- Assist with establishing and maintaining the Cybersecurity Assurance program for measuring SunTrust’s compliance with Cybersecurity frameworks (e.g. NIST Cybersecurity Framework (CSF) and other frameworks).
· Interface and partner with designated stakeholders and subject-matter-experts that own cybersecurity controls/capabilities within the following areas: Information Security (Governance, Identity and Access Management, Security Operations), Business Continuity, Production Services, Application Development, Architecture, Incident Response, Physical Security, Sourcing, and Third Party Risk Management. Assist stakeholders with updating the NIST CSF Cybersecurity self-assessment results/posture on an ongoing basis and with identifying risks, issues, and controls within these areas.
· Ensure remediation plans and milestones are in place for gaps/issues identified during self-assessments, and monitor status until completion.
· Identify issues or gaps from other sources such as internal audit, external audit, regulatory matters, and Operational Risk Managers to inform the cybersecurity posture.
· Assist with reporting to the Board of Directors, Operational Risk Committees, Audit Committee, executive management, and regulators on the NIST Cybersecurity Framework posture and other frameworks posture. This includes coordinating the collection and maintenance of data needed to meet reporting needs.
· Develop and maintain an ongoing understanding of changes affecting the organization's cybersecurity posture. Apply the organization's risk tolerance and risk management approach in evaluating the cybersecurity posture and in escalating matters of significance.
· Assist with evaluating compliance with new cybersecurity regulations (SWIFT, NYDFS, etc) as they are issued and applicable.
· Monitor industry trends and emerging threats and vulnerabilities and based on analysis, assist with the development of recommendations to senior management for any changes SunTrust’s target tier for the NIST categories.
· Educate control owners regarding the NIST Cybersecurity Framework and other frameworks, and provide routine awareness.
· Be an advocate to strengthen overall compliance such as identifying opportunities for implementation of systemic controls over manual, human controls, and preventative controls over detective.
Bachelor’s degree and 8 years of experience in IT security or an equivalent combination of education and work experience. Deep specialized and/or broad functional knowledge. Sound understanding of business and organizational strategies and processes. Ability to interpret internal and external business challenges and recommend best practices. Ability to lead complex projects. Sophisticated analytical skills and the ability to solve complex technical and business problems. Ability to influence others at senior levels to adopt a new perspective.
Bachelor’s degree or above and 5 or more years of experience in Information Security, IT Audit, or an equivalent combination of education and work experience. Prior project management experience. Experience in leading large-scale complex projects from beginning to end. Certifications in CISSP, CISA and/or CISM. Proficient with Word, Excel, PowerPoint, and IT GRC tools. Banking or financial services experience. Working knowledge of laws, regulations, and industry requirements related to Information Security (i.e. GLBA, SOX, HIPAA, HITECH, FFIEC, and PCI).
Equal Opportunity Employer: SunTrust supports a diverse workforce and is a Drug Testing and Equal Opportunity Employer. SunTrust does not discriminate against individuals on the basis of race, creed, color, gender, religion, national originTo review the EEO Poster, copy and paste the following link into your browser: http://www1.eeoc.gov/employers/upload/eeoc_self_print_poster.pdf http://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf