Position Overview

At PNC, our people are our greatest differentiator and competitive advantage in the markets we serve. We are all united in delivering the best experience for our customers. We work together each day to foster an inclusive workplace culture where all of our employees feel respected, valued and have an opportunity to contribute to the company’s success.

As a Security Director - BISO within PNC’s Technology organization, you will be based in Pittsburgh, PA as the preferred location, or Strongsville, OH. The position is primarily based in a PNC location. Responsibilities require time in the office or in the field on a regular basis. Some responsibilities may be performed remotely, at the manager’s discretion.

The Business Information Security Officer (BISO) will serve as the primary point of contact between the cybersecurity function and business lines and shared services. Here, the BISO collaboratively works with the business lines and shared services to create alignment with the information security strategy and ensure that information security risk priorities are addressed. In this strategic function, the BISO must also align the security objectives to the business objectives, helping the businesses mitigating potential information security risks that could adversely affect business operations. The BISO plays a vital role in stakeholder engagement, effectively communicating with various internal and external parties to establish and maintain a culture of security awareness.

Responsibilities:

1. Stakeholder Engagement:

• Act as the primary point of contact between the business units and the information security team.

• Advises business leaders on risk issues related to information security and recommends actions in support of the divisions wider risk management and compliance programs.

• Translate business requirements into security solutions and policies.

• Provides guidance and advocacy regarding the prioritization of business investments that impact information security.

• Develop an understanding of business goals and reframe risk discussion in business terms.

• Ensures compliance with policies, regulations and information security tools and services.

• Participate in cybersecurity and business-related committees or working groups as necessary.

2. Risk Management:

• Identify, assess, and prioritize security risks within business units.

• Develop and implement risk mitigation strategies in collaboration with the business units.

• Educate stakeholders on cybersecurity-related matters in an effort to increase awareness and improve culture.

• Inform business partners of the risk implications of critical decision by combining empirical analysis with expert judgment to assess business decisions.

• Challenge business partners’ assumptions about value drivers and present an alternate perspective.

• Reshape business partners’ preconceived notions of success where appropriate.

• Follow all risk remediation protocols to ensure issues are mitigated, risks are accounted for and exceptions are tracked in accordance with frameworks, policies and standards set by the organization.

3. Security Policy Enforcement:

• Ensure that business units adhere to information security policies, standards, and procedures.

• Collaborate with the information security team to update policies and procedures as needed.

4. Security Awareness and Training:

• Promote security awareness and best practices within business units.

5. Project Management:

• Oversee and manage security-related projects within business units.

• Ensure that security considerations are integrated into the project lifecycle from initiation to completion.

6. Metrics and Reporting:

• Develop and maintain security metrics to measure the effectiveness of the delivery of security capabilities into business initiatives.

• Provide regular reports on the security posture of business units to senior management.

Qualifications:

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field. Advanced degree preferred.

• Professional certifications such as CISSP, CISM, CRISC, or similar.

• Minimum of 10-15 years of experience in information security, with at least 3 years in a leadership or management role.

• Strong understanding of information security principles, practices, and frameworks (e.g., NIST, ISO 27001).

• Experience with risk management, incident response, and security compliance.

• Excellent communication and interpersonal skills, with the ability to interact effectively with technical and non-technical stakeholders.

• Strong project management skills, with the ability to manage multiple priorities and deadlines.

• Knowledge of regulatory requirements related to information security and data protection.

Skills:

• Strategic thinking and problem-solving abilities.

• Ability to influence and drive change within an organization.

• Strong analytical skills and attention to detail.

• Proficiency in security tools and technologies.

• Ability to work independently and as part of a team.

• Is a confident, energetic self-starter, with strong communication skills

• Ability to develop a full and deep understanding of the business operations.

• Understanding of how business initiatives create value and risk for organizations.

• Able to effectively analyze risk within the context of business problems.

• Strong ability to convey complex information risk and security issues in a manner that is easily understood and actionable and constructively challenges prevailing thoughts and processes.

• Able to consistently, effectively defend ideas and solutions.

• Adept at improving outcomes through proactive team coaching and development.

• Strong problem-solving and trouble-shooting skills.

• Has the accessibility and ability to interface with, and build creditability and relationships with all stakeholders.

Job Description

• Leads the enterprise-wide investigative team in matters of alleged violations of laws and or regulations concerning criminal matters, associated with fraud, computer crimes, intellectual property and other security issues.

• Directs and creates enterprise vision, strategy, policy and process for investigations of suspected criminal activities.

