Responsible for the identification, tracking, resolution, and reporting of cyber and fraud risks across the Truist Protection Services (TPS) organization following enterprise information risk management policies and standards. S/he is responsible for identifying, monitoring and reporting risks and ensure appropriate actions are taken to maintain risk and issue management metrics within tolerance. S/he is responsible for advancing the Program by driving risk mitigation activities, feeding actionable reporting to enterprise risk management committees, and coordinating with other risk managers across the firm. The position will work closely with the Chief Security Officer and Senior Leadership and Business teams to manage risks through their full lifecycle. The ideal candidate will have a broad knowledge of Information Security functions and Fraud, technologies (including digital/cloud), banking cyber risk management frameworks, and current cyber risks. The ideal candidate will also have prior experience building and running an Information Security risk and issue management function in the US for a large bank with merger/acquisition transformational change. ESSENTIAL DUTIES AND RESPONSIBILITIES Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time. - Define and oversee issue management governance routines to maintain the health of the TPS issue management portfolio, ensuring metrics remain within established tolerances. - Facilitate and coordinate cross-functional meetings with stakeholders involved in risk and issue management to develop effective remediation plans aligned with Enterprise Risk Management frameworks. - Provide leadership and support for information security and fraud risk management across Truist Protection Services operational functions, including GRC, Fraud, Cyber Operations, Cyber Protection, and Identity & Access Management. - Establish and maintain program metrics for TPS, partnering with Second Line Risk Management to align with executive reporting requirements and the organization’s risk appetite; ensure KPIs and KRIs are defined, implemented, tracked, and reported monthly. - Collaborate with issue owners, technical SMEs, GCO, and Second Line of Defense to ensure consistent risk evaluation and thorough documentation of risk rationale and mitigating controls that support risk ratings. - Advise process and control owners on risk identification, as well as the design, documentation, and implementation of effective controls to mitigate identified risks. - Drive continuous improvement by leveraging industry-standard frameworks and methodologies, gathering feedback and performance metrics (e.g., quality, delivery), and enhancing team capabilities. - Ensure remediation activities are executed in alignment with agreed-upon plans across all lines of defense, with a focus on effective risk mitigation. - Develop closure narratives and compile supporting evidence to demonstrate that risks have been remediated appropriately and in accordance with organizational risk appetite. - Build and strengthen partnerships with Second and Third Line of Defense teams, fostering trust through transparency, proactive communication, and consistent alignment on risk management objectives. - Build stakeholder trust through consistent, timely delivery of high-quality closure packages that clearly document remediation actions and long-term sustainability. - Establish strong collaboration, working partnerships and alignment across teams in Truist, with a special focus on Second Line IT Risk Management team. Develop a strong “we deliver together” culture. Qualifications Required Qualifications The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. 1. Bachelor’s degree in Information Technology, Information Security, Engineering, or related field. 2. Minimum of 7 years of professional experience in technologygovernance. 3. Strong knowledge of regulatory requirements and compliance frameworks. 4. Experience applying governance assessment methodologies and control frameworks. Preferred Qualifications ·Master’s degree or MBA and ten years of experience or an equivalent combination of education and work experience. ·CISSP, CISM and/or CISA Certification ·Banking or financial services experience. ·Broad knowledge of Information Security frameworks (e.g. NIST, FFIEC), regulations (SOX, GLBA, NYDFS), functions (Anticipate, Protect, Detect, Respond) and cyber controls. ·Expertise with information security risk management, working across IT and Business functions and with Second and Third lines of Defense, and Regulators.This includes experience using industry frameworks such as ITIL, COBIT, NIST CSF, CIS RAM ·Ability to create a strong network of relationships among peers, internal partners, external constituencies and decision makers to deliver end products. ·Experience preparing materials for and comfortable presenting to executive management ·Excellent written and oral communication skills ·Strong coordination, influencing and negotiation skills ·Excellent risk-based judgement and decision making General Description of Available Benefits for Eligible Employees of Truist Financial Corporation: All regular teammates (not temporary or contingent workers) working 20 hours or more per week are eligible for benefits, though eligibility for specific benefits may be determined by the division of Truist offering the position. Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates. Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays. For more details on Truist’s generous benefit plans, please visit . Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan. As you advance through the hiring process, you will also learn more about the specific benefits available for any non-temporary position for which you apply, based on full-time or part-time status, position, and division of work.