Make banking a Fifth Third better® We connect great people to great opportunities. Are you ready to take the next step? Discover a career in banking at Fifth Third Bank. GENERAL FUNCTION The Principal Governance Analyst – Application Security is responsible for leading governance, policy, and control oversight for cloud, container, orchestration, and AI/ML security across the Bank. This advanced professional role provides authoritative guidance on security controls, documentation quality, regulatory alignment, and structured governance processes. The role partners closely with engineering, architecture, risk, compliance, and audit stakeholders to ensure defensible, consistent, and scalable governance practices for modern technology platforms. SUPERVISORY RESPONSIBILITIES: None ESSENTIAL DUTIES AND RESPONSIBILITIES: - Lead the governance framework for cloud, container, orchestration, and AI security by ensuring that risks, controls, and processes are aligned with regulatory expectations, audit requirements, and internal control frameworks. Produce clear, complete, and defensible documentation that provides a repeatable record of risks, controls, and processes and ensures the Bank maintains audit‑ready materials that withstand regulatory scrutiny. - Drive the development, simplification, and consolidation of policies and standards across cloud, containerization, virtualization, orchestration, and AI/ML platforms. Ensure these requirements are clear, enforceable, and aligned to real engineering workflows so they can be implemented consistently and effectively. - Act as the authoritative reviewer for third‑party governance responses, assessing non‑conforming items, identifying meaningful risk, and partnering with SMEs and control owners to determine appropriate actions. - Execute structured governance review cycles with engineering leaders for security tooling, guardrails, and platform standards; manage socialization, feedback, and alignment processes. - Represent Information Security in Bank‑wide and cross‑functional working groups, providing a strong point of view on secure‑by‑design principles and surfacing platform‑level risks early. - Improve governance workflows for scale and consistency by supporting and refining ad hoc review and approval processes. Ensure workflows support growth, resiliency, and engineer-friendly execution. - Other duties as required. MINIMUM KNOWLEDGE, SKILLS, AND ABILITIES REQUIRED: Required: - Strong understanding of cloud security (e.g., AWS), container security, and container orchestration (Kubernetes preferred). - Working knowledge of AI/ML security risks, model lifecycle considerations, and emerging regulatory expectations. - Experience translating technical designs, risks, and controls into documentation suitable for auditors, regulators, and senior leadership. - Experience writing or maintaining policies, standards, or control documentation in a regulated environment. - Ability to challenge respectfully, influence decision makers, and take a clear position when ambiguity exists. - Demonstrated ability to partner effectively with senior engineers and architects without needing to be the deepest SME. - Strong understanding of audit processes and what mature controls and evidence look like. - Ability to run structured working sessions, facilitate decisions, and drive closure. - Excellent communication skills, with the ability to simplify complex technical topics for diverse audiences. Preferred: - Experience in a financial services or similarly regulated environment. - Familiarity with NIST CSF, PCI DSS, CSA CCM, NIST 800‑53, FFIEC, OCC, or other regulatory frameworks. - Hands‑on experience with cloud or container platforms in a past engineering, architecture, or security role. - Experience with security tooling across cloud, containers, or software development (e.g., CSPM, container scanning, DAST). - Prior experience as a security lead, governance analyst, or control owner in a large enterprise. Principal Governance Analyst - Application Security Total Base Pay Range 96,500.00 - 207,500.00 USD Annual At Fifth Third, we understand the importance of recognizing our employees for the role they play in improving the lives of our customers, communities and each other. Our Total Rewards include comprehensive benefits and differentiated compensation offerings to give each employee the opportunity to be their best every day. The base salary for this position is reflective of the range of salary levels for all roles within this pay grade across the U.S. Individual salaries within this range will vary based on factors such as role, relevant skillset, relevant experience, education and geographic location. In addition to the base salary, this role is eligible to participate in an incentive compensation plan, with any such payment based upon company, line of business and/or individual performance. Our extensive benefits programs are designed to support the individual needs of our employees and their families, encompassing physical, financial, emotional and social well-being. You can learn more about those programs on our 53.com Careers page at: https://www.53.com/content/fifth-third/en/careers/benefits.html or by consulting with your talent acquisition partner. LOCATION -- Virtual, Ohio 00000 Attention search firms and staffing agencies: do not submit unsolicited resumes for this posting. Fifth Third does not accept resumes from any agency that does not have an active agreement with Fifth Third. Any unsolicited resumes – no matter how they are submitted – will be considered the property of Fifth Third and Fifth Third will not be responsible for any associated fee. Fifth Third Bank, National Association is proud to have an engaged and inclusive culture and to promote and ensure equal employment opportunity in all employment decisions regardless of race, color, gender, national origin, religion, age, disability, sexual orientation, gender identity, military status, veteran status or any other legally protected status.

