Cyber Governance, Risk, and Compliance Manager

Thank you for your interest in a career at Regions. At Regions, we believe associates deserve more than just a job. We believe in offering performance-driven individuals a place where they can build a career --- a place to expect more opportunities. If you are focused on results, dedicated to quality, strength and integrity, and possess the drive to succeed, then we are your employer of choice.

Regions is dedicated to taking appropriate steps to safeguard and protect private and personally identifiable information you submit. The information that you submit will be collected and reviewed by associates, consultants, and vendors of Regions in order to evaluate your qualifications and experience for job opportunities and will not be used for marketing purposes, sold, or shared outside of Regions unless required by law. Such information will be stored in accordance with regulatory requirements and in conjunction with Regions’ Retention Schedule for a minimum of three years. You may review, modify, or update your information by visiting and logging into the careers section of the system.

Job Description:

At Regions, the Cyber Security Group Manager is responsible for leading a diverse team of managers, engineers and analysts charged with the daily operations of enforcing, monitoring, and managing cyber security controls to protect the assets of the bank, customers, and associates. This role monitors the domains of security controls including, but not limited to, malware defense, network security, Internet security, security analytics, threat intelligence and defense, cybercrime, data protection, vulnerability management, and customer authentication. This position develops and manages strategic relationships with senior leaders across the enterprise to incorporate cyber security tools and resources into business operations.

Primary Responsibilities

• Creates strategy influencing business methods and integrated security restrictions, weighing complex requirements from the business with industry best practices for security
• Develops an enterprise strategy for Cyber Security while ensuring scalability and automation across lifecycle - will include strategies for role-based access control and lifecycle management
• Takes overall responsibility for architecture, planning and delivery of enterprise-level Cyber Security programs
• Works across teams to document and share Cyber Security best practices for on premise and cloud-based solutions for employees, contractors, and vendors
• Leads the use of Cyber Security tools (people, process, technology) for the optimization of SOX compliance efforts
• Ensures overall IT strategy and architecture plans and standards are translated into Cyber Security service programs, methods, and technologies as they align with leading Cyber Security practices
• Leads application development Cyber Security strategy for both internal service to service as well as end consumer to application authentication and authorization using modern techniques
• Manages, coaches, leads, and develops a staff of Cyber Security personnel
• Partners with other business functions on all aspects of Cyber Security strategy and requirements
• Thinks analytically, and able to understand and report metrics that matter (quantifiable and actionable) then translates into slides executive level audiences with limited technical knowledge can understand
• Develops and retains a high performing team – drive deep technical ability across the entire Cyber Security team
• Prioritizes and meets deadlines, goals, and objectives
• Partners across Technology, Operations, Digital, and Data (TODD) to ensure controls are designed, implemented, and monitored to strengthen risk management, compliance, and cyber security, effectively mitigating risk to levels within the company’s risk appetite 
• Ensures disciplined change management by evaluating risk and control impacts when designing or implementing changes to processes, systems, products, and/or services 

This position is exempt from timekeeping requirements from timekeeping requirements under the Fair Labor Standards Act and is not eligible for overtime pay.

This position is incentive eligible.

Requirements

• Bachelor's degree in Computer Science, Management Information Systems, or related technology or business area and fifteen (15) years of related experience
• Or High School Diploma or GED and nineteen (19) years of related experience
• Leadership and management experience

Preferences

• Experience developing role-based access control strategy (including SoD and PAM) and production implementation
• Experience with Identity Governance Solutions (Azure AD, Okta)
• Experience with Privileged Access Management Solutions (CyberArk)
• Experience and strong knowledge access lifecycle management
• Experience and strong knowledge of SSO solutions (Okta, Azure, etc.)
• Experience with Cloud IAM (AWS, Azure, etc.)
• Excellent verbal and written skills and be comfortable presenting ideas and issues to different levels within and outside of the organization, to include executive leadership, customers, auditors, etc.

