role that will identify, assess, and mitigate risks across the organization by designing, implementing, and monitoring business process, risk and controls to ensure compliance with laws, rules and regulations to protect the organization’s data from unauthorized use or disclosure, while maintaining operational efficiency. This includes collaboration with prudential regulators, the board of directors, senior executives in the lines of business, enterprise technology, external and internal auditors, risk management, governance and controls office, and regulatory relations to evaluate and improve business processes, controls, and procedures. This role will be responsible for driving the technology strategy, engineering, and operational functions of the Data Protection program for both on-premise and cloud-based data. The role requires enterprise-wide exposure, visibility and accessibility, and must be located in Charlotte, Atlanta, or Raleigh in an office-centric workstyle.

ESSENTIAL DUTIES AND RESPONSIBILITIES
Following is a summary of the essential functions for this job.  Other duties may be performed, both major and minor, which are not mentioned below.  Specific activities may change from time to time.

1. Stakeholder Management: Collaborate with different lines of business and IT organizations to understand their operations, identify control needs, and provide guidance on control implementation.
2. Risk Assessment and Prioritization: Identify risks across the enterprise, including financial, operational, compliance, and reputational risks, through analysis of processes and internal controls. 
3. Business Process, Control Design and Implementation: Design, implement and sustain robust business processes, controls, and procedures to mitigate inherent risk.
4. Technology Portfolio Strategy and Implementation: Design, implement, and maintain a robust portfolio of data protection and insider threat investigations technologies to support a comprehensive domain strategy.
5. Control Monitoring and Evaluation: Develop and implement metrics and regularly assess the effectiveness of data protection processes and controls to identify and remediate identified gaps.
6. Control Reporting and Communication: Prepare reports on enterprise-wide data protection process and control efficacy to include risk assessment results and policy adherence status to the board, senior management, and relevant stakeholders.
7. Controls Strategy and Roadmap Development: Create enterprise-wide strategies and roadmaps to reduce risk through the implementation and maturity of preventative, detective and corrective data protection controls.
8. People Leadership: Set the tone for the enterprise that aligns with industry controls best practices to enable the enterprise to achieve its financial and non-financial Objectives and Key Results (OKRs). 
9. Financial Management: Own the budget and develop business cases to make labor, hardware and software investments to protect the enterprise data environment while staying within financial forecast.
10. Continuous Improvement: Proactively identify opportunities to enhance, expand and mature the data protection controls and control framework to optimize risk management processes.

QUALIFICATIONS
Required Qualifications:
The requirements listed below are representative of the knowledge, skill and/or ability required.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

1. Data Loss Prevention – 7 – 10 years leading the engineering and operations for on-premises, cloud, application programming interfaces, and software as a service across the enterprise and subs and affiliates.

2. Encryption – 7 – 10 years deployment and execution of encryption technologies and processes across infrastructure, applications, and containers across on-premises, cloud and sub or affiliate entities.

3. Data Tagging & Labeling – 5 – 7 years implementing and leveraging enterprise-class data tagging and labeling technologies and processes, including driving stakeholder engagement and education.

4. Insider Threat Investigations – 5 – 7 years leading the engineering, implementation, operations, and case management for a robust insider threat investigation program.

5. UEBA (User & Entity Behavior Analytics) – 3 – 5 years leading the engineering, implementation, and operations of an enterprise UEBA solution.

6. Business Process Reengineering – 5 – 7 years experience with strategic evaluation of business processes and collaborative reengineering to maximize efficacy, efficiency, and sustainability.

7. Remediation Management – 7 – 10 years leading operations teams that are accountable for remediating data loss prevention, encryption, and insider threat exposures with stakeholders across the lines of business and enterprise technology.

8. Line of Defense Management – 7 – 10 years engaging with risk partner and audit teams to develop and evidence solutions that quantifiably reduce risk and enable capability maturity.

9. Tools Management – 5 – 7 years leveraging enterprise-class data loss prevention, data discovery  / tagging / labeling, encryption, UEBA, and insider threat management tools to automate and improve processes, reporting and workflow executed by internal and external stakeholders.

10. Strategic Planning – 7 – 10 years showing a proactive and action-oriented disposition to strategic planning to enable proactive, scalable, and integrated roadmaps for a top US bank.

11. Governance, Risk and Controls (GRC) –3 – 5 years demonstrating ability to work across lines of defense to define and drive the success criteria needed to guide execution as an enterprise control function in meeting the expectations from authoritative sources (e.g., NYDFS, GLBA, NIST, FFIEC).

12. Business Acumen – 7 – 10 years understanding needs of the business, presenting options and making decisions while not disrupting or negatively impacting the business, the associate or customer experience.

13. Emotional Intelligence – 7 – 10 years demonstrating it in formal and informal settings, including professionalism, situational awareness and personal accountability to strengthen security’s reputation.

14. Executive Relationships – 7 – 10 years building mutual-respect and partnership with senior leaders in lines of business, enterprise technology, risk partners, audit, regulatory relations and prudential regulators.

15. Executive Presence – 7 – 10 years independently managing relationships with the board, C-level leadership, line of business and enterprise technology leaders, lines of defense and prudential regulators.

16. Program Management – 7 – 10 years planning, building, and managing the execution of enterprise-wide transformation programs that reduce risk and improve efficiency across the enterprise.

17. Collaboration – 7 – 10 years proactively engaging stakeholders to assess, design, implement and sustain solutions based on a shared understanding, which is used to socialize and adopt process and controls.

18. Bachelor’s Degree – computer science, information security, or a related field (or equivalent experience).

Preferred Qualifications:

1. Top US Bank Experience – 7 – 10 years leading security and enterprise technology teams in a comparable environment to Truist in terms of size, scope, complexity and scalability

2. Executive Communications – 7 – 10 years demonstrating clear, focused, concise and adaptable written and verbal communication when engaging with stakeholders representing diverse backgrounds and levels.

3. Enterprise-wide Change Leadership – 5 – 7 years across multiple lines of business and enterprise technology teams to reduce risk and fundamentally change the way we interact and work as a company

4. Leadership Development – 5 – 7 years designing and developing career paths for direct reports and high potential resources to strengthen and grow the team while improving the enterprise control function.

5. Organizational Change Management – 3 – 5 years - defining, prioritizing and socializing the people, process and technology changes required and collaborating to implement improved enterprise capabilities.

6. Third Party Management – 3 – 5 years leading top tier consulting firm engagements to access the skills, capacity and scale to execute large-scale projects and/or managed services engagements.

7. Controls Best Practices – 5 – 7 years applying National Institute of Standards and Technology (NIST 2.0), Center for Internet Security (CIS) or other industry frameworks.

8. UCF – 3 – 5 years - applying the Unified Compliance Framework (UCF) to define and close gaps with authoritative sources

General Description of Available Benefits for Eligible Employees of Truist Financial Corporation: All regular teammates (not temporary or contingent workers) working 20 hours or more per week are eligible for benefits, though eligibility for specific benefits may be determined by the division of Truist offering the position. Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates. Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays. For more details on Truist’s generous benefit plans, please visit our Benefits site. Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan. As you advance through the hiring process, you will also learn more about the specific benefits available for any non-temporary position for which you apply, based on full-time or part-time status, position, and division of work.

Truist is an Equal Opportunity Employer that does not discriminate on the basis of race, gender, color, religion, citizenship or national origin, age, sexual orientation, gender identity, disability, veteran status, or other classification protected by law. Truist is a Drug Free Workplace.

EEO is the Law    E-Verify IER Right to Work