Position: Security Analyst Position Type: Full-time, Permanent (Existing Vacancy) Location: Toronto, ON (Remote) The Company: Postmedia is a Canadian news media company representing more than 110 brands across multiple print, online and mobile platforms. Award-winning journalists and innovative product development teams bring engaging content to millions of people every week whenever and wherever they want it. This exceptional content, reach and scope offers advertisers and marketers compelling solutions to effectively reach target audiences. We are always on the lookout for talented individuals to join our team. The Opportunity: This is an ideal role for a recent college or university graduate with a strong passion for IT and Cybersecurity. We’re looking for someone eager to learn, experiment, and grow. In this highly hands‑on, practical environment, you’ll shadow experienced team members, build foundational security skills, and develop into a future Senior Security Analyst. This role is perfect for someone curious, communicative, and brings IT/Security‑focused extracurricular, co‑op, or personal project experience. If you’re motivated, adaptable, and ready to shape your career as a security professional, we’d love to meet you. What you’ll do: - Assist in the maintenance and documentation of security policies, procedures, and standards under the guidance of senior security team members. - Manage account lifecycle tasks (enable/disable accounts, approve access requests); enforce BYOD, MFA, and secure remote access. - Assist with IT audits by collecting documentation, preparing evidence, and supporting coordination with internal teams. - Provide security guidelines for employees traveling internationally (VPN usage, device protection). - Advise on security best practices, including safe handling of company devices and data protection during travel or remote work. - Participate in incident response activities by performing initial analysis, documentation, and evidence collection, escalating findings to senior analysts as required. - Support security awareness initiatives by assisting with content preparation, communications, and tracking participation. - Maintain up-to-date detailed knowledge of the IT Security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors. - Collaborate with IT leadership, privacy analysts, and external vendors to maintain security posture and resolve compliance issues. - Participate in the implementation of new security solutions, policies, standards, baselines guidelines and procedures to support those as established by Postmedia’s security goals and to actively work towards upholding those goals. - Assist with vulnerability scanning, risk assessments, and remediation tracking under defined processes and supervision. - Participate in the planning and design of the Business Continuity Plan and Disaster Recovery Plan. - Recommend additional security solutions or enhancements to existing security solutions to improve overall security. - Provide support as required for MSSP Level 2 and 3 Support for all in-place security solutions. - Maintain operational configurations and baselines for all in-place security solutions. - Learn to automate repetitive security tasks such as reporting, alert enrichment, and evidence collection using scripting and workflow tools. - Assist in the development and maintenance of security automation workflows under supervision. - Explore the use of AI-assisted tools for log analysis, reporting, and security operations in accordance with Postmedia governance and security standards. - Document automation workflows and contribute to continuous improvement initiatives. - Regular hours apply. Occasional after-hours support may be required for learning, shadowing, or supervised activities. - Perform other duties as assigned. Who you are: - One or more of the following certifications would be an asset: Security+, CySA+, or equivalent (or “working towards”) - Knowledge of endpoint detection and response (EDR), CASB, IDPS and other security related concepts. - Knowledge of security frameworks or standards such as CIS Top 20, NIST and ISO 27001, 27017, 27018. - Knowledge of GDPR, CASL, PIPEDA and PCI compliance requirements. - Understanding of IP, TCP/IP and other network administration protocols. - Understanding of Windows and Linux operating systems. - Exposure to scripting or automation using Python, PowerShell, Bash, or similar, with an interest in expanding automation and AI skills. - Ability to effectively prioritize and execute tasks. - Ability to conduct research into IT security issues and products. - Able to work independently on assigned tasks while seeking guidance and feedback as part of a collaborative team. - Team-oriented and skilled in working within a collaborative environment with strong communications skills. - Be