Lead and direct all assessment, onsite or remote, activities in support of the Supplier Technology Risk Assessment program. This program is performing risk and control assessments on third-party suppliers as it relates to the Technology Risk and Cybersecurity.
ESSENTIAL DUTIES AND RESPONSIBILITIES
Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.
Provide leadership for the onsite and remote technology assessment teams in the identification, assessment, control, and reporting of technology risk associated with the use of third parties for delivery of products/services to Truist
Provides direction to the assessment team in regards to managing the risk assessment work queue, including assessor assignments, assessment prioritization, cycle time and final approval of all completed assessments.
Represents Enterprise Technology’s Technology Supplier Management Office (TSMO) by cultivating partnerships with strategic business partners including Third Party Risk Management (TPRM), Tech Risk, Business Unit Service Managers, Risk Domain SMEs and Sourcing for all aspects regarding the STAT Risk Assessment program.
Serves as the primary consultant regarding supplier escalations as it pertains to the Technology Risk.
Provides direction, coaching, and mentoring for assigned professional risk management assessment staff regarding performance evaluation, training and career development.
Monitor domain and developing technologies/use cases to highlight emerging risks
Leads program enhancement initiatives to ensure the assessment methodology is effectively and accurately identifying Supplier Technology Risks as well as ensuring alignment with TPRM direction.
Ability to travel as required, occasionally overnight
QUALIFICATIONS
Required Qualifications:
The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Bachelor’s degree and six to eight years of experience in systems engineering or administration or an equivalent combination of education and work experience
Deep specialized and/or broad functional knowledge in applied enterprise information security technologies including but not limited to firewalls, intrusion detection/prevention systems, network operating systems, identity management, database activity monitoring, encryption, content filtering, and Mainframe security
Previous experience in leading complex IT projects
Preferred Qualifications:
Bachelor’s degree in Business, Computer Science, Cybersecurity or related disciplines
10+ years of IT Risk Management, Cybersecurity, Technical Operations or IT Auditing experience
10+ years of experience or an equivalent combination of education and work experience.
5+ years of experience leading a team of professional risk management practitioners
Master’s degree or other advanced degree in disciplines mentioned above.
Proven experience leading a team of professionals
Advanced knowledge of regulatory requirements (GLBA, HIPAA, SOX), industry standards (PCI) and IT control frameworks (COBIT, ITIL, ISO, NIST)
One or more professional certifications such as CISSP, CRISC, CISM, CISA or CRP
Experience with GRC program tools such as Archer and Know Your Third Party (KY3P).
Strong skill sets in the following: team leadership and interpersonal relationships, analytical and problem-solving, verbal and written communication, process improvement, and project management.
Ability to communicate Technology risk concepts to a broad range of technical and non-technical teammates including Senior Management.
Demonstrated proficiency in basic computer applications such as Microsoft Office software products.
Previous experience as a Supplier Manager, or equivalent experience/knowledge of the third-party Management program and best practices
Certification in Lean Six Sigma or similar process improvement, facilitation, and project management methodologies.
Banking or financial services experience.