Cyber Governance, Risk, and Compliance Manager

Job Description At Regions, the Cyber Security Group Manager leads a diverse team of managers, engineers, and analysts charged with daily operations of enforcing, monitoring, and managing cyber security controls to protect the assets of the bank, customers, and associates. The role monitors domains such as malware defense, network security, internet security, security analytics, threat intelligence, cybercrime, data protection, vulnerability management, and customer authentication. It also develops and manages strategic relationships with senior leaders across the enterprise to incorporate cyber security tools and resources into business operations. Primary Responsibilities Creates strategy influencing business methods and integrated security restrictions, weighing complex requirements from the business with industry best practices for security Develops an enterprise strategy for Cyber Security while ensuring scalability and automation across lifecycle, including role-based access control and lifecycle management Takes overall responsibility for architecture, planning and delivery of enterprise-level Cyber Security programs Works across teams to document and share Cyber Security best practices for on premise and cloud-based solutions for employees, contractors, and vendors Leads the use of Cyber Security tools (people, process, technology) for the optimization of SOX compliance efforts Ensures overall IT strategy and architecture plans and standards are translated into Cyber Security service programs, methods, and technologies as they align with leading Cyber Security practices Leads application development Cyber Security strategy for internal service to service and end-consumer authentication and authorization using modern techniques Manages, coaches, leads, and develops a staff of Cyber Security personnel Partners with other business functions on all aspects of Cyber Security strategy and requirements Thinks analytically, and reports metrics that matter, translating into slides for executive audiences Develops and retains a high performing team, driving deep technical ability across the entire Cyber Security team Prioritizes and meets deadlines, goals, and objectives Partners across Technology, Operations, Digital, and Data (TODD) to ensure controls are designed, implemented, and monitored to strengthen risk management and compliance, mitigating risk to company’s appetite Ensures disciplined change management by evaluating risk and control impacts when designing or implementing changes to processes, systems, products, and services Requirements Bachelor's degree in Computer Science, Management Information Systems, or related technology or business area and fifteen (15) years of related experience Or High School Diploma or GED and nineteen (19) years of related experience Leadership and management experience Preferences Experience developing role-based access control strategy (including SoD and PAM) and production implementation Experience with Identity Governance Solutions (Azure AD, Okta) Experience with Privileged Access Management Solutions (CyberArk) Experience and strong knowledge of access lifecycle management Experience and strong knowledge of SSO solutions (Okta, Azure, etc.) Experience with Cloud IAM (AWS, Azure, etc.) Excellent verbal and written skills, comfortable presenting ideas to different levels within and outside the organization, including executive leadership, customers, auditors, etc. Skills and Competencies Ability to work under pressure and meet deadlines Ability to think strategically, prioritize tasks, and make sound decisions in a fast-paced environment Advanced level in Microsoft Office (Excel, Word, PowerPoint, Outlook, etc.) Demonstrated leadership capabilities Excellent communication, interpersonal, and leadership skills Strong technical knowledge of information security principles, technologies, and best practices Understanding of and ability to interpret applicable rules, regulations, and industry guidance Preferred Qualifications Experience managing and maintaining enterprise cybersecurity policy, program, standards, and guidelines libraries, including periodic updates and lifecycle governance Demonstrated ability to align cybersecurity documentation with regulatory expectations and industry frameworks Proven experience overseeing cybersecurity control libraries, including updates, maintenance, and reporting Experience developing and tracking performance metrics such as OKRs, KRIs, and KPIs to measure control effectiveness and program maturity Experience managing issue tracking and reporting processes for cybersecurity-owned standards and enterprise-wide findings Ability to drive remediation efforts and provide transparent reporting to stakeholders and leadership Experience supporting cybersecurity aspects of vendor contracts, including NDAs and MSAs Demonstrated ability to perform vendor due diligence, contract reviews, and ensure compliance with offshore security requirements (secure room controls) Experience with continuous vendor monitoring tools (RiskRecon) Ability to coordinate and lead annual vendor reviews focused on cybersecurity program maturity Experience supporting or managing HIPAA compliance programs Experience contributing to or leading cybersecurity data governance initiatives, access management, cloud security, GenAI, and security engineering, including data classification, protection standards, and oversight processes Proven experience understanding and managing operational security functions and technologies, inclusive of automation for continuous control assessments leveraging GenAI capabilities to drive governance efficiencies Experience operating within large, highly regulated environments, with an emphasis on audit readiness, regulatory compliance, and enterprise-scale risk management Location & Travel This is an onsite position. Associates will have regular work hours, including full days in the office three or more days a week. Locations available are Birmingham, AL; Atlanta, GA; Nashville, TN; or Charlotte, NC. Relocation assistance is not provided; relocation would be at the employee’s expense. Position Type Full time. Employment Details This position is exempt from timekeeping requirements under the Fair Labor Standards Act and is not eligible for overtime pay. It is incentive eligible. Equal Opportunity Employer Equal Opportunity Employer/including Disabled/Veterans. #J-18808-Ljbffr Regions Financial Corporation