Director, Enterprise Vulnerability Management
Virtual - Ohio, United States
Make banking a Fifth Third better®
We connect great people to great opportunities. Are you ready to take the next step? Discover a career in banking at Fifth Third Bank.
About the Role
The Enterprise Vulnerability Management (EVM) Director is responsible for the long-term strategic direction and leadership of the EVM program. You will focus on developing and executing a 1–5 year roadmap, ensuring program scalability, compliance alignment, and integration with enterprise objectives.
The EVM Director works collaboratively with the EVM Product Owner to ensure tactical execution aligns with the broader strategic vision. You will oversee program-wide initiatives, mentor squad members, and serve as a liaison to senior leadership and external stakeholders.
Key Responsibilities
Strategic Leadership:
- Own and develop the 1–5 year roadmap for the Vulnerability Management program, incorporating industry trends, regulatory requirements, and organizational goals.
- Lead strategic initiatives, including expanding vulnerability and compliance scanning capabilities and overseeing platform migrations.
- Represent the program in discussions with senior leadership, external stakeholders, and regulators.
Collaboration and Alignment:
- Partner with the Product Owner to ensure tactical priorities align with strategic goals.
- Drive alignment across squads (Remediation, Engineering, Application Security) by breaking down silos and fostering collaboration.
Program Oversight:
- Define and monitor key performance indicators (KPIs) for program success, ensuring alignment with organizational priorities.
- Act as the escalation point for challenges that impact cross-squad or program-level objectives.
- Manage the Enterprise Vulnerability Management budget, service providers, and contractors.
Team Leadership:
- Mentor and coach squad leads to foster professional growth and ensure delivery excellence.
- Promote a culture of collaboration, innovation, and accountability across the program.
- Continuously develop an experienced team of information security engineers.
Subject Matter Expertise:
- Operate as subject matter expert in the fields of vulnerability management and application security.
Key Qualifications:
Required:
- Proven experience in strategic leadership roles within Vulnerability Management, Cybersecurity, or Information Security programs.
- Strong background in long-term program planning and execution.
- Familiarity with vulnerability management tools, penetration testing frameworks, and compliance standards (e.g., PCI DSS, NIST, ISO 27001).
- Exceptional communication skills, with a demonstrated ability to collaborate across technical and leadership teams.
- Strong presence and credibility with excellent communication, presentation, and interpersonal skills which are effective and impactful to a range of audiences. Demonstrated ability to communicate complex information in a simplified way and meet fast-paced deadlines.
- Ability to manage complex projects and diverse teams of both direct and indirect reports.
- Experience communicating and removing impediments at both the team level and organizational level, fostering collaboration across organizational boundaries.
- Knowledge of industry standard vulnerability risk scoring practices and experience with applying CWE, CVSS, and OWASP processes and remediation recommendations.
- Familiarity with IT compliance requirements such as PCI and FFIEC guidance.
- Strong technical understanding and experience assessing vulnerabilities and identifying weaknesses in multiple operating system platforms, database, and application servers, for both custom and off-the-shelf applications in both on-prem and cloud environments.
- Ability to lead self-organizing teams and drive change through influence.
- Ability to build a sense of trust and rapport that creates a sustainable and effective workplace.
Preferred:
- Experience leading large-scale initiatives such as platform migrations or regulatory audits.
- Hands-on experience with GRC software such as RSA Archer and ServiceNow.
- Knowledge of DevOps and the CICD pipeline best practices, asset discovery, and asset management systems.
- Certifications such as CISSP, CISM, or equivalent.
Fifth Third Bank, National Association is proud to have an engaged and inclusive culture and to promote and ensure equal employment opportunity in all employment decisions regardless of race, color, gender, national origin, religion, age, disability, sexual orientation, gender identity, military status, veteran status or any other legally protected status.
ApplyJob Profile
Ohio
Benefits/PerksEqual employment opportunity Inclusive culture
Tasks- Collaborate with product owner
- Develop
- Develop 1-5 year roadmap
- Manage budget and service providers
- Mentor team members
- Oversee program initiatives
Application Security Asset management Banking Cloud environments Collaboration Communication Compliance Compliance Standards CVSS CWE Cybersecurity DevOps Engineering Focus Information security IT compliance Leadership Organizational OWASP Penetration Testing Presentation Program Planning Project Management Risk scoring Security Team Leadership Testing Vulnerability Management
Experience5 years
EducationCybersecurity Engineering Equivalent IT
Certifications TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9