Divisional Data Risk Officer

About The Position

Requirements

• Advanced degree in Data/Technology, Business and/or financial-related discipline, or equivalent education and related training
• Ten plus years of experience in a financial institution (or large corporate equivalent) with emphasis on risk management or equivalent work experience
• Seven plus years of large BU/CF/ECF and related technology operations, including extensive knowledge of Data Governance, Data strategy, policy, procedures, and regulations.
• Knowledge of key rules/regulations and technology risk management practices (e.g., Federal Financial Institutions Examination Council (FFIEC), BCBS 239 Rules, SR7-11 Rule, Control Objectives for Information and Related Technology (COBIT), NIST (National Institute of Standards and Technology), Information Technology Infrastructure Library (ITIL)).
• Strong leadership skills including the ability to influence partners and teammates.
• Strong execution background with deep understanding of BU/CF knowledge
• Excellent communication (verbal and written), presentation and facilitation skills; ability to influence and communicate with impact.
• Experience presenting to Executive Leadership and Board level.
• Superior ability to think critically and strategically.

Nice To Haves

• Ten plus years of experience in a financial institution with emphasis on risk management or equivalent work experience
• Strategic business and financial planning experience
• Experience with audit processes and techniques
• Direct experience creating, managing, and overseeing operational data protection controls for large financial institutions
• Deep understanding of how regulatory requirements map to technology controls and how technology controls integrate into financial institution technologies
• Blended risk & control experience spanning both first & second line of defense

Responsibilities

• Data Risk Oversight - Provide independent risk oversight (i.e., second Line of Defense/LOD2) enterprise-wide for ECF, BUs, and CFs through the effective identification, mitigation, monitoring and report data risk issues within the respected units.
• Strategic Alignment- Provide effective challenge of the ECF/BU/CF on Data Strategies and program executions. Be thoughtful on forward looking data risks while balancing priorities.
• Targeted control testing- Support independent second line testing / evaluations (e.g., Red Team / Penetration Testing);
• Provide independent assessment and oversight of the maturity of data risk domains (e.g., Cyber, Service Delivery and Operations, Data Management, etc.) and adequacy of controls pertaining to domains in meeting agreed to business outcomes for performance, stability, security, and service availability. Assessments should leverage agreed upon metrics produced by Business Unit Risk Management (BURM)/first Line of Defense – LOD1) with challenge and validation as appropriate.
• Independent Challenge of LOD1 assessments - Review and attest to/challenge adequacy of risk assessments (i.e., Risk & Control Self Assessments, Application Assessments, Change Risk Assessments) produced by BURM.
• Risk Metrics – understand and report Risk Metrics for its coverage areas. Escalate metrics out of appetite and drive risk remediation plan.
• Third Party Management Risk Oversight - Monitor, assess and challenge as appropriate for significant third-party and vendor relationships within Data Management.

Benefits

• Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates.
• Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays.
• Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan.