Make banking a Fifth Third better®
We connect great people to great opportunities. Are you ready to take the next step? Discover a career in banking at Fifth Third Bank.
GENERAL FUNCTION: Provide independent oversight and effective challenge of Technology and Information Security risk activities to support safe and sound operations and regulatory compliance. This includes oversight of third-party technology/security risk, M&A security due diligence and integration risk oversight, risk and control self-assessments (RCSAs), and key risk indicator (KRI) design and monitoring. The role is accountable for elevating concerns, documenting outcomes of credible challenge, and following policies, programs, and procedures as defined.
ROLE DETAILS: Location: 38 Fountain Square, Cincinnati, Ohio | Work model: On-site.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
- Third-Party Technology & Security Risk Oversight
- Provide 2LOD oversight and credible challenge of the Third-Party Risk Management (TPRM) program, with a focus on technology and information security risk.
- Review and challenge third-party technology/security risk assessments, control requirements, and remediation plans; document challenge outcomes and escalate concerns when needed.
- Partner with stakeholders to improve the quality, consistency, and timeliness of third-party risk decisions, metrics, and reporting.
- Mergers & Acquisitions (M&A) Security Oversight
- Provide oversight and challenge of security due diligence activities and the Extended Security Program for M&A.
- Assess integration and transition risks (e.g., identity and access, data protection, vulnerability management, incident response readiness) and ensure risks and dependencies are tracked through closure.
- Risk & Control Oversight (RCSA / Control Challenge)
- Oversee and challenge RCSAs performed by 1LOD/business control teams for Information Security and Information Technology.
- Provide credible challenge of risk analyses, control selection, and control design/operating effectiveness evidence for topics including Information Security and Information Technology risks, privacy, and other areas that materially affect the Bank’s risk profile.
- Key Risk Indicators (KRIs) & Risk Reporting
- Challenge the definition, thresholds, and monitoring cadence for technology/security KRIs to ensure risk measurement is comprehensive, accurate, and timely.
- Translate technology and security risk into clear business terms for senior leaders and governance forums; support periodic risk reporting and emerging risk updates.
- Standards, Regulatory Alignment, and Continuous Improvement
- Maintain awareness of applicable regulatory requirements and industry standards related to safeguarding confidentiality, integrity, and availability of information assets (e.g., OCC/Interagency guidance, NIST, ISO, COBIT, ITIL, PCI as applicable).
- Recommend enhancements to technology and security risk frameworks, assessment methodologies, and oversight routines to improve consistency and regulatory alignment.
- Complete point-of-view (POV) risk assessments on emerging risks and targeted focus areas as assigned.
- Stakeholder Partnership, Enablement, and Influence
- Collaborate with Operational Risk, Compliance (Privacy), Finance, Legal, Information Security, IT, and Business Controls to drive timely execution and improve effectiveness of technology and security risk activities.
- Provide training and education to the 1st line of defense to support a fully operationalized technology and security risk management program.
- Enable cross-training and knowledge sharing across the team and stakeholders (influence without direct supervisory authority).
SUPERVISORY RESPONSIBILITIES: None
MINIMUM KNOWLEDGE & SKILLS REQUIRED:
- Required
- Bachelor’s degree in computer science, cybersecurity, data science, or related field (or equivalent practical experience).
- 5+ years of experience leading, executing, and/or governing cyber/information security risk and IT risk assessment programs (or related experience).
- 5+ years of experience in technology and/or information security risk management; financial services experience (e.g., banking, payments) and regulatory exposure strongly preferred.
- Experience developing and performing data, security, and/or IT risk assessments, including documentation of conclusions and recommended remediation.
- Strong understanding of applicable financial services regulations and guidance (e.g., GLBA, Interagency Guidelines Establishing Information Security Standards, OCC/Fed/FFIEC guidance) and related privacy/breach notification obligations.
- Ability to maintain independence and objectivity in executing oversight, credible challenge, and reporting activities.
- Strong communication skills with the ability to explain technology and security risk in business terms to senior/executive leaders and cross-functional partners (IT, Information Security, Audit, Compliance/Privacy, Legal).
- Strong organizational and project management skills; ability to manage multiple priorities, deliver results, and meet milestones and deadlines.
- Demonstrated analytical capability to understand complex issues, develop meaningful analyses, and support remediation to closure.
- Demonstrated ability to work independently, prioritize effectively, and drive continuous improvement through feedback and learning.
- Preferred
- Advanced degree in Information Technology, Cybersecurity, Data Science, or related area.
- Relevant professional certifications (e.g., CISA, CISM, CRISC, CISSP) or equivalent.
- Working knowledge of relevant frameworks/standards (e.g., NIST CSF, NIST RMF, NIST SP 800-53, FFIEC IT Handbook, ISO 27000-series, COBIT, COSO, PCI).
- Experience providing oversight/credible challenge of TPRM, RCSA programs, and KRI design/monitoring in a regulated environment.
- #LI-GM1
Tech & Security Risk Oversight Manager
At Fifth Third, we understand the importance of recognizing our employees for the role they play in improving the lives of our customers, communities and each other. Our Total Rewards include comprehensive benefits and differentiated compensation offerings to give each employee the opportunity to be their best every day.
The base salary for this position is reflective of the range of salary levels for all roles within this pay grade across the U.S. Individual salaries within this range will vary based on factors such as role, relevant skillset, relevant experience, education and geographic location. In addition to the base salary, this role is eligible to participate in an incentive compensation plan, with any such payment based upon company, line of business and/or individual performance.
Our extensive benefits programs are designed to support the individual needs of our employees and their families, encompassing physical, financial, emotional and social well-being. You can learn more about those programs on our 53.com Careers page at: https://www.53.com/content/fifth-third/en/careers/benefits.html or by consulting with your talent acquisition partner.
LOCATION -- Cincinnati, Ohio 45202
Attention search firms and staffing agencies: do not submit unsolicited resumes for this posting. Fifth Third does not accept resumes from any agency that does not have an active agreement with Fifth Third. Any unsolicited resumes – no matter how they are submitted – will be considered the property of Fifth Third and Fifth Third will not be responsible for any associated fee.
Fifth Third Bank, National Association is proud to have an engaged and inclusive culture and to promote and ensure equal employment opportunity in all employment decisions regardless of race, color, gender, national origin, religion, age, disability, sexual orientation, gender identity, military status, veteran status or any other legally protected status.