Industry: Information Technology - Project And Product Manager
Type: Full Time
Make banking a Fifth Third better?
We connect great people to great opportunities. Are you ready to take the next step? Discover a career in banking at Fifth Third Bank.
GENERAL FUNCTION: Integral member of the Enterprise Risk Management Information Technology/Cyber Security Risk Management team, working to continue developing and maintaining bank policy and standards in accordance with the Bank's Enterprise Risk Management Management pertaining to information technology risk management, along with facilitating its implementation across disciplines. Ultimately, helps to maximize the Bank's processes to manage technology risk effectively. Will collaborate with abroad set of internal stakeholders across the Bank in achieving the right business outcomes in managing cyber security, technology, and information risk; will act as a risk expert in support of strategic initiatives; and, will help to perform advanced risk analysis of 1st line business, IT and Information Security risk assessments as needed.
Responsible and accountable for risk by openly exchanging ideas and opinions, elevating concerns, and personally following policies and procedures as defined. Accountable for always doing the right thing for customers and colleagues, and ensures that actions and behaviors drive a positive customer experience. While operating within the Bank's risk appetite, achieves results by consistently identifying, assessing, managing, monitoring, and reporting risks of all types.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
* Work in a collaborative fashion to develop and/or enhance existing tools necessary for performing application and system-level cyber security risk assessments. * Keep up-to-date on the industry standards, best-practices, and regulatory requirements and guidelines related to safeguarding the confidentiality, integrity and availability of the Bank's sensitive information; includes GLBA/FACT Act Interagency Guidelines Establishing Information Security Standards (Security Guidelines), PCI, HIPAA/HITECH, FFIEC, Fed, and other related state/federal cyber/information security regulations. * Inform management on required enhancements to the Bank's cyber security, technology, and information risk frameworks and assessment methodologies to ensure its alignment with the industry best practice and regulatory compliance requirements. * Provide training and education to the 1st line of defense in support of a fully operationalized enterprise cyber security risk management framework. * Analyze results from 3rd party self-assessments includin tactical assessments of control effectiveness; identify gaps and weaknesses, and work to ensure processes and controls are enhanced appropriately in accordance with the risk management lifecycle. * Collaborate with leaders and team members of Operational Risk, Compliance (Privacy), Finance, Legal, Information Security, IT, BISOs and Business Control Directors to ensure execution and improve effectiveness of enterprise cyber security risk management activities. * Capture key technology metrics (to include analysis of risk exposure and consequences including breaches to risk appetite) from the 1st line, necessary to evaluate, monitor, and respond to key enterprise risks associated with cyber security and information risk, for the purposes of executive management/board level reporting. * Provide credible challenge of 1st line-of-defense risk analysis processes and control selection for cyber security, technology, information risk, incident and event management, lifecycle management, change management and privacy topics (those support areas that materially affect the institution's risk profile). * Be a team player in driving the maturity of the Bank's information risk and control assessment and monitoring practice. * Monitor and verify compliance with enterprise level policy, risk framework and assessment methodology. * Provide management with input on emerging issues, necessary changes to risk appetite, and changing regulatory and risk scenarios (e.g., IT lifecycle management, Software Development Lifecycle, IT Service Management) * Contribute constructively to the overall mission, management, and culture of the Risk Group and the Bank and actively support the Bank's diversity agenda. * Effectively communicate information security and cyber risk in business terms. * Represent Fifth Third Bank in industry working groups related information technology and cyber security (e.g., FS-ISAC, ABA, etc.)
SUPERVISORY RESPONSIBILITIES: None.
MINIMUM KNOWLEDGE, SKILLS AND ABILITIES REQUIRED:
* Bachelor's degree or commensurate work experience; advanced degree in Information Technology/Cyber Security focus preferred. * Extensive knowledge of ITIL, NIST Risk Management Framework (RMF) and/or COBIT processes and frameworks * Minimum 5 years experience leading, executing, and governing cyber/information security risk and IT assessment programs or related experience. * Minimum 5 years experience in managing information security risk, experience in banking, law, payment processing, and/or financial services regulatory compliance. * Relevant professional certifications, including but not limited to: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control(CRISC), Certified Information Systems Security Professional (CISSP), or equivalent, are strongly desired. * Working knowledge of relevant assessment frameworks and/or standards (e.g., NIST Cyber security Framework [CSF}, NIST SP 800-53 Revision 4, FFIEC Cyber security Assessment Tool [CAT], ISO27000-series ,COSO, PCI, Shared Assessment, etc.), is preferred. * Strong understanding of financial services regulations including GLBA, Fed, OCC, and Interagency Guidelines Establishing Information Security Standards, and other state/federal confidentiality, privacy, and breach notification laws. * Ability to communicate effectively with senior/executive management, business leaders, IT, Information Security, Audit, Compliance (Privacy), and attorneys within the organization. * Experience developing and performing security control risk assessments, leading and facilitating incident response and resiliency team efforts. * Strong organizational, project management and multi-tasking skills with a successful track record of managing to expectations, delivering results, and meeting milestones and deadlines.
* Normal office environment with little exposure to dust, noise, temperature and the like. * Extended viewing of a CRT screen.
ERM IT Risk & Control Assessment Manager,
LOCATION -- Cincinnati, Ohio 45202
Fifth Third Bank, National Association is proud to have an engaged and inclusive culture and to promote and ensure equal employment opportunity in all employment decisions regardless of race, color, gender, national origin, religion, age, disability, sexual orientation, gender identity, military status, veteran status or any other legally protected status.