Data and Technology Services – IT Group
Raleigh, NC – 3200 Beechleaf Court
Senior-level report to the Chief Information Security Officer (CISO) and a collaboration partner with peer Corporate Information Security (CIS) and IT leaders and their teams in building, implementing and maintaining the security infrastructure for BB&T. Ensure solutions meet Business Unit requirements and provide needed levels of security for the enterprise. Oversee development, implementation and continuous improvement of security engineering processes, guidelines, and standards that enforce security policy and meet regulatory compliance. Responsible for assisting the CISO in developing and maintaining an effective enterprise-wide corporate information security program designed to ensure the protection and privacy of information assets to include data, software and equipment. Oversee components of the development and implementation of corporate-wide security strategy, principles, policies and practices.
Scheduled Weekly Hours
Essential Duties and Responsibilities:
Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.
1. Lead the implementation in partnership with other IT leaders, CIS managers, supervisors and associates in the planning, design, building, maintaining and implementation of security technologies and projects.
2. Partner closely with architecture and strategy to prepare engineering for building solutions. Ensure security infrastructure remains current within an acceptable range of risk and expense.
3. Reference one or more widely recognized technology standards, such as Control Objectives for Information and Related Technology (CobiT), National Institute of Standards and Technology (NIST), IT Infrastructure Library (ITIL), ISO 17799, BITS (Bank Information Technology Secretariat), and/or other industry publications for discrete controls.
4. Drive engineering performance, availability, scalability and recoverability through collaboration with other IT organizations.
5. Participate in business planning, bringing knowledge and vision of technology and systems related to the company’s competitive position. Lead and/or provide oversight to assigned initiatives to ensure successful completion and realization of benefits/objectives.
6. Provide timely and accurate reporting to the CISO and other senior-level officers. Work with Information Security Governance to analyze and report on operating metrics, performance tracking, error resolution and effectiveness measures related to security engineering infrastructure.
7. Develop and leverage a network of external business partners, academics, and technology thought leaders to ensure the Bank provides the best-in-class security infrastructure.
8. Work effectively with peers and others (up to and including members of Executive Management), both within IT Services, lines of business (LOBs), and subsidiary and affiliate organizations to accomplish assigned initiatives.
9. Maintain a high-level of awareness of existing and emerging security technology and IT organizational strategies and trends.
10. Assist in planning and developing departmental budgets.
11. Attract, coach/develop, retain, and motivate a world-class security leadership team. Make personnel recommendations/decisions regarding employment, career development, performance evaluations, salary changes, promotions, transfers, and terminations within policy and guidelines.
Required Skills and Competencies:
The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
1. Bachelor’s degree in Engineering, Computer Science, Business, Management, or Management Information Systems or security-related field, or equivalent education and related training
2. Fifteen years of progressively responsible managerial and leadership experience in technology; seven years of technology experience in a senior management capacity with a comparable organization
3. Eight years of experience with implementing enterprise IT projects on time, within budget and desired deliverables
4. Broad understanding of technology concepts and architectures:
a) Mainframe security, including access control, monitoring, integration with non-mainframe technologies, and virtualization;
b) Distributed systems security, including access control, monitoring, integration with other technologies, and virtualization;
c) Network security including firewalls, intrusion detection/protection, encryption, network access control and secure network design;
d) Authentication and authorization of CIS technologies;
e) Application security, including security development lifecycle, and the ability to apply to client-server and web-based application development environments;
f) Enterprise databases and database security, including database activity monitoring (DAM) and database access control (DAC) technologies;
g) Encryption methods and technologies for data-in-transit and data-at-rest scenarios.
5. Ability to translate high-level business planning into technology plans/business solutions
6. Ability to lead teams through design, planning, and execution of projects, resolving issues and addressing resource constraints
7. Experience in driving organizational transformation initiatives to improve performance and time-to-market, leverage technology, and reduce costs
8. Ability to think strategically while executing on multiple projects within deadlines
9. Strong interpersonal and communication skills, verbal and written
10. Substantial experience as a senior-level negotiator for contract/vendor management
11. Ability to interact effectively with Executive Management
12. Demonstrated proficiency in basic computer applications, such as Microsoft office software products
13. Ability to travel, occasionally overnight
1. One or more of the following certifications: Certified Information Security Systems Professional (CISSP), Information Security Systems Architecture Professional (ISSAP), Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Security Manager (CISM)
BB&T is an Equal Opportunity Employer and considers all qualified applicants regardless of race, gender, color, religion, national origin, age, sexual orientation, gender identity, disability, veteran status or other classification protected by law.