Cyber Shared Services Governance Sr Analyst
Job Description : Job Description
Assist Cyber Shared Services (CSS) with development and communication of the CSS program, which includes: providing strategic and tactical input, and investment prioritization of new security controls/initiatives to address emerging threats; assisting functional leads with development of portfolio reporting and delivery of cybersecurity controls/capabilities to address risks in our environment (consulting); supporting development and implementation of cybersecurity risk framework and metrics that enable communication of key threat indicators, effectiveness of our security controls, and key KPI's; assist with defining, implementing and operationalizing the engagement model; creating, deploying and operating continuous process optimization; and creating, deploying, and ensuring participation in a security awareness program to drive understanding of risks, controls, and responsibilities of all teammates across the company. CSS governance also includes influence of enhancements to CSS capabilities that support NIST CSF maturity; development and revision of cyber polices, standards, playbooks, runbooks and guidelines designed to mitigate cyber risks and support assessments of CSS capability.
Senior professional role that applies experience, judgment and strong understanding of cybersecurity and business processes to solve a range of complex technical and operational problems resulting in cyber risk reduction. Works independently and receives minimal guidance. Responsible for working with different stakeholders to perform cyber governance routines, conduct cyber risk and compliance assessments. Performs data analysis and interpretation for risk factors and presents KRI metrics and analysis. Makes recommendations concerning risk factors, mitigation controls and remediation plans using NIST Cyber Security Framework (CSF) as a reference model. Works on project teams to determine relevant security governance processes and controls. Qualifications
- Bachelor's degree and 5 years of related experience or an equivalent combination of education and experience.
- In-depth knowledge of principles, practices, theories, and/or methodologies associated with the computer/network security, intelligence/counterintelligence, cyber countermeasures, digital forensics, incident response, scripting and programming discipline.
- Understands foundational concepts of other related professional disciplines.
- Experience managing projects or project workstreams.
- Knowledge of the industry's competitive landscape and the factors that differentiate our Company from its competitors in the market.
- Ability to interpret and explain complex information to a range of audiences and build consensus among different stakeholders.
- Ability to provide direction and mentor less experienced teammates.
- Strong knowledge of cyber governance terms, disciplines and frameworks.
- Effective verbal and written communication, sufficient to provide information to others.
- Knowledge of business models and awareness of important factors in the banking industry.
- Bachelor's degree and 6 years of work experience in cyber security.
- Knowledge of GRC applications and or Cyber industry tools.
- Cyber security certifications such a CISA, Security+, CISSP.
- Awareness of policies and regulations which relate to Cyber Security compliance and the financial services environment.
- Banking or financial services experience.
Equal Opportunity Employer: SunTrust supports a diverse workforce and is a Drug Testing and Equal Opportunity Employer. SunTrust does not discriminate against individuals on the basis of race, creed, color, gender, religion, national origin, age, disability, veteran status, pregnancy, marital status, citizenship status, sexual orientation, gender identity, genetic information, or any other classification protected by applicable laws.
To review the EEO Poster, copy and paste the following link into your browser: http://www1.eeoc.gov/employers/upload/eeoc_self_print_poster.pdf http://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf