Director, Cybersecurity Risk Management
Job Description
The position is described below. If you want to apply, click the Apply Now button at the top or bottom of this page. After you click Apply Now and complete your application, you'll be invited to create a profile, which will let you see your application status and any communications. If you already have a profile with us, you can log in to check status.
If you have a disability and need assistance with the application, you can request a reasonable accommodation. Send an email to Accessibility (accommodation requests only; other inquiries won't receive a response).
Regular or Temporary:
RegularLanguage Fluency: English (Required)
Work Shift:
1st shift (United States of America)Please review the following job description:
Truist is seeking a senior leader to support continued maturation of the Security Governance function within Truist Protection Services (TPS). Reporting to the Head of Security Governance, this role will play a key role in the strategic direction for the management of cyber risks, issues, and controls across TPS to scale governance and accelerate decision-making.This leader will translate key drivers, regulatory expectations, and emerging threats into a coherent program strategy and operating model. The role partners closely with other Security Governance functions (Process, Risk and Control; Policy and Standards Governance and Adherence; Assessments; Third-Party Risk; Issue Management), second line Risk, Audit, Business Information Security Officers (BISOs), Technology, Legal, and business stakeholders to strengthen Truist's cyber risk posture and reduce time-to-remediation at scale.
The ideal candidate has led cybersecurity risk, issue management, and/or controls functions in a large, regulated environment; can translate technical risk into clear business decisions; and can drive measurable program outcomes through both strong governance discipline and modern, technology-enabled execution.
ESSENTIAL DUTIES AND RESPONSIBILITIES
Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.
This role leads the governance of a portfolio of issues and related remediation activities. Responsibilities will evolve as the program scales and matures.
Define and execute program strategy. Establish the vision, operating model, and multi-year roadmap aligning to key drivers, regulatory expectations, enterprise risk appetite, and TPS priorities.
Own end-to-end management of a portfolio of issues —including intake, classification, prioritization, root-cause analysis, action plan quality, remediation tracking, escalation, and closure validation.
Drive issue management and mitigation. Identify, document, coordinate, and execute (as applicable) issue management and mitigation activities; partner with control and process owners to ensure timely, sustainable remediation and reduction of repeat findings.
Govern controls design and operation. Lead the creation, documentation, and ongoing management of cybersecurity controls as applicable—ensuring controls are well-defined, mapped to applicable frameworks and regulations, testable, and continuously monitored for effectiveness.
Embed agentic AI and automation. Champion a culture of innovation by applying agentic AI, intelligent workflows, and advanced analytics to issue management, control monitoring, evidence collection, and executive reporting—reducing manual effort and accelerating insight.
Partner across Security Governance. Coordinate seamlessly with Process, Risk and Control; Policy and Standards Governance and Adherence; Assessments; Third-Party Risk; and other Security Governance functions to ensure a consistent, integrated governance experience for TPS.
Engage the three lines of defense. Build strong partnerships and influence outcomes across first line TPS teams, second line Risk and Compliance, and third line Audit—aligning oversight expectations, strengthening issue management discipline, and reducing residual risk.
Support regulatory and audit engagements. Lead timely, accurate, and well-evidenced responses to regulatory exams and internal audit activities; ensure sustainable remediation and strong control evidence.
Deliver executive-ready reporting. Produce concise, decision-grade materials for senior leadership and governance committees, highlighting top risks, issue trends, control health, and prioritized actions.
Build and develop the team. Hire, develop, and retain a high-performing team of cybersecurity risk, issue management, and controls professionals; set clear goals, provide coaching, and foster a culture of accountability, curiosity, and collaboration.
Embody "we deliver together." Establish strong cross-functional working relationships across TPS, Technology, Legal, Procurement, Enterprise Risk, and business stakeholders to drive shared outcomes.
Qualifications
Required Qualifications
The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
1. Bachelor’s degree in Information Technology, Information Security, Engineering, or related field.
2. Minimum of 10 years of professional experience in technology governance with progressive management responsibilities.
3. Proven experience managing teams and mitigating technology risks at scale.
4. Strong knowledge of regulatory requirements and compliance frameworks.
5. Expertise in governance assessment methodologies, control frameworks, and enterprise vulnerability management.
Preferred Qualifications
Graduate degree (MBA, MS, or similar) and/or industry certifications (e.g., CISSP, CRISC, CISM, CISA).
Experience building or transforming cybersecurity issue management and controls programs at scale (e.g., issue lifecycle automation, control rationalization, continuous control monitoring, integrated GRC platforms).
Experience developing or implementing agentic AI and emerging risk technologies in a GRC context (e.g., AI-assisted root-cause analysis, automated evidence collection, intelligent reporting).
Experience translating regulatory requirements and audit findings into durable control design and sustainable remediation strategies.
Experience leading governance functions within a complex, matrixed financial institution and influencing outcomes across first, second, and third lines of defense.
The annual base salary for this position is $220,000 - $265,000
General Description of Available Benefits for Eligible Employees of Truist Financial Corporation: All regular teammates (not temporary or contingent workers) working 20 hours or more per week are eligible for benefits, though eligibility for specific benefits may be determined by the division of Truist offering the position. Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates. Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays. For more details on Truist’s generous benefit plans, please visit our Benefits site. Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan. As you advance through the hiring process, you will also learn more about the specific benefits available for any non-temporary position for which you apply, based on full-time or part-time status, position, and division of work.
Truist is an Equal Opportunity Employer that does not discriminate on the basis of race, gender, color, religion, citizenship or national origin, age, sexual orientation, gender identity, disability, veteran status, or other classification protected by law. Truist is a Drug Free Workplace.