naturally innovative and forward thinking when problem solving, be analytical and detail oriented. - Inherently demonstrate a high level of integrity, discretion, and trustworthiness. - Willingness to travel on occasion as required. Must-Haves: - Foundational understanding of information security concepts and frameworks, with a willingness to learn and develop deeper expertise. - Experience with identity and access management tools, firewalls, antivirus, IDS/IPS, endpoint security. - Familiarity with VPNs, MFA, and cloud security solutions. - Experience conducting vulnerability assessments and penetration tests. - Excellent communication and documentation skills. - Ability to manage multiple tasks in a fast-paced environment. Compensation: Employment offers presented to the selected candidate are based on a combination of qualifications, experience, responsibilities of the role and the candidate's location. Base Salary: $50,000-$60,000 We thank in advance all applicants for their interest, however only those candidates under consideration will be contacted. Only candidates legally eligible to work in Canada will be considered. No phone calls or agencies please. Postmedia Network Inc. is committed to providing accommodations for people with disabilities in all areas of the hiring process. If you require accommodation during the hiring process, please make your needs known in advance. Accommodation requests will be provided on an individual basis. Postmedia Network Inc. is committed to employment equity and an inclusive barrier-free selection process and work environment. Postmedia Network Inc. encourages applications from women, aboriginal peoples, persons with disabilities and members of visible minorities. #LI-Remote LI-KC1

Position: Security Analyst Position Type: Full-time, Permanent (Existing Vacancy) Location: Toronto, ON (Remote) The Company: Postmedia is a Canadian news media company representing more than 110 brands across multiple print, online and mobile platforms. Award-winning journalists and innovative product development teams bring engaging content to millions of people every week whenever and wherever they want it. This exceptional content, reach and scope offers advertisers and marketers compelling solutions to effectively reach target audiences. We are always on the lookout for talented individuals to join our team. The Opportunity: This is an ideal role for a recent college or university graduate with a strong passion for IT and Cybersecurity. We’re looking for someone eager to learn, experiment, and grow. In this highly hands‑on, practical environment, you’ll shadow experienced team members, build foundational security skills, and develop into a future Senior Security Analyst. This role is perfect for someone curious, communicative, and brings IT/Security‑focused extracurricular, co‑op, or personal project experience. If you’re motivated, adaptable, and ready to shape your career as a security professional, we’d love to meet you. What you’ll do: - Assist in the maintenance and documentation of security policies, procedures, and standards under the guidance of senior security team members. - Manage account lifecycle tasks (enable/disable accounts, approve access requests); enforce BYOD, MFA, and secure remote access. - Assist with IT audits by collecting documentation, preparing evidence, and supporting coordination with internal teams. - Provide security guidelines for employees traveling internationally (VPN usage, device protection). - Advise on security best practices, including safe handling of company devices and data protection during travel or remote work. - Participate in incident response activities by performing initial analysis, documentation, and evidence collection, escalating findings to senior analysts as required. - Support security awareness initiatives by assisting with content preparation, communications, and tracking participation. - Maintain up-to-date detailed knowledge of the IT Security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors. - Collaborate with IT leadership, privacy analysts, and external vendors to maintain security posture and resolve compliance issues. - Participate in the implementation of new security solutions, policies, standards, baselines guidelines and procedures to support those as established by Postmedia’s security goals and to actively work towards upholding those goals. - Assist with vulnerability scanning, risk assessments, and remediation tracking under defined processes and supervision. - Participate in the planning and design of the Business Continuity Plan and Disaster Recovery Plan. - Recommend additional security solutions or enhancements to existing security solutions to improve overall security. - Provide support as required for MSSP Level 2 and 3 Support for all in-place security solutions. - Maintain