I am...

Summary Information about the Role and Company Overview

Harness your expertise to shape robust cybersecurity strategies and safeguard critical assets. Your leadership will be pivotal in enhancing our resilience against evolving global cyber threats.

As a Cybersecurity Intelligence Vice President on our Cybersecurity Operations Publications team, you will play a critical role in safeguarding the firm's digital assets and infrastructure from cyber threats. Responsible for identifying, assessing, and mitigating risks, you will inform and influence control measures across the organization. Your expertise in analyzing complex issues and developing innovative solutions, along with your ability to collaborate with diverse teams, will be crucial in enhancing the firm's security posture. As a subject matter expert, you will contribute to strategic cybersecurity initiatives and continuously improve our threat detection and response capabilities. Your work significantly impacts the firm's operations, fiscal management, public image, employee morale, and client relationships.

• Develop and support the creation of reports and presentations for internal and external stakeholders
• Tailor publications to both technical and non-technical audiences as needed
• Collaborate with cybersecurity analysts and stakeholders to gather information and ensure accuracy and completeness of reports
• Work under pressure with engagement leads, technical analysts, and subject matter experts in a fast-paced cybersecurity environment to ensure timely product release
• Ensure consistency and accuracy across the entire publications catalog, maintaining a high standard of quality
• Represent cybersecurity operations at governance forums to present the latest cyber threats
• Assess and enhance the value delivered to our customers through effective reporting and communication
• Create and manage templates for various types of cybersecurity publications to ensure consistency and professionalism
• Review and edit documentation produced by other team members for clarity, grammar, factualness, and technical accuracy
• Develop training materials on effective communication and writing strategies and guide colleagues in the following best practices
• Build and maintain strong relationships with partners and stakeholders to achieve operational goals and business objectives and stay up-to-date on the latest cybersecurity trends, threats, and best practices to ensure our publications reflect current knowledge and standards

Required Qualifications

• 5+ years of experience in cybersecurity, focusing on threat intelligence, analysis, and mitigation
• Strong understanding of cybersecurity concepts, terminology, and best practices
• Excellent written and verbal communication skills
• Proven ability to create, design, and deliver high-quality presentation materials
• Strong attention to detail and commitment to producing high-quality work
• Ability to fix and clearly explain common and complex grammatical and structural errors in written documents and fact-check information as required
• Proficiency in using documentation tools and software (Microsoft Office, Confluence, SharePoint, Adobe Acrobat, etc.)
• Strong interpersonal skills with the ability to interact and collaborate with various teams and stakeholders
• Ability to work independently and manage multiple projects simultaneously

Preferred Qualifications

• Proficiency in using documentation tools and software (Microsoft Office, Confluence, SharePoint, Adobe Acrobat, etc.)
• 3+ years of experience in technical writing and editing, preferably within the cybersecurity or IT industry
• Strong interpersonal skills with the ability to interact and collaborate with various teams and stakeholders
• Ability to work independently and manage multiple projects simultaneously
• Relevant certifications (CompTIA Security+, CompTIA CySA+, CISSP) are a plus

NA

Job Description Summary

The AVP of Information Security is part of the organization's Enterprise Risk Management team and contributes to the enterprise-wide information security program to ensure that information assets are adequately protected. This role will help lead our organization's security initiatives and protect sensitive information assets by overseeing the development, implementation, and management of our information security program, ensuring compliance with industry regulations and best practices. You will collaborate with all levels of leadership and cross-functional teams to assess risks, enhance security measures, and respond to incidents effectively. This position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the organization. Position requires sound knowledge of business management and a working knowledge of information security practices, technologies, and control frameworks. Serves a vital role in assurance activities related to the availability, integrity and confidentiality of member, business partner, employee and business information in compliance with information security policies and standards. The AVP of Information Security must be highly knowledgeable about the business environment, possess the ability to successfully work with stakeholders to identify safe ways to empower business objectives, and ensure that information systems are maintained in a functional and secure manner.

Company Overview

NA

• Monitors essential processes to ensure compliance with policies, standards, practices, and guidelines. Assists with information security compliance.
• Owns business relationships with executive and other leadership stakeholders to drive enhancements to security posture.
• Manages and executes the information security risk assessment process, including reporting and oversight of treatment efforts.
• Supports PCI-DSS compliance program and ensures successful audits.
• Supports penetration testing, vulnerability assessments, social engineering testing, risk analysis, and remediation.
• Manages Information Security risk management activities, vendor reviews, asset inventories, third-party risk, and remediation.
• Supports the information security training program.
• Develops and supports information and access management initiatives.
• Builds a culture focused on security and risk environment improvement.
• Supports evaluations of internal control maturity against best practices and frameworks like NIST-CSF.
• Maintains and produces policies, procedures, and standards documents.
• Provides reporting and measurements of program effectiveness.
• Supports the management of security incidents to protect corporate assets.
• Monitors threat environment for emerging threats and advises stakeholders.
• Coordinates external resources involved in the information security program.
• Conducts user access reviews and identity management monitoring.
• Manages documentation, requests processing, training, and projects.
• Participates in meetings with vendors and key stakeholders.
• Maintains tracking metrics and reporting on information security risks.
• Prepares and delivers metrics-based presentations.
• Keeps abreast of industry trends and serves as a subject matter expert.
• Supports strategic growth and operational evolution of the Department.
• Ensures integrity within department operations.
• Creates a workplace culture consistent with organizational values.
• Supports information security initiatives and projects throughout the organization.
• Supports other Risk Management department programs and initiatives.
• Manages and supports creation of new processes for information security.
• Engages in discovery techniques to identify information security risks.
• Trains with other information security team members to promote a holistic program.

