Position Overview

At PNC, our people are our greatest differentiator and competitive advantage in the markets we serve. We are all united in delivering the best experience for our customers. We work together each day to foster an inclusive workplace culture where all of our employees feel respected, valued and have an opportunity to contribute to the company’s success. As a Security Manager Sr within PNC’s ET&S organization, you will be based in Pittsburgh, PA. The position is primarily based in a PNC location. Responsibilities require time in the office or in the field on a regular basis. Some responsibilities may be performed remotely, at the manager’s discretion.

The subsidiary CISO will be responsible to partner with subsidiaries to ensure that the expectations of the enterprise are met at the subsidiary level, based on the specific business requirements for that line of business. In this role, the individual will be responsible for:

• Overseeing the execution of a program assessment utilizing a standard framework for security controls (NIST-CSF, NIST 800-53), Financial Services Cyber Risk Profile.

• Partnering with the subsidiary to oversee the review of the assessment, risks, and requirements to close defined gaps.

• Ongoing monitoring and measurement of the subsidiary with a risk scorecard

• Understanding the unique business of each subsidiary and determining control objectives based on the unique needs of that business.

• Partnering with the rest of the Enterprise Information Security leadership team in the implementation of controls and objectives

• Maintaining a services matrix and service quality when services to the subsidiary are provided by the Enterprise Information Security group.

• Providing oversight and governance for new mergers and acquisitions

• Primary Location is Pittsburgh, PA with ability to travel to partner with subsidiary leadership (Linga = Naples, FL, Tempus = Auburn, IN, Harris Williams, Richmond, VA, etc.)

Examples of duties:

• Developing and implementing secure processes and systems used to prevent, detect, mitigate, and recover from cyberattacks.

• Educating and managing technology risk in collaboration with subsidiary business leaders

• Building and driving a cybersecurity strategy and framework, with initiatives to secure the subsidiary organization's cyber and technology assets.

• Continuously evaluating and managing the cyber and technology risk posture of the subsidiary organization.

• Implementing and managing the cyber governance, risk, and compliance (GRC) process.

• Developing, justifying, and evaluating cybersecurity investments.

• Developing and implementing ongoing security awareness training and education for users.

• Policy support: Monitor current and proposed laws, regulations, industry standards and ethical requirements related to information security and privacy, so that CBC can take proactive measures to ensure full compliance to these requirements. Recommend courses of action and policy development to senior management that allow CBC to securely meet its organizational goals.

• Risk Management: Provide guidance and oversight of vulnerability assessments and audits to ascertain the current state of information security and to identify areas of high, medium and low risk to IT management, and to assist in the development of risk mitigation programs to address the risks identified.

• Security Architecture: Create infrastructure security standards to provide guidance to System Architects for implementing secure architectures. Review and provide input to all proposed changes to CBC IT system architectures or proposed services in order to maintain or improve the security posture of the overall infrastructure.

• Provide technical consultation, guidance, and assistance to technical staff, Business Units, and other internal customers to ensure appropriate corporate security is maintained.

• Serve as an active member of the Security Incident Response Team (SIRT) and participate in these efforts by having an in-depth technical knowledge of common security exploits, vulnerabilities, and counter measures.

• Maintain an expert knowledge in the field of Information Security and the related issues, systems, processes, products, and services. Participate in defining corporate strategic direction as it relates to Information Security.

• Amazon Web Services (AWS) experience preferred.

Prior Experience/Background:

• Prior CISO or Security Executive experience.

• Understanding of risk frameworks and measurement.

• Understanding of all Enterprise Information Security (EIS) risk domains so the candidate can partner with EIS leadership.

• Influence/negotiation skills

• Ability to present facts and data in a method to assist the business and drive change forward, as needed.

Job Description

• Manages multiple teams focused on maintaining confidentiality, integrity, and availability of data, systems, and networks.

• Responsible for management and oversight of applicable security technology products for network, systems and data.

• Develops, implements and enhances policies and procedures to improve the operation and effectiveness of the organization.

• Provides technical and professional advice or knowledge regarding various administrative areas of responsibility.

• Oversees and manages administrative staff. Provides professional and personal growth and development to individuals as appropriate.

