SOC 2 Cyber Program Lead

Remote eligible.

This position provides cybersecurity risk management and expert support at the highest level of cybersecurity governance and oversight, with primarily responsibility for leading and managing the company's Systems and Organization Controls (SOC) 2 program. The role coordinates across business and technology stakeholders to ensure SOC 2 requirements are understood, implemented, and sustained. Serves as a SOC 2 leader, contributes to broader cyber risk oversight, recommending and monitoring enhancements to processes and procedures, performing analysis, and reporting in support of strategic objectives.

SOC 2 Program Leadership - Leads and manages the bank's SOC 2 readiness and compliance program. Coordinates program activities across business and technology teams, ensuring controls are properly implemented, documented, and maintained in alignment with SOC 2 Trust Services Criteria (TSC). Oversees evidence collection, audit preparedness, and continuous improvement of the SOC 2 program. Servies as the primarily liaison with auditors during readiness and examination activities.

SOC 2 Readiness - Executes assessments and readiness activities to evaluate compliance with SOC 2 requirements. Performs gap analyses, documents control coverage, and monitors remediation efforts. Collects and validates evidence, ensures accuracy and completeness, and prepares the organization for external audits by driving readiness efforts.

Stakeholder Partnership - Partners with control owners, governance teams, and other stakeholders to align on responsibilities, close identified gaps, and monitor remediation progress. Provides guidance and education on SOC 2 requirements, roles, and expectations, ensuring stakeholders understand their role in sustaining compliance.

Risk Identification and Monitoring - Identifies and monitors risks related to SOC 2 control requirements and broader cybersecurity domains. Escalates potential areas of concern, facilitates root cause analysis, and tracks corrective actions to resolution. Maintains awareness of changes in SOC 2 requirement, industry trends, and regulatory expectations, translating them into actionable insights for the bank.

Reporting - Produces reports and dashboards on SOC 2 readiness, testing results, control maturity, and remediation progress. Conveys root cause analysis, patterns, and trends to leadership. Provides transparency into risk exposure, compliance status, and effectiveness of mitigation measures, with emphasis on SOC 2 Trust Services Criteria coverage.

Bachelor's Degree and 6 years of experience in Financial Services, Risk Management, Operational Risk Management, Compliance, Audit, Finance or Accounting OR High School Diploma or GED and 10 years of experience in Financial Services, Risk Management, Operational Risk Management, Compliance, Audit, Finance or Accounting

• Direct experience executing or leading SOC 2 audits and programs, including readiness assessments, gap analysis, evidence collection, and audit preparedness
• Strong knowledge of SOC 2 Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy) and demonstrated ability to apply them in a large, complex organization
• Experience partnering with stakeholders across business and technology to monitor risks, close compliance gaps, and sustain ongoing SOC 2 readiness
• In-depth practical knowledge of internal controls, risk assessments, and operational and cybersecurity processes, with experience implementing regulatory and compliance frameworks
• Broad knowledge and understanding of cybersecurity risks and controls, including IT infrastructure, cloud computing, mobile technologies, and cybersecurity technologies
• Excellent written and oral communication skills, with ability to influence stakeholders and communicate effectively at multiple levels
• CISSP, CISA, CISM, CRISC, CIA, or equivalent certification

Preferred Qualifications

• 7-10 years of experience in risk management or compliance, including leadership of SOC 2, ISO, PCI, or similar frameworks
• 3+ years of experience at a Large Financial Institution or similarly regulated environment
• Familiarity with NIST frameworks (e.g., CSF, SP 800-53) and their application in strengthening cybersecurity programs
• Extensive knowledge and subject matter expertise in managing cybersecurity compliance in financial services, including applicable regulations (SOC 2, NIST, CSA, FFIEC, OCC, FRB, state law, and other regulatory guidance)
• Strong project management and continuous improvement skills

This job posting is expected to remain active for 45 days from the initial posting date listed above. If it is necessary to extend this deadline, the posting will remain active as appropriate. Job postings may come down early due to business need or a high volume of applicants.

The base pay for this position is generally between $113,000 and $190,000. Actual starting base pay will be determined based on skills, experience, location, and other non-discriminatory factors permitted by law. For some roles, total compensation may also include variable incentives, bonuses, benefits, and/or other awards as outlined in the offer of employment.

Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. More information can be found at https://jobs.firstcitizens.com/benefits.