• Leads the collaboration with internal and external partners that may include local, state or federal law enforcement agencies in order to achieve maximum results.

• Balances customer experience with the need to investigate suspected financial crimes across the enterprise by acting as a senior business partner liaison for fraud vision and strategy. .

• Oversees the development of analytical tools to manage common points of compromise testing, valuation and usage identification. Directs the definition of business requirements for new fraud prevention tools and data sources

PNC Employees take pride in our reputation and to continue building upon that we expect our employees to be:

• Customer Focused - Knowledgeable of the values and practices that align customer needs and satisfaction as primary considerations in all business decisions and able to leverage that information in creating customized customer solutions.

• Managing Risk - Assessing and effectively managing all of the risks associated with their business objectives and activities to ensure they adhere to and support PNC's Enterprise Risk Management Framework.

PNC also has fundamental expectations of our people managers. As a manager of talent in PNC, you will be expected to:

• Include Intentionally - Cultivates diverse teams and inclusive workplaces to expand thinking.

• Live the Values - Role models our values with transparency and courage.

• Enable Change - Takes action to drive change and innovation that will transform our business.

• Achieve Results - Takes personal ownership to deliver results. Empowers and trusts others in decision making.

• Develop the Best - Raises the bar with every talent decision and guides the achievement of all employees and customers.

Qualifications

Successful candidates must demonstrate appropriate knowledge, skills, and abilities for a role. Listed below are skills, competencies, work experience, education, and required certifications/licensures needed to be successful in this position.

Preferred Skills

Access Control (AC), Building Architecture, Customer Solutions, Disaster Recovery Planning, Information Security, Network Security, Physical Security, Risk Assessments, Security Technologies

Competencies

Analytical Thinking, Consulting, Emerging Technologies, Fraud Detection and Prevention, Operational Risk, Regulatory Environment - Financial Services

Work Experience

Roles at this level typically require a university / college degree and higher level education such as a Masters degree, PhD, or certifications. Industry -relevant experience is typically 8+ years. At least 5 years of prior management experience is typically required. Proven leadership experience with a large scope of responsibility is required. In lieu of a degree, a comparable combination of education, job specific certification(s), and experience (including military service) may be considered.

Education

Bachelors

Certifications

No Required Certification(s)

Licenses

No Required License(s)

Benefits

PNC offers a comprehensive range of benefits to help meet your needs now and in the future. Depending on your eligibility, options for full-time employees include: medical/prescription drug coverage (with a Health Savings Account feature), dental and vision options; employee and spouse/child life insurance; short and long-term disability protection; 401(k) with PNC match, pension and stock purchase plans; dependent care reimbursement account; back-up child/elder care; adoption, surrogacy, and doula reimbursement; educational assistance, including select programs fully paid; a robust wellness program with financial incentives.

In addition, PNC generally provides the following paid time off, depending on your eligibility*: maternity and/or parental leave; up to 11 paid holidays each year; 8 occasional absence days each year, unless otherwise required by law; between 15 to 25 vacation days each year, depending on career level; and years of service.

To learn more about these and other programs, including benefits for full time and part-time employees, visit pncbenefits.com > New to PNC.

*For more information, please click on the following links:

Time Away from Work (https://www.pncbenefits.com/timeaway.html)

PNC Full-Time Benefits Summary

PNC Part-Time Benefits Summary (https://www.pncbenefits.com/ft-benefits-overview.html)

Disability Accommodations Statement

If an accommodation is required to participate in the application process, please contact us via email at AccommodationRequest@pnc.com . Please include “accommodation request” in the subject line title and be sure to include your name, the job ID, and your preferred method of contact in the body of the email. Emails not related to accommodation requests will not receive responses. Applicants may also call 877-968-7762 and say "Workday" for accommodation assistance. All information provided will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.

At PNC we foster an inclusive and accessible workplace. We provide reasonable accommodations to employment applicants and qualified individuals with a disability who need an accommodation to perform the essential functions of their positions.

Equal Employment Opportunity (EEO)

PNC provides equal employment opportunity to qualified persons regardless of race, color, sex, religion, national origin, age, sexual orientation, gender identity, disability, veteran status, or other categories protected by law.

California Residents

Refer to the California Consumer Privacy Act Privacy Notice (https://content.pncmc.com/live/pnc/aboutus/HR/Onboarding/PNC_CCPA_Privacy_Disclosure_Employee.pdf) to gain understanding of how PNC may use or disclose your personal information in our hiring practices.