PNC Employees take pride in our reputation and to continue building upon that we expect our employees to be:

• Customer Focused - Knowledgeable of the values and practices that align customer needs and satisfaction as primary considerations in all business decisions and able to leverage that information in creating customized customer solutions.

• Managing Risk - Assessing and effectively managing all of the risks associated with their business objectives and activities to ensure they adhere to and support PNC's Enterprise Risk Management Framework.

PNC also has fundamental expectations of our people managers. As a manager of talent in PNC, you will be expected to:

• Include Intentionally - Cultivates diverse teams and inclusive workplaces to expand thinking.

• Live the Values - Role models our values with transparency and courage.

• Enable Change - Takes action to drive change and innovation that will transform our business.

• Achieve Results - Takes personal ownership to deliver results. Empowers and trusts others in decision making.

• Develop the Best - Raises the bar with every talent decision and guides the achievement of all employees and customers.

Qualifications

Successful candidates must demonstrate appropriate knowledge, skills, and abilities for a role. Listed below are skills, competencies, work experience, education, and required certifications/licensures needed to be successful in this position.

Preferred Skills

Access Control (AC), Building Architecture, Customer Solutions, Disaster Recovery Planning, Information Security, Network Security, Physical Security, Risk Assessments, Security Technologies

Competencies

Information Assurance, Information Security Audits, Information Security Management, Information Security Technologies, IT Environment, IT Standards, Procedures & Policies, Knowledge of Organization, Planning: Tactical, Strategic

Work Experience

Roles at this level typically require a university / college degree. Higher level education such as a Masters degree, PhD, or certifications is desirable. Industry-relevant experience is typically 8+ years. At least 5 years of prior management experience is typically required. Proven leadership experience with a moderate to large scope of responsibility is required. In lieu of a degree, a comparable combination of education, job specific certification(s), and experience (including military service) may be considered.

Education

Bachelors

Certifications

No Required Certification(s)

Licenses

No Required License(s)

Benefits

PNC offers a comprehensive range of benefits to help meet your needs now and in the future. Depending on your eligibility, options for full-time employees include: medical/prescription drug coverage (with a Health Savings Account feature), dental and vision options; employee and spouse/child life insurance; short and long-term disability protection; 401(k) with PNC match, pension and stock purchase plans; dependent care reimbursement account; back-up child/elder care; adoption, surrogacy, and doula reimbursement; educational assistance, including select programs fully paid; a robust wellness program with financial incentives.

In addition, PNC generally provides the following paid time off, depending on your eligibility*: maternity and/or parental leave; up to 11 paid holidays each year; 8 occasional absence days each year, unless otherwise required by law; between 15 to 25 vacation days each year, depending on career level; and years of service.

To learn more about these and other programs, including benefits for full time and part-time employees, visit pncbenefits.com > New to PNC.

*For more information, please click on the following links:

Time Away from Work (https://www.pncbenefits.com/timeaway.html)

PNC Full-Time Benefits Summary

PNC Part-Time Benefits Summary (https://www.pncbenefits.com/ft-benefits-overview.html)

Disability Accommodations Statement

If an accommodation is required to participate in the application process, please contact us via email at AccommodationRequest@pnc.com . Please include “accommodation request” in the subject line title and be sure to include your name, the job ID, and your preferred method of contact in the body of the email. Emails not related to accommodation requests will not receive responses. Applicants may also call 877-968-7762 and say "Workday" for accommodation assistance. All information provided will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.

At PNC we foster an inclusive and accessible workplace. We provide reasonable accommodations to employment applicants and qualified individuals with a disability who need an accommodation to perform the essential functions of their positions.

Equal Employment Opportunity (EEO)

PNC provides equal employment opportunity to qualified persons regardless of race, color, sex, religion, national origin, age, sexual orientation, gender identity, disability, veteran status, or other categories protected by law.

California Residents

Refer to the California Consumer Privacy Act Privacy Notice (https://content.pncmc.com/live/pnc/aboutus/HR/Onboarding/PNC_CCPA_Privacy_Disclosure_Employee.pdf) to gain understanding of how PNC may use or disclose your personal information in our hiring practices.