Make banking a Fifth Third better®

We connect great people to great opportunities. Are you ready to take the next step? Discover a career in banking at Fifth Third Bank.

GENERAL FUNCTION: Integral member of the Technology, Security, and Data Risk Oversight team, working to oversee the execution of the bank’s risk management programs to ensure that risk is managed within tolerance. This role will be responsible for providing primary risk oversight of the bank’s Enterprise Data Management Program as well as providing risk oversight support for Technology and Information Security risk programs. Will collaborate with a broad set of internal stakeholders across the Bank to oversee the execution of data, security, and technology risk management programs to ensure risks are identified, assessed, managed, monitored, and reported. Responsible and accountable for risk by openly exchanging ideas and opinions, elevating concerns, and personally following policies, programs, and procedures as defined.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

• Oversee and challenge the design and execution of the Enterprise Data Management Policy, Program, and Standard.

• Oversee and challenge the execution of risk and control self-assessments performed by the front-line business controls teams related to the Enterprise Data Management Program.

• Oversee and challenge the establishment and execution of Key Risk Indicators for the Enterprise Data Program to ensure risk measurement is comprehensive, accurate, and timely.

• Serves as the primary risk oversight partner in the Data Analytics Council and other related risk committees and councils.

• Aggregates and publishes data risk information as part of the quarterly risk governance program execution.

• Provides risk oversight support for the Bank’s Information Security and Information Technology Program.

• Provides leadership through cross-training and upskilling of team and stakeholders

• Keep up-to-date on the industry standards, best-practices, and regulatory requirements and guidelines related to safeguarding the confidentiality, integrity and availability of the Bank's information assets; This includes data management requirements established by the Office of the Comptroller (OCC), as well as technology and security frameworks such as NIST 800-53, ITIL, and COBIT.

• Informs management on required enhancements to the Bank's cyber security, technology, and information risk frameworks and assessment methodologies to ensure its alignment with the industry best practice and regulatory compliance requirements.

• Provide training and education to the 1st line of defense in support of a fully operationalized enterprise data, technology, and security risk management programs.

• Collaborate with leaders and team members of Operational Risk, Enterprise Data, Compliance (Privacy), Finance, Legal, Information Security, IT, BISOs and Business Control Directors to ensure execution and improve effectiveness of enterprise data, technology, and security risk management activities.

• Provide credible challenge of 1st line-of-defense risk analysis processes and control selection for cyber security, technology, information risk, incident and event management, lifecycle management, change management and privacy topics (those support areas that materially affect the institution's risk profile).

• Be a team player in driving the maturity of the Bank's information risk and control assessment and monitoring practice.

• Effectively communicate data, security and technology risk in business terms.

• Completes Point-of-View risk assessments on emerging risks or other focus areas related to data management, cyber security, and/or IT risk as assigned.

SUPERVISORY RESPONSIBILITIES: None

MINIMUM KNOWLEDGE & SKILLS REQUIRED:

• Bachelor's degree in computer science, cybersecurity, data science or commensurate work experience; advanced degree in Information Technology/Cyber Security/Data Science focus preferred.

• Minimum 5 years experience leading, executing, and governing data risk, cyber/information security risk and IT risk assessment programs or related experience.

• Minimum 5 years experience in managing data risk, information security or technology risk, experience in banking, law, payment processing, and/or financial services regulatory compliance.

• Relevant professional certifications, including but not limited to: Certified Data Management Professional (CDMP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP), or equivalent, are strongly desired.

• Strong working knowledge of relevant assessment frameworks and/or standards (e.g., Data Management Capability Assessment Model (DCAM), NIST Cyber security Framework [CSF], NIST Risk Management Framework [RMF}, NIST SP 800-53 Revision 4, FFIEC Cyber security Assessment Tool [CAT], ISO27000-series,COBIT,COSO, PCI, Shared Assessment, etc.), is preferred.

• Strong understanding of financial services regulations including GLBA, Fed, OCC, and Interagency Guidelines Establishing Information Security Standards, and other state/federal confidentiality, privacy, and breach notification laws.

• Ability to communicate effectively with senior/executive management, business leaders, IT, Information Security, Audit, Compliance (Privacy), and attorneys within the organization.

• Ability to maintain independence and objectivity in execution of oversight and reporting activities

• Experience developing and performing data, security, and/or IT risk assessments.

• Strong organizational, project management and multi-tasking skills with a successful track record of managing to expectations, delivering results, and meeting milestones and deadlines.

• Ability to understand complex issues, develop meaningful analyses, and assist in the overall remediation.

• Proactive individual with a "can do" attitude, self-starter, and a demonstrated track record of success.

• Demonstrate curiosity and initiative to learn, develop skills, seek feedback, and improve existing processes and reporting.

#LI-GM1

Technology, Data, & Security Risk Oversight Manager

LOCATION -- Cincinnati, Ohio 45202

Fifth Third Bank, National Association is proud to have an engaged and inclusive culture and to promote and ensure equal employment opportunity in all employment decisions regardless of race, color, gender, national origin, religion, age, disability, sexual orientation, gender identity, military status, veteran status or any other legally protected status.