Required Qualifications

• Bachelor's Degree in Computer Sciences, Business Administration or a technology-related field, and/or equivalent work or education related experience.
• 5 to 10 years in Information Security/Cyber Security.
• Information Security program management experience.
• Moderate to Advanced Skills with MS-Excel, MS-Word, and MS-PowerPoint.
• Strong communication skills, ability to lead work efforts, and self-starter.
• Strong propensity for action and ownership.
• Experience in supporting an effective control environment.
• Proficient in writing and creating program documentation.

Preferred Qualifications

• Post-Graduate Degree.
• Certified Information Systems Security Professional (CISSP).
• Certified Information Security Manager (CISM).
• Certified Information Systems Auditor (CISA).
• Financial Services experience.
• Leadership experience and executive presence.
• Working knowledge of Enterprise Risk Management principles/frameworks.

Hiring Range and Benefits

The hiring range for this position is $140,000 to $160,000 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. Select benefits may be provided as part of the compensation package, such as medical, financial, and/or other benefits. To learn more about our benefits visit: https://jobs.disneycareers.com/benefits

Responsible for developing and maintaining the technical IT / cyber security capabilities necessary for safeguarding the firm's information systems and applications (software development lifecycle), including every phase of the SDLC and software stack. Design, plan, test and implement phases of cybersecurity technology projects.

Telecommuting/Remote workstyle may be considered for well-qualified individuals located outside of the Truist footprint. Teammate will work hours supporting Eastern Standard Time

• Develop and maintain the technical IT/cyber capabilities including all phases of the software development lifecycle and software stack which includes threat modeling of application designs, static application security testing (SAST), software composition analysis (SCA), dynamic application security testing (DAST), and penetration testing.
• Lead efforts related to designing, planning, enhancing, and testing all cybersecurity technologies used throughout the enterprise including base-lining current systems, trend analysis, and capacity planning as required for future systems requirements and new technologies.
• Analyze information to determine, recommend, and plan the use of new information security technologies, or modifications to existing equipment and systems that will provide capability for proposed project or workload, efficient operation and effective use of allotted resources.
• Lead the implementation of new information security technologies or integration of existing technologies including initial configuration, installation, change management, and operational handoff.
• Use sophisticated analytical thought through models, testing, and experience to exercise judgment and identify innovative solutions.
• Responsible for technical support of information security technologies providing expert problem analysis and resolution in a timely manner.
• Leads teams or projects with moderate resource requirements, risk, and complexity.

Required Qualifications:

• Bachelor’s degree and eight years of experience in systems engineering or administration or an equivalent combination of education and work experience.
• Deep specialized and/or broad functional knowledge in applied enterprise information security technologies including but not limited to firewalls, intrusion detection/prevention systems, network operating systems, identity management, database activity monitoring, encryption, content filtering, and Mainframe security.
• Previous experience in leading complex IT projects.

Preferred Qualifications:

• Banking or financial services experience.
• 3 - 5 years experience in the following: Scripting languages: Powershell, Python, or Javascript; DevOps Tools: Git, Gitlab, Azure DevOps.
• 3 - 5 years experience Data Analysis, Data Aggregation, and Data Visualization using any of the following: Database Platforms (MS SQL, Oracle, DB2, Netezza, SAP HANA, Postgres).
• 3 - 5 years experience in administration of any combination of the following systems: Windows Servers/Workstation, Linux/Unix Servers Workstations, Active Directory Administration, Entra ID Administration, Network Security Administration Experience with switches/firewalls/IPS/IDS.
• CISSP Certification.
• 2 - 4 years of Project Management or leading Projects.
• 1 - 2 years experience with a Privileged Access Management Solution (i.e., CyberArk, BeyondTrust, Delinea, etc.).

Telecommuting/Remote workstyle may be considered for well-qualified individuals located outside of the Truist footprint. Teammate will work hours supporting Eastern Standard Time

Other Job Requirements / Working Conditions

Sitting

Constantly (More than 50% of the time)

Visual / Audio / Speaking

Able to access and interpret client information received from the computer and able to hear and speak with individuals in person and on the phone.

Manual Dexterity / Keyboarding

Able to work standard office equipment, including PC keyboard and mouse, copy/fax machines, and printers.

Availability

Able to work all hours scheduled, including overtime as directed by manager/supervisor and required by business need.

Travel

Minimal and up to 10%

General Description of Available Benefits for Eligible Employees of Truist Financial Corporation: All regular teammates (not temporary or contingent workers) working 20 hours or more per week are eligible for benefits, though eligibility for specific benefits may be determined by the division of Truist offering the position. Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates. Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays. For more details on Truist’s generous benefit plans, please visit our Benefits site. Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan. As you advance through the hiring process, you will also learn more about the specific benefits available for any non-temporary position for which you apply, based on full-time or part-time status, position, and division of work.

Truist supports a diverse workforce and is an Equal Opportunity Employer that does not discriminate against individuals on the basis of race, gender, color, religion, citizenship or national origin, age, sexual orientation, gender identity, disability, veteran status or other classification protected by law. Truist is a Drug Free Workplace.

EEO is the Law [Pay Transparency Nondiscrimination Provision](https://www.dol.gov/sites/dolgov/files/OFCCP/pdf/pay-transp_ English_formattedESQA508c.pdf) E-Verify