Information Security Officer
Truist
The position is described below. If you want to apply, click the Apply Now button at the top or bottom of this page. After you click Apply Now and complete your application, you'll be invited to create a profile, which will let you see your application status and any communications. If you already have a profile with us, you can log in to check status.
If you have a disability and need assistance with the application, you can request a reasonable accommodation. Send an email to Accessibility (accommodation requests only; other inquiries won't receive a response).
Regular or Temporary:
RegularLanguage Fluency: English (Required)
Work Shift:
1st shift (United States of America)Please review the following job description:
The information security officer will be a member of the Business Information Security Officer’s (BISO) organization and work closely with the line of business, delivery managers, infrastructure teams, development teams, and other IT teammates. The BISO organization provides cyber services and advises on information security within the respective business areas. This improves awareness of cyber threats and risks that impact business objectives. In this role, you will be supporting business and delivery teams to develop a deep understanding of the Enterprise Payments business unit to have specialized information security risk-based discussions. You will also provide guidance on information security topics, policies, mitigation strategies, procedures, and controls.Essential Duties and Responsibilities: Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.
- Serves as a cyber security Subject Matter Expert (SME), coordinating, and providing multi-disciplinary knowledge, skills, and experience in security architecture and security management roles and responsibilities. Manage the security processes and effectively ensure guidance in accordance with standards and policies.
- Point of contact for business partners and delivery teams requiring advice and guidance on cyber security related topics. Manages and responds to cyber security related requests from across the business in coordination with the BISM.
- Provides consulting services on current and upcoming projects covering all levels of security requirements.
- Creates and improves business processes in coordination with the BISM and business stakeholders.
- In partnership with the BISM, advises business and delivery management on risk issues related to information security and recommends actions in support of the bank’s wider risk management and compliance programs.
- Monitors information security trends, policies and applicable regulations and keeps the business and delivery teams informed about information security related issues. Ensures compliance with relevant industry standards, regulations, and legal requirements.
- Collaborates with risk partners on info security priorities. Assists Delivery teams and business unit with the development of remediation plans for system security threats and risk.
- Tracks and monitors security performance indicators and core metrics to measure and improve security posture.
- Collaborate with security domains, peers, delivery, risk, and other stakeholders to share best practices, security goals and objectives, and manage expectations.
Required Qualifications:
The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Ability to build strong partner relationships with peer technology groups and supported business unit.
- Exceptional executive presentation and communication skills.
- Strong leadership skills, self-starter
- Team management, stakeholder management, communication, and interpersonal skills. Ability to analyze complex security issues and provide timely and effective solutions.
- Familiarity with core concepts of network security, security architecture, security operation, vulnerability management, cloud security, application security, security awareness program, and threat intelligence.
- Strong knowledge of cyber security and privacy principles frameworks, and best practices (eg NIST, SWIFT, SOX, GLBA, PCI DSS)
- Team management, stakeholder management, communication, and interpersonal skills. Ability to analyze complex security issues and provide timely and effective solutions.
- Ability to comprehend and communicate the technical concepts related to cybersecurity to individuals having varying degrees of technical understanding. Strong planning and project management skills and willingness to follow up on tasks and act effectively in cross functional situations.
- Experience evaluating cyber security controls and providing guidance for computing platforms.
- Possess strong/experienced application development and/or application security background, with solid knowledge of SDLC from design, testing, deployment to post-production and the risk elements associated with each step.
- Bachelor’s degree and six to eight years of experience in systems engineering or administration or an equivalent combination of education and work experience.
Preferred Qualifications:
- Familiarity with payments related (wire transfer, ACH, faster payments) banking regulations as well as industry guidelines such as SWIFT, FedLine and ISO20022.
- Master’s degree or MBA and ten years of experience or an equivalent combination of education and work experience
- CISSP Certification
- Banking or financial services experience
- Other security certifications (e.g. CCNA Security, GSEC, GCED, GPPA, etc.)
- Other technical Certifications (e.g. CCNA, RHCE, MCSE, etc.)
About the BISO Program:
- Defines and communicates information security responsibilities and accountability throughout the enterprise by integrating cybersecurity into the lines of business.
- Assists business units and associated technology teams, in partnership with cyber control owners, to interpret cybersecurity policies and standards to comply with and balance risks.
- Partners with lines of business, technology teams and risk partners to identify, assess, monitor, escalate and mitigate cybersecurity risks for the business area.
- Ensures teammates within lines of business understand cyber risk posture, regulatory issues, and internally identified findings to effectively manage risk.
General Description of Available Benefits for Eligible Employees of Truist Financial Corporation: All regular teammates (not temporary or contingent workers) working 20 hours or more per week are eligible for benefits, though eligibility for specific benefits may be determined by the division of Truist offering the position. Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates. Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays. For more details on Truist’s generous benefit plans, please visit our Benefits site. Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan. As you advance through the hiring process, you will also learn more about the specific benefits available for any non-temporary position for which you apply, based on full-time or part-time status, position, and division of work.
Truist supports a diverse workforce and is an Equal Opportunity Employer that does not discriminate against individuals on the basis of race, gender, color, religion, citizenship or national origin, age, sexual orientation, gender identity, disability, veteran status or other classification protected by law. Truist is a Drug Free Workplace.
EEO is the Law Pay Transparency Nondiscrimination Provision E-Verify