The position is described below. If you want to apply, click the Apply Now button at the top or bottom of this page. After you click Apply Now and complete your application, you'll be invited to create a profile, which will let you see your application status and any communications. If you already have a profile with us, you can log in to check status.
If you have a disability and need assistance with the application, you can request a reasonable accommodation. Send an email to Accessibility (accommodation requests only; other inquiries won't receive a response).
Regular or Temporary:
RegularLanguage Fluency: English (Required)
Work Shift:
1st shift (United States of America)Please review the following job description:
Third Party Risk Operations Function (TPROF) is responsible for supporting the Third-Party Risk Management (TPRM) program by overseeing and managing related activities. This role ensures that TPROF operations align with the latest TPRM program updates, policies, and procedures. The Third-Party Management Assessment Officer I (Remote Assessor) performs the following functions:• Centralized Risk Domain Control Remote-based Assessments, ensuring that third-party domain assessments remain risk-based and aligned with current regulations, emerging risks, and Risk Domain Owner expectations.
• Risk Domains in scope for the assessments include Cyber Security, Technology Management, Operational, BSA/AML, Fraud, Fourth Party and Compliance
• Evaluate documentation such as SOC 1 and 2 reports, ISO 27001 Certification reports, penetration testing, vulnerability reports, cloud security documentation, security policies & standards.
• Perform physical security assessment of environmental & assess controls.
• Perform data security assessment of various controls pertaining to encryption, data loss prevention, network management, mobile computing, incident management, change management, asset management, logging & monitoring, and business continuity.
• Complete the review of third-party provided artifacts to evidence the appropriate remediation of identified assessment deficiencies.
ESSENTIAL DUTIES AND RESPONSIBILITIES
Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.
1. Perform initial due diligence and Ongoing Remote-based Assessments of third-party risks and controls associated with risk domains such as Cyber Security, Technology Management, Operational, BSA/AML, Fraud, Fourth Party and Compliance
2. Lead meetings with Service Managers to establish inherent risk profile, and review service characteristics.
3. Collaborate with the third-party contact and Service Managers to document and agree on appropriate action plans to remediate risk deficiencies identified in remote assessments.
4. Execute validation / approval of third-party remediation and closure of deficiencies.
5. Analyze program workflow, questionnaires, and design documentation to ensure compliance based on Truist policies and standards, industry best practices, and regulatory requirements.
6. Advises and educates Service Managers and Business Partners to increase risk awareness and enforce adherence to TPRM Framework requirements.
7. Takes a new perspective on existing solutions to solve problems. Exercises judgment and critical thinking based on the analysis of multiple sources of information. Recommends best practices.
8. Provides guidance and advisement as well as effective challenge, where needed, to Service Managers and Business Owners, and Business Partners as relates to consistent TPRM program adherence and execution.
9. Acts as a resource for teammates with less experience.
10. Explains and interprets current TPRM and TPROF framework.
11. Works independently and receives guidance only on more complex issues.
QUALIFICATIONS
Required Qualifications:
The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
1. Bachelor’s degree in Business, Computer Science, Cyber Security or related disciplines
2. Minimum of 6 to 8 years of Third-Party Assessment experience associated with the following risk domains: Cyber Security, Technology Management, Operational, BSA/AML, Fraud, Fourth Party and Compliance
3. Understanding of IT Control Frameworks. (i.e. COBIT, ITIL, ISO and COSO)
4. Strong technical, research, and analytical skills
5. One or more Cyber Security, IT risk related professional, or Risk Management certifications. (i.e. CISSP, CRISC, CISM, or CRP)
6. In depth knowledge of service delivery models, network infrastructure, mobile devices, web applications, and other Cyber Security disciplines.
7. Strong verbal and written communication skills, including the ability to communicate complex risk domain and technical concepts to audiences with limited risk management experience.
8. Strong interpersonal and collaboration skills with a willingness to contribute to the team’s success.
9. Strong project management and time management skills to include the ability to conduct multiple assessments simultaneously.
10. Fully developed knowledge of third-party risk domains, IT security and technology best practices and regulatory requirements.
11. Strong team-oriented interpersonal skills and ability to accomplish objectives via collaborative efforts.
Preferred Qualifications:
1. 7+ years of Third-Party Risk Management or Cyber Security consulting
2. Familiarity with Service Auditor Reports (i.e. SSAE16) and the BITS Framework for Service Providers
3. Experience in maintaining working relationships within Truist and with third-party relationships.
4. Experience with Archer and/or Ariba applications.
5. Risk experience within a large financial institution.
6. Proficient in of Outlook, Team, Excel, Word and PowerPoint
General Description of Available Benefits for Eligible Employees of Truist Financial Corporation: All regular teammates (not temporary or contingent workers) working 20 hours or more per week are eligible for benefits, though eligibility for specific benefits may be determined by the division of Truist offering the position. Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates. Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays. For more details on Truist’s generous benefit plans, please visit our Benefits site. Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan. As you advance through the hiring process, you will also learn more about the specific benefits available for any non-temporary position for which you apply, based on full-time or part-time status, position, and division of work.
Truist is an Equal Opportunity Employer that does not discriminate on the basis of race, gender, color, religion, citizenship or national origin, age, sexual orientation, gender identity, disability, veteran status, or other classification protected by law. Truist is a Drug Free Workplace.
EEO is the Law Pay Transparency Nondiscrimination Provision E-Verify
