- Develop implement and maintain a comprehensive enterprise wide information security program to ensure that access to the organization s information assets is appropriately monitored governed protected and provisioned during processing transmission and while at rest
- Manage operations related to internal and external fraud information security cyber resiliency physical security and business continuity
- Lead and oversee the design development maintenance and delivery of enterprise wide information security measures e
- g
- key performance indicators and key risk indicators including security related technologies for systems applications and data
- Ensure that the information security program meets objectives for the protection integrity and availability of restricted and customer data stored in or transmitted through the enterprise
- Ensure that policies standards architecture and practices are aligned with regulatory requirements
- Oversee incident response planning and the management of security incidents and events to protect IT assets including critical information infrastructure intellectual property and company reputation
- Inform Executive Management Risk Management and Board committees of Truist s information security performance security trends emerging threats industry initiatives and key issues
- Develop and deploy comprehensive awareness and education programs that provide actionable and practical information to associates e
- g
- via digital user interfaces and meet regulatory requirements
- Provide significant oversight of cyber related interactions with regulators internal and external auditors and industry associations and remain accountable to the Board of Directors for associated regulatory assertions of adequacy
- Stay informed of and influence where possible current and emerging legislation and regulations related to information security
- Represent organization on relevant internal and external industry committees
- Maintain relationships with local state and federal law enforcement and other government agencies
- Certification in Information Security Management e
- g
- Certified Information Systems Security Professional CISSP Certified in Risk and Information Systems Control CRISC or Certified Information Security Manager CISM or related security certification s applicable FINRA licenses
- Significant experience in leading teams both directly and influencing in a matrix environment
- Proven experience in driving change and being able to effectively communicate strategy and execute a roadmap to achieve short and long term goals
- Ability to take multiple risk disciplines and put into a concise vision strategy for the organization must be able to confidently present security material to executive leaders including the Board of Directors
Domain->Infrastructure-Information Security Management->Information Security Compliance,Foundational->Cybersecurity Competency Management->Cyber Competency Strategy Planning
