Director, Cybersecurity Risk Management

Senior Leader For Security Governance

Truist is seeking a senior leader to support continued maturation of the Security Governance function within Truist Protection Services (TPS). Reporting to the Head of Security Governance, this role will play a key role in the strategic direction for the management of cyber risks, issues, and controls across TPS to scale governance and accelerate decision-making. This leader will translate key drivers, regulatory expectations, and emerging threats into a coherent program strategy and operating model. The role partners closely with other Security Governance functions (Process, Risk and Control; Policy and Standards Governance and Adherence; Assessments; Third-Party Risk; Issue Management), second line Risk, Audit, Business Information Security Officers (BISOs), Technology, Legal, and business stakeholders to strengthen Truist's cyber risk posture and reduce time-to-remediation at scale. The ideal candidate has led cybersecurity risk, issue management, and/or controls functions in a large, regulated environment; can translate technical risk into clear business decisions; and can drive measurable program outcomes through both strong governance discipline and modern, technology-enabled execution.

Essential Duties And Responsibilities Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.

This role leads the governance of a portfolio of issues and related remediation activities. Responsibilities will evolve as the program scales and matures.

• Define and execute program strategy. Establish the vision, operating model, and multi-year roadmap aligning to key drivers, regulatory expectations, enterprise risk appetite, and TPS priorities.
• Own end-to-end management of a portfolio of issues —including intake, classification, prioritization, root-cause analysis, action plan quality, remediation tracking, escalation, and closure validation.
• Drive issue management and mitigation. Identify, document, coordinate, and execute (as applicable) issue management and mitigation activities; partner with control and process owners to ensure timely, sustainable remediation and reduction of repeat findings.
• Govern controls design and operation. Lead the creation, documentation, and ongoing management of cybersecurity controls as applicable—ensuring controls are well-defined, mapped to applicable frameworks and regulations, testable, and continuously monitored for effectiveness.
• Embed agentic AI and automation. Champion a culture of innovation by applying agentic AI, intelligent workflows, and advanced analytics to issue management, control monitoring, evidence collection, and executive reporting—reducing manual effort and accelerating insight.
• Partner across Security Governance. Coordinate seamlessly with Process, Risk and Control; Policy and Standards Governance and Adherence; Assessments; Third-Party Risk; and other Security Governance functions to ensure a consistent, integrated governance experience for TPS.
• Engage the three lines of defense. Build strong partnerships and influence outcomes across first line TPS teams, second line Risk and Compliance, and third line Audit—aligning oversight expectations, strengthening issue management discipline, and reducing residual risk.
• Support regulatory and audit engagements. Lead timely, accurate, and well-evidenced responses to regulatory exams and internal audit activities; ensure sustainable remediation and strong control evidence.
• Deliver executive-ready reporting. Produce concise, decision-grade materials for senior leadership and governance committees, highlighting top risks, issue trends, control health, and prioritized actions.
• Build and develop the team. Hire, develop, and retain a high-performing team of cybersecurity risk, issue management, and controls professionals; set clear goals, provide coaching, and foster a culture of accountability, curiosity, and collaboration.
• Embody "we deliver together." Establish strong cross-functional working relationships across TPS, Technology, Legal, Procurement, Enterprise Risk, and business stakeholders to drive shared outcomes.

Qualifications Required Qualifications The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. 1. Bachelor's degree in Information Technology, Information Security, Engineering, or related field. 2. Minimum of 10 years of professional experience in technology governance with progressive management responsibilities. 3. Proven experience managing teams and mitigating technology risks at scale. 4. Strong knowledge of regulatory requirements and compliance frameworks. 5. Expertise in governance assessment methodologies, control frameworks, and enterprise vulnerability management.

• Graduate degree (MBA, MS, or similar) and/or industry certifications (e.g., CISSP, CRISC, CISM, CISA).
• Experience building or transforming cybersecurity issue management and controls programs at scale (e.g., issue lifecycle automation, control rationalization, continuous control monitoring, integrated GRC platforms).
• Experience developing or implementing agentic AI and emerging risk technologies in a GRC context (e.g., AI-assisted root-cause analysis, automated evidence collection, intelligent reporting).
• Experience translating regulatory requirements and audit findings into durable control design and sustainable remediation strategies.
• Experience leading governance functions within a complex, matrixed financial institution and influencing outcomes across first, second, and third lines of defense.

The annual base salary for this position is $220,000 - $265,000