Security Risk Manager Jobs in Detroit, MI (NOW HIRING)

Job Summary:
Fifth Third Bank is a financial institution dedicated to improving the lives of its customers and communities. The Director, Product Security will lead the design and implementation of the Secure Software Development Lifecycle and Product Security program, ensuring security practices are embedded across application and platform development processes.
Responsibilities:
• Leading a small team of product security specialists
• Driving cross-functional alignment across Engineering, Architecture, and Security
• Ensuring consistent application of security controls at scale
• Providing a clear, auditable view of application security risk and control effectiveness
• Drive implementation of a world class enterprise Product Security and Secure SDLC control framework within the existing IT Target Operating Model.
• Develop and track Product Security KPIs/KRIs, including control adoption, coverage, and risk trends
• Ensure alignment of security controls across Application, API, Data, and Platform Security teams
• Partner with Enterprise Architecture to operationalize a scalable threat modeling practice
• Oversee execution of threat modeling and design security reviews for high-risk applications and APIs
• Promote adoption of secure design patterns and reference architectures
• Integrate security signals from AppSec, API Security, and EVM to produce holistic application risk views
• Identify systemic vulnerabilities and repeat risk patterns across the application portfolio
• Drive risk-based prioritization by providing inputs into Agile backlogs and delivery planning
• Define product incident response process into existing Bank incident response processes.
• Facilitate collaboration across Application Security, API Security, Data Security, Platform Security, EVM, First Line Business Controls and the Chief Software Engineering organization.
• Remove organizational impediments that limit adoption of secure development practices
• Challenge existing processes and identify opportunities for efficiency, consistency, and scalability improvements
• Provide audit-ready evidence of secure SDLC control effectiveness
• Align Product Security practices with regulatory expectations (e.g., GLBA, FFIEC, PCI)
• Ensure risk is identified, assessed, monitored, and reported appropriately
• Evaluate and improve Product Security processes to increase effectiveness and reduce friction
• Drive adoption of automation, reusable patterns, and scalable security practices
• Act as a leader of the Product Security craft, defining future direction and best practices
• Directly a small team of specialized Product Security professionals.
• Provide coaching, performance management, and career development for direct reports
• Foster a culture of continuous learning, collaboration, and accountability for security outcomes
• Lead through player-coach engagement, contributing directly to program execution while guiding team direction
• Influence and mentor engineers and security practitioners across multiple teams without direct authority
• Support hiring, development, and capability growth as the Product Security function matures.
Qualifications:
Required:
• Typically, will have at least 6-10 years of combined people leadership and hands-on experience in their particular craft.
• Bachelor’s or advanced degree in Computer Science/Information Systems or equivalent combination of education and experiences.
• Deep understanding of secure SDLC practices, application security, and threat modeling methodologies.
• Knowledge of modern application architectures (cloud-native, APIs, microservices, containers).
• Familiarity with vulnerability management processes and enterprise remediation practices.
• Understanding of regulatory expectations for security controls and audit evidence in financial services.
• Knowledge of enterprise architecture frameworks and secure design principles.
• Ability to operate effectively as a player-coach, balancing leadership and hands-on execution.
• Strong ability to influence across organizational boundaries without direct authority.
• Proven ability to translate technical vulnerabilities into business risk and engineering priorities.
• Strong analytical skills to identify systemic issues across large application portfolios.
• Ability to drive risk-based prioritization within Agile delivery models.
• Excellent communication, presentation, and interpersonal skills to engage both technical and executive audiences.
• Demonstrated ability to communicate complex information in a simplified way and meet fast paced deadlines.
• Critical Thinking and creative problem solving.
• Ability to establish credibility as a technical and strategic leader across multiple domains.
• Ability to balance security rigor with delivery speed, minimizing friction.
• Capability to remove organizational impediments and enable cross-team collaboration.
• Ability to scale security practices across a large, complex enterprise environment.
• Demonstrated ability to build trust and create a safe, collaborative, and effective working environment.
Company:
Fifth Third Bancorp is a financial services company that specializes in small business, retail banking, and investments. It is a sub-organization of Fifth Third Bank. Founded in 1858, the company is headquartered in Cincinnati, USA, with a team of 10001+ employees. The company is currently Late Stage.