PLEASE REVIEW THE FOLLOWING JOB DESCRIPTION:

Responsible for overseeing the design, development, implementation, and support of our scalable, modern, and durable security capabilities. This role requires a technical leader with a strategic mindset, capable of managing a high-performing team of engineers, and adept at working in a complex highly regulated environment. You’ll work closely with key stakeholders to align cybersecurity capabilities with business goals, ensure proper security governance and risk management, and mentor team members in their professional growth.

REQUIRED QUALIFICATIONS:

The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
1. Bachelor’s degree in business, cybersecurity, computer science or equivalent and related education, training or experience.
2. Twenty (20) or more years direct experience in financial services, cybersecurity, or information technology (IT)
3. Fifteen (15) or more years direct experience managing teams, processes, and technology related to information security.
4. Ten (10) or more years’ experience managing security engineering teams of teams (25+ teammates)
5. Fifteen (15) or more years’ experience in managing, delivering, and maturing cyber capabilities that directly support Network Security, Vulnerability Management, End Point Security, Application Security, Identity and Access Management, Incident Detection and Response.
6. Proven history of managing multiple, concurrent projects, activities, and tasks under time constraints.
7. Strong interpersonal skills and the ability to interface with all levels of personnel (executive to entry level).
8. Experience in managing numerous vendor partnerships to ensure the appropriate levels of support for cyber capabilities.
9. Deep knowledge of cybersecurity frameworks (e.g., NIST, ISO 27001) and financial industry regulations (e.g., PCI DSS, SOX, GLBA).

PREFERRED QUALIFICATIONS:

1. Master’s degree in business, cybersecurity, computer science or equivalent and related education, training or experience.
2. Experience with large bank risk management frameworks and managing remediation of risk issues.
3. Knowledge of threat intelligence and incident response best practices.
4. Advanced certifications such as CISSP, CISM, GIAC, or Cloud Security certifications (e.g., AWS Certified Security Specialty).
5. Experience managing budgets for technology teams, ensuring efficient allocation of resources and investments.
6. Experience with DevSecOps practices, including integrating security into CI/CD pipelines and working with containerized environments.
7. Experience with automation tools and security orchestration, automation, and response (SOAR) platforms.
8. Experience with Agile/Scrum methodologies and product management tools (e.g., JIRA, Confluence, Clarity)

Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.
1. Lead engineering teams across multiple security domains, including staff allocation, mentoring, enhancing, and maintaining best-of-class development across multiple teams and disciplines.
2. Develop and deliver strategic cyber security initiatives/ technical capabilities which align with business goals, regulatory requirements, and budget.
3. Provide technical subject matter expertise and ensure implementation of information security architecture, risk management standards, best practices, and systems/processes to provide information privacy/protection.
4. Work with security architects, enterprise architects, capability owners, engineering managers, and engineers to design and deploy mature development practices/methodologies.
5. Build partnerships with business unit and technology leaders to establish a validated capacity/demand plan that enables delivery of the security capabilities roadmap and technology investments.
6. Monitor controls to ensure that the availability, reliability, performance, and service levels meet or exceed established thresholds.
7. Advance innovative cybersecurity approaches that drive dramatic increases in business value, improve Truist’s security posture, reduced time to deliver, and reductions in total cost of ownership.
8. Collaborate with risk partners to ensure security solutions meet regulatory and internal policy requirements.