operational configurations and baselines for all in-place security solutions. - Learn to automate repetitive security tasks such as reporting, alert enrichment, and evidence collection using scripting and workflow tools. - Assist in the development and maintenance of security automation workflows under supervision. - Explore the use of AI-assisted tools for log analysis, reporting, and security operations in accordance with Postmedia governance and security standards. - Document automation workflows and contribute to continuous improvement initiatives. - Regular hours apply. Occasional after-hours support may be required for learning, shadowing, or supervised activities. - Perform other duties as assigned. Who you are: - One or more of the following certifications would be an asset: Security+, CySA+, or equivalent (or “working towards”) - Knowledge of endpoint detection and response (EDR), CASB, IDPS and other security related concepts. - Knowledge of security frameworks or standards such as CIS Top 20, NIST and ISO 27001, 27017, 27018. - Knowledge of GDPR, CASL, PIPEDA and PCI compliance requirements. - Understanding of IP, TCP/IP and other network administration protocols. - Understanding of Windows and Linux operating systems. - Exposure to scripting or automation using Python, PowerShell, Bash, or similar, with an interest in expanding automation and AI skills. - Ability to effectively prioritize and execute tasks. - Ability to conduct research into IT security issues and products. - Able to work independently on assigned tasks while seeking guidance and feedback as part of a collaborative team. - Team-oriented and skilled in working within a collaborative environment with strong communications skills. - Be naturally innovative and forward thinking when problem solving, be analytical and detail oriented. - Inherently demonstrate a high level of integrity, discretion, and trustworthiness. - Willingness to travel on occasion as required. Must-Haves: - Foundational understanding of information security concepts and frameworks, with a willingness to learn and develop deeper expertise. - Experience with identity and access management tools, firewalls, antivirus, IDS/IPS, endpoint security. - Familiarity with VPNs, MFA, and cloud security solutions. - Experience conducting vulnerability assessments and penetration tests. - Excellent communication and documentation skills. - Ability to manage multiple tasks in a fast-paced environment. Compensation: Employment offers presented to the selected candidate are based on a combination of qualifications, experience, responsibilities of the role and the candidate's location. Base Salary: $50,000-$60,000 We thank in advance all applicants for their interest, however only those candidates under consideration will be contacted. Only candidates legally eligible to work in Canada will be considered. No phone calls or agencies please. Postmedia Network Inc. is committed to providing accommodations for people with disabilities in all areas of the hiring process. If you require accommodation during the hiring process, please make your needs known in advance. Accommodation requests will be provided on an individual basis. Postmedia Network Inc. is committed to employment equity and an inclusive barrier-free selection process and work environment. Postmedia Network Inc. encourages applications from women, aboriginal peoples, persons with disabilities and members of visible minorities. #LI-Remote LI-KC1

Additional Information About the Role BJC is hiring for a Security Risk II Analyst. Ideal candidate will have experience in Security Risk Assessments and 3rd Party Risk Assessments. Experience with Logic 8 Platform is preferred. This is a remote position, but we are looking for candidates in the St. Louis Metro area. Overview BJC HealthCare is one of the largest nonprofit health care organizations in the United States, delivering services to residents primarily in the greater St. Louis, southern Illinois and southeast Missouri regions. With net revenues of $6.3 billion and more than 30,000 employees, BJC serves patients and their families in urban, suburban and rural communities through its 14 hospitals and multiple community health locations. Services include inpatient and outpatient care, primary care, community health and wellness, workplace health, home health, community mental health, rehabilitation, long-term care and hospice. BJC is the largest provider of charity care, unreimbursed care and community benefits in the state of Missouri. BJC and its hospitals and health service organizations provide $785.9 million annually in community benefit. That includes $410.6 million in charity care and other financial assistance to patients to ensure medical care regardless of their ability to pay. In addition, BJC provides additional community