Truist Cybersecurity Compliance Senior Consultant Cyber Risk Assessment 

United States, North Carolina, Charlotte 

376453395

Regular or Temporary:

English (Required)

1st shift (United States of America)

ESSENTIAL DUTIES AND RESPONSIBILITIES

Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.

• Updates and maintains Truist Cyber Risk Assessment methodology based on current threat landscape and industry frameworks/best practices (NIST 800.30, CIS RAM/Control library, MITTRE ATT&CK) applied to Truist environment.

• Ensure methodology and process is repeatable and auditable and data is socialized with all relevant stakeholders.

• Produces regular reporting on Cybersecurity Risk and Control Library and RCSA.

• Oversees control design and performance and remediation plans to improve control design and performance effectiveness.

• Maintains an up-to-date mapping between Risk and Control library and the current Threat landscape.

• Ensures a holistic and comprehensive list of data sources are incorporated into the Cybersecurity Assessment (control testing results, Cyber Maturity Assessment results, Audit findings, self-identified issues, etc.) while ensuring data completeness and accuracy.

• Produce quarterly materials of Cybersecurity assessment status and remediation actions as well as annual report for management and the Board.

Required Qualifications:

The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Bachelor’s degree preferably in regulatory affairs, business, organizational or compliance law, or financial services.

• Eight years related experience at a large financial institution performing legal, compliance, or other duties such as risk management and/or project management.

• Strong working knowledge on cybersecurity risks, frameworks, best practices and industry/regulatory requirements.

• Strong knowledge on cybersecurity risks, frameworks, best practices and industry/regulatory requirements. Knowledge and experience in use of cyber security frameworks in assessing programs

Preferred Qualifications:

• Master’s degree or MBA and eight years of experience or an equivalent combination of education and work experience.

• Experience with Risk and Control self-assessments, from control design and definition to risk identification and testing methodologies.

• Experience with Cybersecurity Risk Assessments utilizing threats and industry frameworks.

• Knowledge and understanding of MITRE ATT&CK TTPs, NIST 800.30, NIST CSF 2.0, etc.

• Cybersecurity certifications such as CISA, CISSP

Visual / Audio / Speaking

Able to access and interpret client information received from the computer and able to hear and speak with individuals in person and on the phone.

Manual Dexterity / Keyboarding

Able to work standard office equipment, including PC keyboard and mouse, copy/fax machines, and printers.

Able to work all hours scheduled, including overtime as directed by manager/supervisor and required by business need