Overview:

This position is a key role within the Cybersecurity Governance, Risk, and Compliance (GRC) function. This role will support the mission of protecting the confidentiality, integrity, and availability of Bank information.  This leader will establish influential relationships with IT management, risk, regulators, internal audit, and business partners.

Responsibilities:

Risk Governance – Establish the processes and frameworks for strong governance across the cybersecurity organization. Act as risk advisor to cyber program teams leveraging a human-centered approach for supporting them through risk processes as well as establishing risk governance for new and emerging programs. Embed risk advisors within business teams ensuring they are building programs with risk in mind. 

Program Oversight – Manage GRC capabilities that identify, analyze, and mitigate risk for various information security, technology, and business units. Build strong partnerships with industry peers, government agencies, and risk management communities. Define processes, standards, and procedures being utilized by team. Drive continuous improvement of program capabilities by designing and implementing new security products, services, and technologies. Lead the development and reporting of GRC-owned metrics to executive leadership.

Remediation Support – Be a liaison to program owners in developing management responses for internal and external parties as well as for issues management findings. Monitor industry trends for emerging techniques and technologies applicable to Bank operations.

Managerial Functions – Establish and monitor expectations to achieve company and departmental goals. Make appropriate changes to team policies, procedures, and efficiencies in order to meet objectives. Manage the performance, training, and evaluation of assigned staff. Maximize department achievements by providing professional development.

Qualifications:

Bachelor’s Degree and 10 years of experience in Information Technology Security, Operations, Risk Management, or Audit OR High School Diploma or GED and 14 years of experience in Information Technology Security, Operations, Risk Management, or Audit

Skill(s): Ability to develop and implement information security strategies in large, complex organizations, Effective at communicating audience-appropriate information to technical, management, and executive audiences; Proficiency in assessing risk and risk management practices; Knowledge of IT policies, standards, and procedures frameworks as well as their development and implementation; Knowledge of standard risk management or control frameworks such as NIST, ISO, CRI and FFIEC ; Knowledge of regulatory requirements and guidelines.

First Citizens benefits programs are designed to meet our associates where they are in life. Full-time associates (20+ hours) are offered a comprehensive benefits program, with customized offerings, including those designed to support families, however defined.