Cybersecurity Assurance Program Team Lead
Job Description : Job Description
The Cybersecurity Assurance Program Team Lead will serve as a subject matter expert for their assigned team as it relates to the processes of cyber risk and maturity assessment. As a lead, this role requires strong analytical, critical thinking, and creative problem solving capabilities to respond evaluate cyber risk and maturity at an enterprise level. This role requires a detailed working knowledge of current and emerging security technologies, industry trends, and best practices, as well as the ability to strongly and effectively communicate this knowledge and make recommendations on future direction for the Cyber Security program of the bank. Performs periodic quality assessments to ensure relevant processes and procedures are being performed as expected and planned, and provide recommendations for noted deficiencies. Represent assigned team on cross-functional IT project teams, as necessary. Provide consistent mentorship, thought leadership, consulting, training, and hands-on assistance to fellow teammates and partners as it relates to their area of expertise. Monitor and delegate incoming workflow to peers and appropriate teammates, when required.
- Assist the Cybersecurity Assurance Program Manager with maintaining the Cybersecurity Assurance program for measuring SunTrust's enterprise-wide cybersecurity maturity and risk posture assessments using the NIST Cybersecurity Framework (CSF) and other frameworks.
- Interface and partner with designated stakeholders and subject-matter-experts that own cybersecurity controls/capabilities within the following areas: Information Security (Governance, Identity and Access Management, Security Operations, Incident Response, Threat Intelligence, Countermeasures, Architecture/Engineering, Vulnerability Management), Business Continuity Management, Production Services, Application Development, Enterprise Architecture, Physical Security, Sourcing, and Third Party Risk Management.
- Assist stakeholders with updating the enterprise-wide cybersecurity risk assessment and the NIST CSF cybersecurity maturity self-assessment on an ongoing basis and with identifying risks, issues, and controls within these areas.
- Identify issues or gaps from other sources such as internal audit, external audit, regulatory matters, and risk management partners to inform cybersecurity maturity and risk posture.
- Ensure remediation plans and milestones are in place for gaps/issues identified during self-assessments, and monitor status until completion.
- Assist with reporting to the Board of Directors, Operational Risk Committees, Audit Committee, executive management, and regulators for cybersecurity maturity and risk assessments. This includes coordinating the collection and maintenance of data needed to meet reporting needs.
- Assist the Cybersecurity Assurance Program Manager with overall program and team management activities.
- Provide guidance and coaching to team members for assessments.
- Develop and maintain an ongoing understanding of changes affecting the organization's cybersecurity posture.
- Apply the organization's risk tolerance and risk management approach in evaluating the cybersecurity posture and in escalating matters of significance.
- Monitor industry trends and emerging threats and vulnerabilities and based on analysis, assist with the development of recommendations to senior management for any changes SunTrust's target tier for the NIST categories.
- Educate assessment stakeholders regarding the enterprise-wide cybersecurity maturity and risk assessments, and provide routine awareness.
- Be an advocate to strengthen overall compliance such as identifying opportunities for implementation of systemic controls over manual, human controls, and preventative controls over detective.
- Bachelor's degree and 8 years of experience in IT security or an equivalent combination of education and work experience.
- Deep specialized and/or broad functional knowledge.
- Sound understanding of business and organizational strategies and processes.
- Ability to interpret internal and external business challenges and recommend best practices.
- Ability to lead complex projects.
- Sophisticated analytical skills and the ability to solve complex technical and business problems.
- Ability to influence others at senior levels to adopt a new perspective.
- Bachelor's degree or above and 8 or more years of experience in Information Security, IT Audit, or an equivalent combination of education and work experience.
- Prior project management experience.
- Experience in leading large-scale complex projects from beginning to end. Certifications in CISSP, CISA and/or CISM. Proficient with Word, Excel, PowerPoint, and IT GRC tools.
- Banking or financial services experience. Working knowledge of laws, regulations, and industry requirements related to Information Security (i.e. FFIEC, SOX, GLBA, HIPAA, and PCI).
Equal Opportunity Employer: SunTrust supports a diverse workforce and is a Drug Testing and Equal Opportunity Employer. SunTrust does not discriminate against individuals on the basis of race, creed, color, gender, religion, national origin, age, disability, veteran status, pregnancy, marital status, citizenship status, sexual orientation, gender identity, genetic information, or any other classification protected by applicable laws.
To review the EEO Poster, copy and paste the following link into your browser: http://www1.eeoc.gov/employers/upload/eeoc_self_print_poster.pdf http://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf