Truist Financial - Charlotte, NC
posted 2 days ago
Full-time - Senior
Charlotte, NC
Credit Intermediation and Related Activities
About the position
The Cybersecurity Risk Assessment Senior Consultant leads and implements the Cybersecurity Assessment program to ensure Truist has adequate controls that protect the organization against the most current threats. Maintains active oversight and understanding of Truist threat landscape working with the Threat Intelligence team and Cybersecurity Operations team. Oversees and manages the Corporate Cybersecurity Risk and Control Library as well as the control testing process and Risk and Control Self-Assessment (RCSA) to ensure the library remains accurate and up to date, identifies and implements risk and controls improvements and coordinates the correction of any identified gaps.
Responsibilities
- Updates and maintains Truist Cyber Risk Assessment methodology based on current threat landscape and industry frameworks/best practices (NIST 800.30, CIS RAM/Control library, MITTRE ATT&CK) applied to Truist environment.
- Ensure methodology and process is repeatable and auditable and data is socialized with all relevant stakeholders.
- Produces regular reporting on Cybersecurity Risk and Control Library and RCSA.
- Oversees control design and performance and remediation plans to improve control design and performance effectiveness.
- Maintains an up-to-date mapping between Risk and Control library and the current Threat landscape.
- Ensures a holistic and comprehensive list of data sources are incorporated into the Cybersecurity Assessment (control testing results, Cyber Maturity Assessment results, Audit findings, self-identified issues, etc.) while ensuring data completeness and accuracy.
- Produce quarterly materials of Cybersecurity assessment status and remediation actions as well as annual report for management and the Board.
Requirements
- Bachelor's degree preferably in regulatory affairs, business, organizational or compliance law, or financial services.
- Eight years related experience at a large financial institution performing legal, compliance, or other duties such as risk management and/or project management.
- Strong working knowledge on cybersecurity risks, frameworks, best practices and industry/regulatory requirements.
- Strong knowledge on cybersecurity risks, frameworks, best practices and industry/regulatory requirements. Knowledge and experience in use of cyber security frameworks in assessing programs.
Nice-to-haves
- Master's degree or MBA and eight years of experience or an equivalent combination of education and work experience.
- Experience with Risk and Control self-assessments, from control design and definition to risk identification and testing methodologies.
- Experience with Cybersecurity Risk Assessments utilizing threats and industry frameworks.
- Knowledge and understanding of MITRE ATT&CK TTPs, NIST 800.30, NIST CSF 2.0, etc.
- Cybersecurity certifications such as CISA, CISSP.
Benefits
- Medical, dental, vision, life insurance, disability, accidental death and dismemberment.
- Tax-preferred savings accounts.
- 401k plan.
- No less than 10 days of vacation during the first year of employment.
- 10 sick days.
- Paid holidays.
- Defined benefit pension plan, restricted stock units, and/or a deferred compensation plan may be available.
