Cyber Compliance Officer

Play a critical role in enabling strategy, execution, collaboration, and communication across the Truist Insurance Holding’s cybersecurity employee engagement around security. Attention to detail, organization, the ability to communicate across teams, and lead through influence will be critical skills for success. Oversee a managed security service provider team.

Leads key Cyber Regulatory Compliance efforts on behalf of TIH specifically regulatory compliance to the Committee on Foreign Investment in the United States (“CFIUS”). Oversees any required regulatory exams and attestations, coordinates regulatory engagement, and provides leadership advisement on the evolving cyber regulatory landscape and requirements.

Job Description

ESSENTIAL DUTIES AND RESPONSIBILITIES

Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.

The core focus of this role includes the following:

• Maintain strong working knowledge of insurance cyber regulations and expectations for risk management for financial institutions.
• Maintain and builds relationships with Regulatory Bodies.
• Report any violations to regulatory bodies as required.
• Manage outsourcing support of regulatory activities and audits
• Track and reports on compliance with cyber regulatory requirements.

1. Develop a TIH-wide security awareness program and enable security communications across the organization.

2. Lead a year-round security awareness program to include event planning for all employees, development and execution of the company-wide security awareness training, and all associated awareness materials and information.

3. Work with the extended Corporate Communications team to amplify messaging internally and externally, including successful business partnerships with demonstrable results.

4. Improve security communications overall to include the development of an external security webpage, maintain all internal website and content, develop all creative security collateral to support ISO program and capabilities.

5. Lead all incident response communications for leadership and external reporting.

6. Lead all security project communications for various security initiatives and activities.

7. Support the CISO and broader IT leadership team in speaking engagement and internal communications activities.

8. Lead efforts to prepare and inventory responses for IT security questions from regulators, AIG customers and other business affiliates as appropriate and in close coordination with the Head of Governance, Risk and Compliance.

9. Develop and maintain a compendium of categories of inquiries, standard responses, and corresponding SMEs.

10. Support all additional requests for security information to include third party due-diligence, Cyber Risk Insurance Renewal and the Environmental Sustainability Report, as applicable.

11. Lead and execute the TIH’s global phishing program; Develop creative and unique engagement that works to build first-line security awareness across all employees.

QUALIFICATIONS

Required Qualifications:

The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

1. Ability to keep abreast of current IT and cyber security concerns and trends, regulatory compliance requirements, vulnerabilities, and emerging technologies to include best practices across the cyber security industry.

2. An innovative and creative thinker who can get to the essence of the matter and communicate concisely and in an engaging manner.

3. Business acumen, change management, project and stakeholder management skills.

4. Ability to develop clear and concise presentations, reports and dashboards to inform upper management of relevant metrics and trends.

5. Ability to proactively obtain and leverage new and current information to efficiently achieve team and corporate goals.

6. Proficiency with usage of Microsoft tools: Word, Excel, PowerPoint, Visio and others.

7. Experience developing and managing SharePoint sites and content.

8. Excellent written and verbal communications, effective interpersonal skills, strong formal presentation abilities, project management skills

9. Bachelor's degree in business, communications, cybersecurity, information systems and security, or a related discipline or equivalent experience

Preferred Qualifications:

Strong preference for Cyber Regulatory experience. Insurance Regulatory experience would be ideal. CFIUS experience would also be a strong preference.

1. Self-starter who takes ownership and responsibility for prudent service delivery

2. Works independently with minimal guidance to drive projects to completion, while also working collaboratively with the team to achieve strategic goals

3. Professional, clear, and concise verbal and written communication to internal customers, subject matter experts, upper management and other audiences

4. Strong deductive reasoning, critical thinking, problem solving, prioritization, attention to detail and consultative skills

5. A collaborative team player who will solicit and offer input and support decision-making.

6. An action-oriented, execution driven person would be ideal.

7. Proven organizational skills (time management and prioritization), and also employ a rigorous process for all follow-up / coordination activities.

8. Position requires access to sensitive confidential material; Integrity and discretion are mandatory.

9. Comfortable working in a continuously changing, fast-pace environment - balancing multiple priorities, special projects, and other activities.

10. Ability to deal diplomatically and effectively at all levels of the business including both technical and non-technical staff, management and senior leadership.

This position is 100% remote with a preference for someone locate in the Eastern Time Zone.

If you are interested, please apply through the link. Please do not reach out to me directly via LinkedIn as I am unable to respond to the overwhelming number of inquiries.