The position is described below. If you want to apply, click the Apply Now button at the top or bottom of this page. After you click Apply Now and complete your application, you'll be invited to create a profile, which will let you see your application status and any communications. If you already have a profile with us, you can log in to check status.
If you have a disability and need assistance with the application, you can request a reasonable accommodation. Send an email to Accessibility (accommodation requests only; other inquiries won't receive a response).
Regular or Temporary:
RegularLanguage Fluency: English (Required)
Work Shift:
1st shift (United States of America)Please review the following job description:
In this role, you will be responsible for leading a specialized security operations function focused on triaging, investigating, and responding to security events and incidents involving third-party vendors, SaaS providers, and external partners.This role maintains a holistic and continuously updated vendor risk profile by correlating:
- Technical telemetry and detections
- Threat intelligence
- Business criticality and data sensitivity
- Historical vendor incidents
The TPSOC Manager ensures vendor-related threats are rapidly assessed, accurately scoped, and translated into actionable business risk decisions.
This is a fully on-site position based in Atlanta, GA. Teammates are expected to be in the office five days a week
ESSENTIAL DUTIES AND RESPONSIBILITIES
Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.
1. Vendor Incident & Investigation Management
Lead triage and investigation of vendor breach notifications, SaaS compromises involving third parties, and external exploitation of vendor-managed systems.
Determine whether the organization is impacted and identify affected data, systems, and users.
Coordinate response with SOC, Vendor Risk Management, Cyber Command Center, Legal, Privacy, Compliance, and Application Security teams.
Ensure evidence collection and forensic integrity for vendor-related incidents.
Preparing and presenting project updates for executive leadership.
May lead IT cybersecurity initiatives and typically leads moderately complex projects and participate in larger, more complex initiatives. Solves complex technical and operational problems.
2. Holistic Vendor Risk Profiling
Build and maintain dynamic vendor risk profiles incorporating:
Data sensitivity and access levels
External risk ratings (e.g., SecurityScorecard, BitSight)
Threat intelligence and breach history
Internal telemetry and detection results
Classify vendors by inherent risk, residual risk, and incident likelihood.
Continuously update vendor risk posture based on incidents, new integrations, and external threat activity.
3. Detection & Monitoring Strategy (Third-Party Focus)
Oversee detection strategy for vendor-related abuse cases and SaaS misuse by third parties.
Partner with Detection Engineering and SOAR teams to improve alert quality and reduce false positives.
Ensure cyber third-party risks are covered by alerts and automated playbooks.
4. Incident Response & Playbooks
Own and maintain playbooks for:
Vendor breach response
SaaS abuse by third parties
Exposure of vendor-managed assets
Ensure consistent execution of containment actions, stakeholder notifications, and contractual/regulatory response obligations.
Lead tabletop exercises focused on supply chain and vendor compromise scenarios.
5. Vendor & Stakeholder Engagement
Serve as the primary operational security contact for critical vendors during incidents.
Provide evidence-based assessments of vendor security posture.
Recommend risk treatment actions such as access suspension, integration restrictions, or contract controls.
6. Metrics, Reporting & Continuous Improvement
Define and track KPIs for vendor incident response, detection coverage, and vendor risk trends.
Produce executive-level reporting on vendor-related incidents and emerging supply-chain threats.
Drive maturity improvements in third-party monitoring, automation, and risk correlation.
Required Qualifications:
The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.
Bachelor’s degree and six to eight years of experience in systems engineering or administration or an equivalent combination of education and work experience
Deep specialized and/or broad functional knowledge in applied enterprise information security technologies including but not limited to firewalls, intrusion detection/prevention systems, network operating systems, identity management, database activity monitoring, encryption, content filtering, and Mainframe security
Previous experience in leading complex IT projects.
Preferred Qualifications:
Master’s degree or MBA and seven (7+) years of experience or an equivalent combination of education and work experience in Information Security banking. Strong knowledge on cybersecurity risks, frameworks, best practices, and industry/regulatory requirements. Knowledge and experience in use of cyber security frameworks in assessing programs.
Knowledge or experience delivering Information Security projects.
Knowledge of Cybersecurity Operations - Threat Intelligence, Threat Detection, Security Monitoring, Incident Response.
Knowledge of InfoSec platforms, CrowdStrike, Splunk, SIEM, CyberArk, SailPoint, etc.
CISSP Certification Banking or financial services experience
Other security certifications (e.g., CCNA Security, GSEC, GCED, GPPA, etc.)
Other technical Certifications (e.g., CCNA, RHCE, MCSE, etc.)
General Description of Available Benefits for Eligible Employees of Truist Financial Corporation: All regular teammates (not temporary or contingent workers) working 20 hours or more per week are eligible for benefits, though eligibility for specific benefits may be determined by the division of Truist offering the position. Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates. Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays. For more details on Truist’s generous benefit plans, please visit our Benefits site. Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan. As you advance through the hiring process, you will also learn more about the specific benefits available for any non-temporary position for which you apply, based on full-time or part-time status, position, and division of work.
Truist is an Equal Opportunity Employer that does not discriminate on the basis of race, gender, color, religion, citizenship or national origin, age, sexual orientation, gender identity, disability, veteran status, or other classification protected by law. Truist is a Drug Free Workplace.