Expoint – all jobs in one place
Finding the best job has never been easier
Limitless High-tech career opportunities - Expoint

Truist Cybersecurity Manager Third-party Risk Management 
United States, North Carolina, Charlotte 
352975075

31.08.2025

Regular or Temporary:

English (Required)

1st shift (United States of America)***This role is Office Centric 4 days a week in the office in Charlotte***This role will focus on overseeing the Cyber Security third-party risk management framework and lifecycle, including maintenance of the Cyber Security Third-Party Risk Standard and ensuring processes, procedures, and controls are in alignment with the standard. Additionally, this role will also be responsible for Cyber Security third-party risk reporting & metric definition and maintenance.


ESSENTIAL DUTIES AND RESPONSIBILITIES

Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.

  • Enhance and maintain Cyber Third-Party Risk Management standard, policies and procedures.

  • Work closely with Cyber risk partners and Third-Party Risk organizations to ensure cyber risks are properly tracked and reported.

  • Perform Cyber Security third-party risk aggregation and root cause analysis by defining and implementing metrics to ensure appropriate measurement and reporting of risk exposure.

  • Provide regular reporting on Cyber Security Third Party Risk Management and support leadership with risk prioritization and escalation.

  • Ensure Cyber Security requirements/specifications are properly reflected and evaluated through the third-party risk assessment process and appropriate risk rating is assigned based on compensating controls and risk appetite.

  • Analyze findings/deficiencies to ensure appropriate risk rating and risk treatment. Ensure appropriate SMEs are engaged in the decision making (risk acceptance/risk remediation). Escalate to leadership when critical issues are identified.

  • Maintain current understanding of Cyber Security threats, vulnerabilities, and regulatory developments impacting third-party risk.

  • Understand Truist Cyber Security requirements, risk approach, and applicability to Truist Third Parties.

  • Strengthen and sustain proactive risk culture through effective risk-focused management and partnership with risk partners/lines of defense.

  • Serve as a subject matter expert and steward of the Cyber Third-Party Risk Framework (standard requirements, processes, risk criteria) to identify, report and mitigate cyber risks.

  • Drive conversations for appropriate risk treatment with a deep understanding of the risk management processes.

Required Qualifications:

The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

  • Bachelor’s degree and eight years of experience in Cyber Security third-party risk management or performing cyber third-party risk assessments.

  • Deep specialized knowledge on Cyber Security controls and third-party risk management best practices.

  • Deep understanding of SOC2 type 2 reports (scope/coverage, applicability, etc.).

Preferred Qualifications:

  • Master’s degree or MBA and ten years of experience or an equivalent combination of education and work experience.

  • Banking or financial services experience.

  • Experience working with Archer, KY3P and Security Scorecard.

  • Deep understanding of the contracting process (contract negotiation/redlining) .

  • CISSP Certification.

  • Other security certifications: CISA, CRISC,

  • Other technical certifications (e.g. CCNA, RHCE, MCSE, etc.).

  • Certified Third-Party Risk Professional (CTPRP).

Visual / Audio / Speaking

Able to access and interpret client information received from the computer and able to hear and speak with individuals in person and on the phone.

Manual Dexterity / Keyboarding

Able to work standard office equipment, including PC keyboard and mouse, copy/fax machines, and printers.

Able to work all hours scheduled, including overtime as directed by manager/supervisor and required by business need