benefits through commitments to research, emergency preparedness, regional health care safety net services, health literacy, community outreach and community health programs and regional economic development. BJC’s patients have access to the latest advances in medical science and technology through a formal affiliation between Barnes-Jewish Hospital and St. Louis Children’s Hospital with the renowned Washington University School of Medicine, which consistently ranks among the top medical schools in the country. IS Security Services serves as an independent, objective catalyst for implementing effective and efficient controls to protect BJC HealthCare (BJC) information resources through collaboration with customers. We provide value to our customers and the organization by: Ensuring compliance with internal policies and external regulations; evaluating information system and application controls; educating BJC employees and other strategic partners on information systems security practices and concepts; acting as a resource on security controls for new and existing information systems and applications; recovering mission critical applications and data vital to the organization and strategic partners; investigating practices not in compliance with established BJC Information Services security policies and standards. Preferred Qualifications Role Purpose Technology role responsible for the management of risk in a pragmatic and cost-effective manner to ensure stakeholder confidence formal system certification and accreditation technical assessment and evaluation to determine control effectiveness across a large and complex corporate portfolio. Responsibilities - Able to research, analyze, interpret, evaluate, and integrate complex data from a wide variety of sources and provide creative solutions that align with strategic clinical and business workflows. While ensuring compliance of system and application security within scope of responsibility, in accordance with defined service levels, security practices/guidelines, and relevant technology standards. - Perform reviews of business solution self-assessments and assign risk rating. This includes performing a limited control review, completing documentation and presenting assessment in a formal review meeting. - Perform timely vendor vetting assessments on potential business solutions based on business partner requests, highlighting security posture and control gaps and need mitigating activities. This includes but is not limited to conducting meetings with business process owners and vendors, investigating vendor security posture and performance, reviewing baseline controls and gaps, documenting results, and reporting findings in a formal report. - Skillfully interact with business process owners, Technology and security personnel as well as vendors, management and other interested parties is required. This includes but is not limited to conducting meetings with business process owners and vendors, investigating vendor security posture and performance, reviewing baseline controls and gaps and documenting results while effectively report findings in a formal Security Risk Assessment report. Identify and complete Risk Acceptance forms where an exception to a policy or requirement is significant and needs to be reported to Management for approval. - Responsible for adding and maintaining status updates for high and critical findings for high and critical business solutions on the Risk Register. Minimum Requirements Education - Bachelor's Degree Experience - 2-5 years Supervisor Experience - No Experience Preferred Requirements Licenses & Certifications - CIA - CISA - Cert Info Systems Manager - CPA - Certified in Risk & IS Control Benefits and Legal Statement BJC Total Rewards At BJC we’re committed to providing you and your family with benefits and resources to help you manage your physical, emotional, social and financial well-being. - Comprehensive medical, dental, vison, life insurance, and legal services available first day of the month after hire date - Disability insurance* paid for by BJC - Annual 4% BJC Automatic Retirement Contribution - 401(k) plan with BJC match - Tuition Assistance available on first day - BJC Institute for Learning and Development - Health Care and Dependent Care Flexible Spending Accounts - Paid Time Off benefit combines vacation, sick days, holidays and personal time - Adoption assistance To learn more, go to our Benefits Summary. *Not all benefits apply to all jobs The above information on this description has been designed to indicate the general nature and level of work performed by employees in this position. It is not designed to contain or be interpreted as an exhaustive list of all responsibilities, duties and qualifications required of employees assigned to this job. Equal Opportunity Employer