Senior Technology Resilience Risk Oversight Leader

Senior Technology Resilience Risk Oversight Leader

Leader within the Truist second‑line‑of‑defense (LOD2) Technology Risk team responsible for independent risk oversight of technology resiliency. You will develop trusted advisor relationships with technology leaders in assigned oversight areas, provide credible challenge focused on technology resiliency, perform risk identification and mitigation strategy development, partner with other internal teams to assess and mitigate technology risk, and manage teammates to execute on technology risk oversight activities and grow their professional skillsets.

The Senior Technology Risk Officer Resiliency position is a senior risk leader role responsible for independently assessing and challenging the effectiveness of the firm’s technology and cyber resilience programs. The successful candidate will leverage deep technical expertise and strong analytical skills to ensure critical business operations can withstand, adapt to, and recover from severe disruptions, such as cyberattacks, system failures, or natural disasters.

This position focuses on all aspects of technology resiliency, including business continuity, disaster recovery, and effective testing and measurement to appropriately manage the risk of resiliency s role provides guidance and expert challenge to technology teams and executive leadership to ensure alignment with the firm’s risk appetite and regulatory requirements.

• Provide independent risk oversight enterprise‑wide for Enterprise Control Functions through the effective identification, mitigation, monitoring and reporting of operational, technology, compliance and strategic risks within the ECFs.
• Provide strategic risk advisory to ECF leads—Chief Information Security Officer, Chief Data Officer, Chief Technology Officer, etc.—supporting Truist organization’s strategies and objectives while operating within established risk appetites. Provide effective challenge of the ECF Strategy for Truist.
• Lead engagement of peer institution second‑line functions to influence the industry build of the tech risk functions.
• Lead execution of independent second‑line testing/evaluations (e.g., Red Team/ Penetration Testing) typically commissioned by the Board, the CEO and/or the CRO.
• Ensure that resources, activities and initiatives are aligned to enable and sustain achievement of business objectives within forecasted spend rates while reducing risks.
• Provide independent assessment and oversight of the maturity of technology risk domains (e.g., Cyber, Service Delivery and Operations, Data Management) and adequacy of controls pertaining to domains in meeting agreed business outcomes for performance, stability, security and service availability.
• Review and attest to/challenge adequacy of risk assessments (e.g., Risk & Control Self‑Assessments, Application Assessments, Change Risk Assessments) produced by BURM.
• Serve as member of the Technology Risk Committee and participate in the Enterprise and Board Risk Committees and the Board Technology Committee, when applicable for Technology Risk related topics.
• Ensure effectiveness and structure in regulatory engagement practices, including responses out of the impacted ECF group.
• Encourage and monitor risk education, skills training and adoption of goals to drive improved risk culture and awareness across the enterprise.
• Engage on ECF risk policy governance, and provide direction and guidance in the development, implementation and communication of policies, procedures and standards. Oversight of multiple enterprise‑wide policies.
• Monitor, assess and challenge significant third‑party and vendor relationships within Enterprise Technology.
• Develop and maintain effective channels of communication with other BU CROs, control functions, Senior Business Unit (BU) management, as well as regulatory agencies.
• Lead, manage and develop teammates directly and indirectly; influence cybersecurity talent management through recommendations to Truist senior leadership, including the Board of Directors, to inform decisions on resource allocations to close control gaps.
• Participate in applicable mergers and acquisition target…