Director of AI-Driven Third-Party Cyber Risk

Language Fluency: English (Required) Work Shift: 1st shift (United States of America) Job Grade: 114 Please review the following job description: Truist is seeking a senior leader to transform, modernize, and operate the Cybersecurity Third-Party Risk Management (CTPRM) function within Truist Protection Services (TPS). Reporting to the Head of Security Governance, this role will redefine how cyber third-party risk is identified, assessed, and continuously monitored—leveraging agentic AI, automation, and advanced analytics to scale decision-making across Truist’s ecosystem. This leader will drive the evolution from traditional, manual assessment models to intelligent, adaptive, and technology-driven risk management capabilities. The role partners closely with the Enterprise Third Party Risk Operations Function (TPROF), second line Risk, Business Information Security Officers (BISOs), Sourcing, Legal, and Technology teams to strengthen Truist’s cyber supply chain posture at scale. The ideal candidate has led CTPRM teams in a large, regulated environment, can translate technical risk into clear business decisions, and can drive measurable program outcomes at scale. What success looks like

• A modern, intelligence-driven CTPRM Function leveraging agentic AI and automation to reduce manual effort, accelerate assessments, and enable near real-time risk visibility across the third-party ecosystem.
• Measurable improvements in assessment cycle time, signal quality, and automation coverage through the adoption of AI-driven workflows and decision support.
• Executive-ready reporting that highlights top cyber risks, trends, and prioritized remediation actions across critical suppliers and services.
• Strong partnerships across first, second, and third lines of defense and positive outcomes in regulatory and audit engagements. ESSENTIAL DUTIES AND RESPONSIBILITIES

Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time. This role leads the strategy, governance, and delivery of Truist’s cybersecurity third-party risk management Function. Responsibilities will evolve as the Function scales and matures.

• Architect and lead the transformation of the Cyber Third-Party Risk Management (CTPRM) operating model, embedding agentic AI, automation, and intelligent workflows to significantly improve scalability, speed, and risk insight.
• Drive a culture of automation and innovation—challenging legacy processes, reducing manual effort, and continuously identifying opportunities to apply AI and emerging technologies to improve program effectiveness.
• Own the cyber contract deviation (exception) governance process—including intake, risk analysis, decision support, approvals, documentation, and ongoing monitoring/expiration, in partnership with Legal.
• Build, lead, and continuously improve the third-party cybersecurity assessment activities(methodology, scoping, testing/evidence standards, quality assurance) and drive timely remediation of identified Third Party Sub-Issues and risks.
• Leverage agentic AI, technology, data, third-party intelligence, and strategic partners to scale assessment throughput, improve risk signal quality, and increase automation where appropriate.
• Partner with BISOs and business leaders to integrate cyber third-party risk into business decisions, onboarding, change management, and ongoing Third Party performance/risk reviews.
• Hire, develop, and retain a high-performing team of cybersecurity and third-party cybersecurity risk professionals; set clear goals, coaching, and a strong culture of accountability and collaboration.
• Partner with second line Risk to align oversight expectations, strengthen issue management, and reduce Truist’s exposure to cyber supply chain and concentration risk.
• Establish strong cross-functional working relationships and alignment across TPS, Enterprise TPROF, Technology, Procurement, Legal, and business stakeholders, embodying a “we deliver together” culture.
• Support regulatory exams and internal audit engagements related to information security and third-party cybersecurity risk; ensure timely, accurate responses, sustainable remediation, and strong control evidence.

QUALIFICATIONS

Required Qualifications: The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

1. BS IT/ Computer Science / Cyber Security, MIS, Economics, Finance, Operations Management, or a related discipline. MBA or related graduate degree a plus.
2. 15+ years professional experience in top 10 USA banks or other financial institution, consulting firm, and/ or software company, preferably within a merger/acquisition environment with significant transformational change with people, process, and technology.
3. 10+ years information security and third-party security threat and risk assessment and management experience, including using industry frameworks such as ITIL, COBIT, NIST CSF, CIS RAM, MITRE.
4. 2+ years’ experience with digital banking deployed on public cloud platforms and (strong plus) leveraging artificial intelligence technologies.
5. Broad knowledge of Information Security frameworks (e.g., NIST, FFIEC), regulations (SOX, GLBA, NYDFS), functions (Anticipate, Protect, Detect, Respond) and information security controls.
6. Expertise working across IT and business functions and with second and third lines of defense, and regulators.
7. Demonstrates strong relationship management skills. Proven ability to quickly build trust and rapport with others in order to structure problems, build consensus, and negotiate agreement.
8. Proven ability to manage large, deadline-driven projects in a way that reduces risk, ensures predictable results, meets or exceeds its timeline.
9. Thrives in a fast-paced environment, can think and act both tactically and strategically.
10. Exhibits high degree of creativity, self-motivation, and commitment to task.
11. Ability to create a strong network of relationships among peers, internal partners, external constituencies, and decision makers to deliver end products.
12. Experience preparing materials for and comfortable presenting to executive management.
13. Excellent written and oral communication skills.
14. Strong coordination, influencing and negotiation skills.
15. Excellent risk-based judgement and decision making
16. Passionate about building world-class Information Security programs.

General Description of Available Benefits for Eligible Employees of Truist Financial Corporation: All regular teammates (not temporary or contingent workers) working 20 hours or more per week are eligible for benefits, though eligibility for specific benefits may be determined by the division of Truist offering the position. Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates. Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays. For more details on Truist’s generous benefit plans, please visit our Benefits site . Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan. As you advance through the hiring process, you will also learn more about the specific benefits available for any non-temporary position for which you apply, based on full-time or part-time status, position, and division of work. #J-18808-Ljbffr Habitat For Humanity Of Durham