Tech & Security Risk Oversight Manager

About the role

Make banking a Fifth Third better® We connect great people to great opportunities. Are you ready to take the next step? Discover a career in banking at Fifth Third Bank. GENERAL FUNCTION: Provide independent oversight and effective challenge of Technology and Information Security risk activities to support safe and sound operations and regulatory compliance. This includes oversight of third-party technology/security risk, M&A security due diligence and integration risk oversight, risk and control self-assessments (RCSAs), and key risk indicator (KRI) design and monitoring. The role is accountable for elevating concerns, documenting outcomes of credible challenge, and following policies, programs, and procedures as defined. ROLE DETAILS: Location: 38 Fountain Square, Cincinnati, Ohio | Work model: On-site. ESSENTIAL DUTIES AND RESPONSIBILITIES: Third-Party Technology & Security Risk Oversight Provide 2LOD oversight and credible challenge of the Third-Party Risk Management (TPRM) program, with a focus on technology and information security risk. Review and challenge third-party technology/security risk assessments, control requirements, and remediation plans; document challenge outcomes and escalate concerns when needed. Partner with stakeholders to improve the quality, consistency, and timeliness of third-party risk decisions, metrics, and reporting. Mergers & Acquisitions (M&A) Security Oversight Provide oversight and challenge of security due diligence activities and the Extended Security Program for M&A. Assess integration and transition risks (e.g., identity and access, data protection, vulnerability management, incident response readiness) and ensure risks and dependencies are tracked through closure. Risk & Control Oversight (RCSA / Control Challenge) Oversee and challenge RCSAs performed by 1LOD/business control teams for Information Security and Information Technology. Provide credible challenge of risk analyses, control selection, and control design/operating effectiveness evidence for topics including Information Security and Information Technology risks, privacy, and other areas that materially affect the Bank's risk profile. Key Risk Indicators (KRIs) & Risk Reporting Challenge the definition, thresholds, and monitoring cadence for technology/security KRIs to ensure risk measurement is comprehensive, accurate, and timely. Translate technology and security risk into clear business terms for senior leaders and governance forums; support periodic risk reporting and emerging risk updates. Standards, Regulatory Alignment, and Continuous Improvement Maintain awareness of applicable regulatory requirements and industry standards related to safeguarding confidentiality, integrity, and availability of information assets (e.g., OCC/Interagency guidance, NIST, ISO, COBIT, ITIL, PCI as applicable). Recommend enhancements to technology and security risk frameworks, assessment methodologies, and oversight routines to improve consistency and regulatory alignment. Complete point-of-view (POV) risk assessments on emerging risks and targeted focus areas as assigned. Stakeholder Partnership, Enablement, and Influence Collaborate with Operational Risk, Compliance (Privacy), Finance, Legal, Information Security, IT, and Business Controls to drive timely execution and improve effectiveness of technology and security risk activities. Provide training and education to the 1st line of defense to support a fully operationalized technology and security risk management program. Enable cross-training and knowledge sharing across the team and stakeholders (influence without direct supervisory authority). SUPERVISORY RESPONSIBILITIES: None MINIMUM KNOWLEDGE & SKILLS REQUIRED: Required Bachelor's degree in computer science, cybersecurity, data science, or related field (or equivalent practical experience). 5+ years of experience leading, executing, and/or governing cyber/information security risk and IT risk assessment programs (or related experience). 5+ years of experience in technology and/or information security risk management; financial services experience (e.g., banking, payments) and regulatory exposure strongly preferred. Experience developing and performing data, security, and/or IT risk assessments, including documentation of conclusions and recommended remediation. Strong understanding of applicable financial services regulations and guidance (e.g., GLBA, Interagency Guidelines Establishing Information Security Standards, OCC/Fed/FFIEC guidance) and related privacy/breach notification obligations. Ability to maintain independence and objectivity in executing oversight, credible challenge, and reporting activities. Strong communication skills with the ability to explain technology and security risk in business terms to senior/executive leaders and cross-functional partners (IT, Information Security, Audit, Compliance/Privacy, Legal). Strong organizational and project management skills; ability to manage multip

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Fifth Third Bank? Share your experience