Skills and Competencies

• Ability to work under pressure and meet deadlines
• Ability to think strategically, prioritize tasks, and make sound decisions in a fast-paced environment
• Advanced level in Microsoft Office (Excel, Word, PowerPoint, Outlook, etc.)
• Demonstrated leadership capabilities
• Excellent communication, interpersonal, and leadership skills
• Strong technical knowledge of information security principles, technologies, and best practices
• Understanding of and ability to interpret applicable rules, regulations, and industry guidance 

Preferred Qualifications:

• Experience managing and maintaining enterprise cybersecurity policy, program, standards, and guidelines libraries, including periodic updates and lifecycle governance
• Demonstrated ability to align cybersecurity documentation with regulatory expectations and industry frameworks
• Proven experience overseeing cybersecurity control libraries, including updates, maintenance, and reporting
• Experience developing and tracking performance metrics such as OKRs, KRIs, and KPIs to measure control effectiveness and program maturity
• Experience managing issue tracking and reporting processes for cybersecurity-owned standards and enterprise-wide findings
• Ability to drive remediation efforts and provide transparent reporting to stakeholders and leadership
• Experience supporting cybersecurity aspects of vendor contracts, including NDAs and MSAs
• Demonstrated ability to perform vendor due diligence, contract reviews, and ensure compliance with offshore security requirements (e.g., secure room controls)
• Experience with continuous vendor monitoring tools (e.g., RiskRecon)
• Ability to coordinate and lead annual vendor reviews focused on cybersecurity program maturity
• Experience supporting or managing HIPAA compliance programs
• Experience contributing to or leading cybersecurity data governance initiatives, access management, cloud security, GenAI, security engineering, including data classification, protection standards, and oversight processes
• Proven experience understanding and managing operational security functions and technologies inclusive of automation for continuous control assessments leveraging GenAI capabilities to drive governance efficiencies  
• Experience operating within large, highly regulated environments, with an emphasis on audit readiness, regulatory compliance, and enterprise-scale risk management

This position is intended to be onsite, now or in the near future. Associates will have regular work hours, including full days in the office three or more days a week.  The manager will set the work schedule for this position, including in-office expectations.  Regions will not provide relocation assistance for this position, and relocation would be at your expense. The locations available for this role are Birmingham, AL, Atlanta, GA, Nashville, TN, or Charlotte, NC.

Regions will not sponsor applicants for work visas for this position at this time. Applicants for this position must currently be authorized to work in the United States on a full-time basis.

Position Type

Full time

Compensation Details

Pay ranges are job specific and are provided as a point-of-market reference for compensation decisions. Other factors which directly impact pay for individual associates include: experience, skills, knowledge, contribution, job location and, most importantly, performance in the job role. As these factors vary by individuals, pay will also vary among individual associates within the same job.

The target information listed below is based on the Metropolitan Statistical Area Market Range for where the position is located and level of the position.

Job Range Target:

Minimum:

$207,953.35 USD

Median:

$298,600.00 USD

Incentive Pay Plans:

This role is eligible to participate in the annual discretionary incentive plan. Employees are eligible to receive a discretionary award based on individual, business, and/or company performance.Opportunity to participate in the Long Term Incentive Plan.

Benefits Information

Regions offers a benefits package that is flexible, comprehensive and recognizes that "one size does not fit all" for benefits-eligible associates. Listed below is a synopsis of the benefits offered by Regions for informational purposes, which is not intended to be a complete summary of plan terms and conditions.

• Paid Vacation/Sick Time

• 401K with Company Match

• Medical, Dental and Vision Benefits

• Disability Benefits

• Health Savings Account

• Flexible Spending Account

• Life Insurance

• Parental Leave

• Employee Assistance Program

• Associate Volunteer Program

Please note, benefits and plans may be changed, amended, or terminated with respect to all or any class of associate at any time. To learn more about Regions’ benefits, please click or copy the link below to your browser.

https://www.regions.com/about-regions/welcome-portal/benefits

Location Details

Riverchase Operations Center

Location:

Hoover, Alabama

Equal Opportunity Employer/including Disabled/Veterans

Job applications at Regions are accepted electronically through our career site for a minimum of five business days from the date of posting. Job postings for higher-volume positions may remain active for longer than the minimum period due to business need and may be closed at any time thereafter at the discretion of the company.