Cyber Governance, Risk, and Compliance Manager

The Cyber Security Group Manager at Regions leads a diverse team of managers, engineers and analysts responsible for the daily operations of enforcing, monitoring, and managing cyber security controls to protect the assets of the bank, customers, and associates. The role monitors domains of security controls including malware defense, network security, Internet security, security analytics, threat intelligence, cybercrime, data protection, vulnerability management, and customer authentication. Primary Responsibilities Creates strategy influencing business methods and integrated security restrictions, weighing complex requirements from the business with industry best practices for security Develops an enterprise strategy for Cyber Security while ensuring scalability and automation across lifecycle – will include strategies for role-based access control and lifecycle management Takes overall responsibility for architecture, planning and delivery of enterprise-level Cyber Security programs Works across teams to document and share Cyber Security best practices for on premise and cloud-based solutions for employees, contractors, and vendors Leads the use of Cyber Security tools (people, process, technology) for the optimization of SOX compliance efforts Ensures overall IT strategy and architecture plans and standards are translated into Cyber Security service programs, methods, and technologies as they align with leading Cyber Security practices Leads application development Cyber Security strategy for both internal service-to-service as well as end consumer to application authentication and authorization using modern techniques Manages, coaches, leads, and develops a staff of Cyber Security personnel Partners with other business functions on all aspects of Cyber Security strategy and requirements Thinks analytically, and able to understand and report metrics that matter (quantifiable and actionable) then translates into slides executive level audiences with limited technical knowledge can understand Develops and retains a high performing team – drive deep technical ability across the entire Cyber Security team Prioritizes and meets deadlines, goals, and objectives Partners across Technology, Operations, Digital, and Data (TODD) to ensure controls are designed, implemented, and monitored to strengthen risk management, compliance, and cyber security, effectively mitigating risk to levels within the company’s risk appetite Ensures disciplined change management by evaluating risk and control impacts when designing or implementing changes to processes, systems, products, and/or services Requirements Bachelor's degree in Computer Science, Management Information Systems, or related technology or business area and fifteen (15) years of related experience Or High School Diploma or GED and nineteen (19) years of related experience Leadership and management experience Preferences Experience developing role-based access control strategy (including SoD and PAM) and production implementation Experience with Identity Governance Solutions (Azure AD, Okta) Experience with Privileged Access Management Solutions (CyberArk) Experience and strong knowledge access lifecycle management Experience and strong knowledge of SSO solutions (Okta, Azure, etc.) Experience with Cloud IAM (AWS, Azure, etc.) Excellent verbal and written skills and be comfortable presenting ideas and issues to different levels within and outside of the organization, to include executive leadership, customers, auditors, etc. Skills And Competencies Ability to work under pressure and meet deadlines Ability to think strategically, prioritize tasks, and make sound decisions in a fast-paced environment Advanced level in Microsoft Office (Excel, Word, PowerPoint, Outlook, etc.) Demonstrated leadership capabilities Excellent communication, interpersonal, and leadership skills Strong technical knowledge of information security principles, technologies, and best practices Understanding of and ability to interpret applicable rules, regulations, and industry guidance Preferred Qualifications Experience managing and maintaining enterprise cybersecurity policy, program, standards, and guidelines libraries, including periodic updates and lifecycle governance Demonstrated ability to align cybersecurity documentation with regulatory expectations and industry frameworks Proven experience overseeing cybersecurity control libraries, including updates, maintenance, and reporting Experience developing and tracking performance metrics such as OKRs, KRIs, and KPIs to measure control effectiveness and program maturity Experience managing issue tracking and reporting processes for cybersecurity-owned standards and enterprise-wide findings Ability to drive remediation efforts and provide transparent reporting to stakeholders and leadership Experience supporting cybersecurity aspects of vendor contracts, including NDAs and MSAs Demonstrated ability to perform vendor due diligence, contract reviews, and ensure compliance with offshore security requirements (e.g., secure room controls) Experience with continuous vendor monitoring tools (e.g., RiskRecon) Ability to coordinate and lead annual vendor reviews focused on cybersecurity program maturity Experience supporting or managing HIPAA compliance programs Experience contributing to or leading cybersecurity data governance initiatives, access management, cloud security, GenAI, security engineering, including data classification, protection standards, and oversight processes Proven experience understanding and managing operational security functions and technologies inclusive of automation for continuous control assessments leveraging GenAI capabilities to drive governance efficiencies Experience operating within large, highly regulated environments, with an emphasis on audit readiness, regulatory compliance, and enterprise-scale risk management Job Details This position is intended to be onsite, now or in the near future. Associates will have regular work hours, including full days in the office three or more days a week. The manager will set the work schedule for this position, including in-office expectations. Regions will not provide relocation assistance for this position, and relocation would be at your expense. Locations available for this role are Birmingham, AL; Atlanta, GA; Nashville, TN; or Charlotte, NC. Regions will not sponsor applicants for work visas for this position at this time. Applicants for this position must currently be authorized to work in the United States on a full-time basis. Position Type: Full time Compensation Pay ranges are job specific and are provided as a point-of-market reference for compensation decisions. Other factors which directly impact pay for individual associates include: experience, skills, knowledge, contribution, job location and, most importantly, performance in the job role. Pay will also vary among individual associates within the same job. Minimum Job Range Target: $207,953.35 USD Median: $298,600.00 USD Incentive Pay Plans: This role is eligible to participate in the annual discretionary incentive plan. Employees are eligible to receive a discretionary award based on individual, business, and/or company performance. Opportunity to participate in the Long Term Incentive Plan. Benefits Paid Vacation/Sick Time 401K with Company Match Medical, Dental and Vision Benefits Disability Benefits Health Savings Account Flexible Spending Account Life Insurance Parental Leave Employee Assistance Program Associate Volunteer Program Location Riverchase Operations Center – Hoover, Alabama Equal Opportunity Employer/including Disabled/Veterans #J-18808-Ljbffr Regions Bank