"Alerted.org

The position is described below. If you want to apply, click the Apply Now button at the top or bottom of this page. After you click Apply Now and complete your application, you'll be invited to create a profile, which will let you see your application status and any communications. If you already have a profile with us, you can log in to check status.

Need Help? (https://pp-cdn.phenompeople.com/CareerConnectResources/prod/TBJTBFUS/documents/Career\_site\_FAQ-1758133253710.pdf)

_If you have a disability and need assistance with the application, you can request a reasonable accommodation. Send an email to_ Accessibility ([email protected]?subject=Accommodation%20request)

_(accommodation requests only; other inquiries won't receive a response)._

Regular or Temporary:

Regular

**Language Fluency:** English (Required)

Work Shift:

1st shift (United States of America)

Please review the following job description:

Serve as the independent oversight and effective challenge function (BU CRO) The Senior Technology Risk Officer will serve as a strategic Risk Oversight leader for Information Risk Oversight (IRO) program transformation efforts; assist Chief Information Risk Officer (CIRO) and senior leadership team with oversight process re-engineering, sustainability and optimization. They evaluate policies and standards for Enterprise-wide application and impact. Provide guidance to senior leaders across the company on critical / significant control failures and issues; use judgment to escalate significant issues and emerging risks; serve as senior risk advisor on technology strategy.

This leader will partner across the IRO team to lead efforts on the continuous monitoring program, shared services framework enhancements, strategy oversight and alignment, and focus on AI business case development and/or support.

Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.

1. Technology Risk Leadership - Provide independent risk oversight (i.e. second line of defense/LOD2) enterprise-wide for Enterprise Control Functions through the effective identification, mitigation, monitoring and reporting of operational, technology, compliance and strategic risks within the ECFs;

2. Strategic Alignment- Provide strategic risk advisory to ECF leads, i.e. the Chief Information Security Officer, the Chief Data Officer, the Chief Technology Officer, etc that supports the Truist organization’s strategies and objectives while operating within established risk appetites. Provide effective challenge of the ECF Strategy for Truist;

3. Industry engagement- lead engagement of peer institution second line functions to influence the industry build of the tech risk functions;

4. Targeted control testing- lead execution of independent second line testing / evaluations (e.g. Red Team / Penetration Testing); work is typically commissioned by the Board, the CEO and / or the CRO;

5. Value Delivery – Ensure that resources, activities and initiatives are aligned to enable and sustain achievement of business objectives within forecasted spend rates while reducing risks;

6. Provide independent assessment and oversight of the maturity of technology risk domains (e.g. Cyber, Service Delivery and Operations, Data Management, etc) and adequacy of controls pertaining to domains in meeting agreed to business outcomes for performance, stability, security and service availability. Assessments should leverage agreed upon metrics produced by Business Unit Risk Management (BURM) /first line of defense – LOD1) but challenged and validated as appropriate;

7. Independent Challenge of LOD1 assessments - Review and attest to/challenge adequacy of risk assessments (i.e. Risk & Control Self-Assessments, Application Assessments, Change Risk Assessments) produced by BURM;

8. Committee Engagement – Serve as member of the Technology Risk Committee and participate in the Enterprise and Board Risk Committees and the Board Technology Committee, when applicable for Technology Risk related topics;

9. Regulatory Engagement Oversight - Ensure effectiveness and structure in regulatory engagement practices, including responses out of the impacted ECF group;

10. Training and Communication - Encourage and monitor risk education, skills training and adoption of goals to drive improved risk culture and awareness across the enterprise;

11. Policy & Standard Leadership – Engage on ECF Risk policy governance, as well as, policies, standards, procedures owned by areas of oversight. Provide direction and guidance in the development, implementation and communication of policies, procedures and standards. Oversight of multiple enterprise-wide policies;

12. Third Party Management Risk Oversight - Monitor, assess and challenge as appropriate significant third-party and vendor relationships within Enterprise Technology;

13. Cross-Organizational Communication - Develop and maintain effective channels of communication with other BU CROs, control functions, Senior Business Unit (BU) management, as well as regulatory agencies;

14. Talent Management - Lead, manage and develop teammates directly and indirectly; influence cybersecurity talent management through recommendations to Truist senior leadership, including the Board of Directors, to inform decisions on resource allocations to close control gaps;

15. Participate in applicable mergers and acquisition target evaluation and develop independent risk analyses where needed

Qualifications

Required Qualifications:

The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

1. Advanced degree in business or financial-related discipline, or equivalent education and related training

2. Twenty years of experience or equivalent proficiency in managing people with demonstrated high competency in recruiting, developing, and coaching/mentoring

3. Fifteen years of experience in a financial institution (or large corporate equivalent) with emphasis on risk management or equivalent work experience

4. Ten years of large ECF and related technology operations, including extensive knowledge of technology policy, procedures and regulations

5. Knowledge of key technology rules/regulations and technology risk management practices (e.g. Federal Financial Institutions Examination Council (FFIEC), Control Objectives for Information and Related Technology (COBIT), NIST (National Institute of Standards and Technology), Information Technology Infrastructure Library (ITIL)).

6. Strong leadership skills including the ability to lead direct and indirect teammates

7. Excellent communication (verbal and written), presentation and facilitation skills; ability to influence and communicate with impact

8. Experience presenting to Executive Leadership and Board level

9. Superior ability to think critically and strategically

Preferred Qualifications:

1. Twenty years of experience in a financial institution with emphasis on risk management or equivalent work experience

2. Professional designations such as Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (Information Systems Audit and Control Association) (CRISC), Certified Project Manager (CPM)

3. Strategic business and financial planning experience

4. Experience with audit processes and techniques

**General Description of Available Benefits for Eligible Employees of Truist Financial Corporation:** All regular teammates (not temporary or contingent workers) working 20 hours or more per week are eligible for benefits, though eligibility for specific benefits may be determined by the division of Truist offering the position. Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates. Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays. For more details on Truist’s generous benefit plans, please visit our Benefits site (https://benefits.truist.com/)

. Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan. As you advance through the hiring process, you will also learn more about the specific benefits available for any non-temporary position for which you apply, based on full-time or part-time status, position, and division of work.

_Truist is an Equal Opportunity Employer that does not discriminate on the basis of race, gender, color, religion, citizenship or national origin, age, sexual orientation, gender identity, disability, veteran status, or other classification protected by law. Truist is a Drug Free Workplace._

EEO is the Law (https://www.eeoc.gov/sites/default/files/2022-10/EEOC\_KnowYourRights\_screen\_reader\_10\_20.pdf)

E-Verify (https://pp-cdn.phenompeople.com/CareerConnectResources/prod/TBJTBFUS/documents/E-Verify\_Participation\_Poster-1757074518541.pdf)

IER Right to Work (https://pp-cdn.phenompeople.com/CareerConnectResources/prod/TBJTBFUS/documents/IER\_RightToWorkPoster-1757074222028.pdf)