Sr. Advisor - Cyber Third-Party Risk Management (TPRM)

Overview

As the Sr Advisor, Cyber Third-Party Risk Management (TPRM) in First Citizens Bank's Enterprise Cyber Security Office's Governance Risk and Compliance team (ECSO GRC) you will execute high-priority enterprise-level cyber initiatives, influence across the organization, and drive the implementation of our cyber third-party risk management strategy. Specifically, in this position, you will develop and execute the Cyber Third-Party Risk Assessment program methodology. You will collaborate closely with associates and stakeholders across all lines of defense, lines of business, and other risk management teams to perform and support the work related to further maturing risk management practices. This includes leading and implementing Cyber TPRM tools and frameworks for the organization and managing a sustainable and mature process to identify, assess, mitigate, and monitor cyber third-party risk in the enterprise. This role will be responsible for big picture thinking and partnering across teams to develop and support best-in-class industry risk solutions in a manner that supports innovation and protects our customers, shareholders, and associates. Your contributions will drive organizational change through risk identification, measurement, analysis, and reporting in order to better manage the company's cyber risk in an open and collaborative environment.

• Mature the Cyber Third Party Risk Management program inclusive of a methodology to enhance the due diligence process in accordance with industry best practices.
• Manage Cyber TPRM capabilities that identify, analyze, and mitigate risk for various information security, technology, and business units. Define processes, standards, and procedures being utilized by your team. Drive continuous improvement of program capabilities by designing and implementing new security products, services, and technologies. Lead the development and reporting of GRC-owned cyber TPRM metrics to executive leadership.
• A sound knowledge of the industry and TPRM experience will be applied to assist leadership with ongoing strategic efforts, such as: integration with surrounding functions and systems, program facilitation and reporting capabilities, management of professional services and associated KPIs, and implementation of additional program automation and identified development opportunities.
• Mature the Cyber Third Party Risk Management program inclusive of a methodology to enhance the due diligence process in accordance with industry best practices.
• Manage Cyber TPRM capabilities that identify, analyze, and mitigate risk for various information security, technology, and business units. Define processes, standards, and procedures being utilized by your team. Drive continuous improvement of program capabilities by designing and implementing new security products, services, and technologies. Lead the development and reporting of GRC-owned cyber TPRM metrics to executive leadership.
• A sound knowledge of the industry and TPRM experience will be applied to assist leadership with ongoing strategic efforts, such as: integration with surrounding functions and systems, program facilitation and reporting capabilities, management of professional services and associated KPIs, and implementation of additional program automation and identified development opportunities.

• Bachelor's Degree and 7 years of experience in Information Technology Security, Operations, Risk Management, or Audit OR High School Diploma or GED and 10 years of experience in Information Technology Security, Operations, Risk Management, or Audit
• In-depth knowledge of Third Party risk, risk appetite methodologies, and regulatory requirements.
• Background in Third Party resiliency and Third Party cyber.
• Experience with building out Third Party lifecycle activities in emerging risks such as Artificial Intelligence.
• Proven experience in risk reporting and analytics, with strong data interpretation and communication skills.
• Strong understanding of the financial services industry, operational processes, and risk mitigation techniques.