· Assist with establishing and maintaining the Cybersecurity Assurance program for measuring SunTrust’s compliance with Cybersecurity frameworks (e.g. NIST Cybersecurity Framework and other frameworks).
· Interface and partner with designated stakeholders and subject-matter-experts that own cybersecurity controls such as Information Security (Governance, Identity and Access Management, Security Operations), Business Continuity, Fraud, Production Services, Application Development, Architecture, Incident Response, Physical Security, Sourcing, and Third Party Risk Management. Assist stakeholders with developing and updating cybersecurity controls on an ongoing basis.
· Identify and maintain an inventory of control owners, associated controls and procedures, and the mapping of the controls and procedures to the NIST Cybersecurity Framework and other frameworks.
· Publish testing requirements, testing schedules, and reporting of associated results, if needed.
· Ensure policies and procedures are mapped to the frameworks.
· Ensure remediation plans and milestones are in place for gaps/issues identified during self-assessments, and monitor status until completion.
· Identify issues or gaps from other sources such as internal audit, external audit, regulatory matters, and Operational Risk Managers to inform the cybersecurity posture.
· Assist with the establishment and coordination of an attestation process for control owners on a recurring basis.
· Assist with reporting to the Board of Directors, Operational Risk Committees, Audit Committee, executive management, and regulators on the NIST Cybersecurity Framework posture and other frameworks posture. This includes coordinating the collection and maintenance of data needed to meet reporting needs.
· Develop and maintain an ongoing understanding of changes affecting the organization's Cybersecurity posture. Apply the organization's risk tolerance and risk management approach in evaluating the cybersecurity posture and in escalating matters of significance.
· Assist with evaluating compliance with new cybersecurity regulations as they are issued and applicable.
· Monitor industry trends and emerging threats and vulnerabilities and based on analysis, assist with the development of recommendations to senior management for any changes SunTrust’s target tier for the NIST categories.
· Prepare, distribute, and maintain procedures related to ownership of controls and the associated requirements. Educate control owners regarding the NIST Cybersecurity Framework and other frameworks, and provide routine awareness.
· Be an advocate to strengthen overall compliance such as identifying opportunities for implementation of systemic controls over manual, human controls, and preventative controls over detective.
Bachelor’s degree and 8 years of experience in IT security or an equivalent combination of education and work experience. Deep specialized and/or broad functional knowledge. Sound understanding of business and organizational strategies and processes. Ability to interpret internal and external business challenges and recommend best practices. Ability to lead complex projects. Sophisticated analytical skills and the ability to solve complex technical and business problems. Ability to influence others at senior levels to adopt a new perspective.
Bachelor’s degree or above and 5 or more years of experience in Information Security, IT Audit, or an equivalent combination of education and work experience. Prior project management experience. Experience in leading large-scale complex projects from beginning to end. Certifications in CISSP, CISA and/or CISM. Proficient with Word, Excel, PowerPoint, and IT GRC tools. Banking or financial services experience. Working knowledge of laws, regulations, and industry requirements related to Information Security (i.e. GLBA, SOX, HIPAA, HITECH, FFIEC, and PCI).
Equal Opportunity Employer: SunTrust supports a diverse workforce and is a Drug Testing and Equal Opportunity Employer. SunTrust does not discriminate against individuals on the basis of race, creed, color, gender, religion, national originTo review the EEO Poster, copy and paste the following link into your browser: http://www1.eeoc.gov/employers/upload/eeoc_self_print_poster.pdf http://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf