SOX Identity and Access Management Governance ...

The position is described below. If you want to apply, click the Apply Now button at the top or bottom of this page. After you click Apply Now and complete your application, you'll be invited to create a profile, which will let you see your application status and any communications. If you already have a profile with us, you can log in to check status. Need Help? ( _If you have a disability and need assistance with the application, you can request a reasonable accommodation. Send an email to_ Accessibility (?subject=Accommodation request) _(accommodation requests only; other inquiries won't receive a response)._ Regular or Temporary: Regular Language Fluency: English (Required) Work Shift: 1st shift (United States of America) Please review the following job description: This role is positioned within the Technology, Data & Operations (TD&O) SOX Governance Team and serves as an ITGC subject matter expert, specifically concentrated on Identity & Access Management (IAM) and other logical securityu2013related SOX controls. The primary objective is to ensure TD&O fulfills its responsibilities under SOX Sections 404 and 302 and FDICIA, acting as the connective layer between: u2022 TD&O internal technology teams u2022 SOX Program Management, including internal SOX auditors u2022 External SOX auditors This makes the role a blend of IT risk governance, audit liaison, and control oversightu2014requiring both technical fluency and strong governance/reporting abilities. Key Responsibilities 1. ITGC Risk & Control Expertise (Logical Security Focus) You are expected to: u2022 Understand and apply IT general controls, particularly in areas such as provisioning, de-provisioning, access reviews, privileged access, authentication methods, and system access governance. u2022 Evaluate emerging risks, control failures, and design opportunities. This reinforces the need for: u2022 Strong foundational ITGC knowledge u2022 Understanding of IAM technologies (e.g., SailPoint, Active Directory, PAM tools) u2022 Ability to identify control gaps or deficiencies 2. Issue Resolution & Analytical Problem-Solving Youu2019ll address issues affecting both: u2022 SOX compliance u2022 Underlying technology processes This means: u2022 Translating technical problems into SOX impact assessments u2022 Recommending feasible, risk-based remediation strategies u2022 Supporting control owners in designing sustainable control improvements u2022 This is where IT risk expertise intersects with practical engineering or operational realities. 3. Governance Routines & Reporting Youu2019ll contribute tou2014or ownu2014routine SOX reporting cycles, including: u2022 Executive-level updates u2022 Committee reporting u2022 Escalation of emerging or systemic risks This requires: u2022 Strong communication skills u2022 Ability to convert technical details into concise, risk-focused reporting u2022 Comfort interfacing with senior leadership 4. Auditor Coordination & Request Management Youu2019ll be a point person within TD&O who: u2022 Coordinates with internal/external auditors on ITGC walkthroughs u2022 Manages evidence requests u2022 Clarifies process or control questions u2022 Helps drive consistent messaging across technology teams This calls for: u2022 Understanding what auditors expect u2022 Ability to anticipate questions or areas of scrutiny u2022 Keeping TD&O aligned with SPM and audit expectations 5. SOX Issue Management & Remediation Tracking You will partner with multiple groups to: u2022 Document issues/deficiencies u2022 Develop remediation plans u2022 Track progress and ensure timely closure This requires: u2022 Structured project management u2022 Clear understanding of deficiency severity and impact u2022 Skill in influencing teams toward timely resolution 6. Organizational & Project Management Skills The role requires coordination across: u2022 Technology process owners u2022 Risk partners u2022 Audit stakeholders u2022 Executive reporting channels This implies: u2022 Ability to manage multiple competing priorities u2022 Strong documentation discipline u2022 Effective communication across technical and non technical stakeholders 7. Technology Partner Collaboration You will provide SOX and IT risk perspective when: u2022 New technology initiatives launch u2022 System changes are made u2022 IAM or security processes are redesigned This ensures SOX requirements are built into designu2014not retrofitted later. For this opportunity, Truist will not sponsor an applicant for work visa status or employment authorization, nor will we offer any immigration-related support for this position (including, but not limited to H-1B, F-1 OPT, F-1 STEM OPT, F-1 CPT, J-1, TN-1 or TN-2, E-3, O-1, or future sponsorship for U.S. lawful permanent residence status.) This position is office-centric 5 days a week in either our Atlanta or Charlotte/Cascade hub. Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time. 1. Provide coordination, effective challenge and robust independent oversight of policies, limits, and committees to drive effective governance structures and requirements to effectively manage and mitigate risks within assigned business units and support alignment with the overall corporate strategy. 2. Provide consultative leadership and develop working relationships across assigned business units and committees to drive the implementation and execution of a multi-level governance document structure and comprehensive inventory for all defined governance materials. 3. Support and contribute to the design, implementation, and execution of comprehensive, forward-looking and risk-based frameworks, processes, and systems for prioritizing, structuring, reviewing and approving governance materials throughout the company. 4. Support the monitoring and execution of risk governance policies and procedures to establish defined processes, clear roles and responsibilities, and effective challenge routines. 5. Identify and monitor risk governance exceptions, issues, and emerging trends across assigned business units and committees to drive their remediation, acceptance, or escalation to governing bodies. 6. Document the governance and reporting program including methodologies, processes and procedures, report writing, conventions for consistently vetting and documenting findings and working papers. 7. Lead the Development and maintenance of processes and procedures to ensure the accuracy of the reports produced by the team. 8. Evaluate control weakness or key indicators exceeding risk limits and perform root cause analysis. 9. Build a working knowledge of the business units strategic plan, key objectives, risk appetite statement, and RSCA process to understand the risks identified and controls applied to mitigate them in order to execute ad hoc risk management initiatives and controls testing. 10. Assist in the detection of emerging and/or under recognized risks. 11. Conduct data aggregation to support risk appetite framework and quarterly profile, including KRI's and ongoing risk identification. 12. Assist business leaders in development of RAF metrics and thresholds. 13. Generate content for regular management and risk program governance committees. 14. Facilitate Risk Committee and other risk committee/working groups. 15. Demonstrate Truistu2019s risk culture. Qualifications Required Qualifications: The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. 1. Bacheloru2019s degree in Business, Finance, Communications or equivalent education and related training. 2. Eight to twelve years of financial services or risk management experience, and/or equivalent education, training and experience. 3. Strong interpersonal and relationship management skills with ability to interact and communicate within all levels of organization, across functions, and within public sector/governmental agencies. 4. Strong analytical, cognitive, conceptual, critical thinking and organizational skills. 5. Demonstrated leadership, communication (verbal and written), presentation and facilitation skills. 6. Demonstrated planning ability with demonstrated judgment, problem-solving and decision-making skills. 7. Demonstrated proficiency in basic computer applications, such as Microsoft Office software products. Preferred Qualifications: 1. Seven plus years of experience auditing SOX 404 / 302 ITGC controls, particularly within logical security and Identity & Access Management (IAM). 2. Working knowledge of IAM concepts such as provisioning, deu2011provisioning, role-based access, privileged access management (PAM), authentication/authorization mechanisms, and access review processes. 3. Hands-on or oversight experience with IAM platforms (e.g., SailPoint, Active Directory / Azure AD, CyberArk, etc.). 4. Experience supporting or executing ITGC walkthroughs, control testing, or evaluating IT control deficiencies. 5. Familiarity with SOC 1 / SOC 2 reporting and related control environments. General Description of Available Benefits for Eligible Employees of Truist Financial Corporation: All regular teammates (not temporary or contingent workers) working 20 hours or more per week are eligible for benefits, though eligibility for specific benefits may be determined by the division of Truist offering the position. Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates. Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays. For more details on Truistu2019s generous benefit plans, please visit our Benefits site ( . Depending on the position and division, this job may also be eligible for Truistu2019s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan. As you advance through the hiring process, you will also learn more about the specific benefits available for any non-temporary position for which you apply, based on full-time or part-time status, position, and division of work. _Truist is an Equal Opportunity Employer that does not discriminate on the basis of race, gender, color, religion, citizenship or national origin, age, sexual orientation, gender identity, disability, veteran status, or other classification protected by law. Truist is a Drug Free Workplace._ EEO is the Law ( E-Verify ( IER Right to Work (

Created: 2026-03-09