Huntington Bancshares, Inc.
API Standards & Compliance Lead
Huntington Bancshares, Inc., Detroit, Michigan, United States, 48228
Overview
API Standards & Compliance Lead Position Summary: As the
API Standards & Compliance Lead , you will define, implement, and enforce enterprise-wide API governance frameworks that ensure consistency, security, and scalability across all APIs. This strategic role focuses on establishing API design standards, lifecycle governance, and compliance policies aligned with industry best practices and regulatory requirements. You will partner closely with Enterprise Architecture, Security, Platform Engineering, and Developer Experience teams to advance an
API-first
strategy and enable seamless integration across the enterprise. You will shape our API strategy by balancing innovation with risk management—creating clear standards, operating models, and guardrails for API design, onboarding, publishing, versioning, and retirement. This role emphasizes
policy, architecture, enablement, and oversight
rather than hands-on software development.
What You’ll Do
Governance Framework & Standards
Define and maintain enterprise-wide
API design and governance policies
aligned with architecture principles and industry standards (OpenAPI, REST, GraphQL).
Establish naming conventions, versioning guidelines, backward compatibility expectations, deprecation/retirement policies, and documentation standards.
Run the
API Governance Board
(reviews, approvals, waivers) and maintain the governance operating model and RACI.
Author and maintain reference architecture, standards playbooks, and reusable policy templates.
Lifecycle Governance & Platform Integration (Apigee X)
Design and oversee
API onboarding workflows
via the Developer Portal, ensuring proper documentation, cataloging, and discoverability.
Define governance processes integrated with
Apigee X
for publishing, runtime policies (e.g., quotas, rate limiting), and analytics.
Ensure consistent use of
API products , proxies, and catalogs; promote high-quality API definitions and reusability.
Security & Regulatory Compliance
Implement governance for
security patterns
(OAuth2, JWT, JWKS, mTLS) using
Apigee X
and
Ping Identity .
Align APIs to regulatory requirements (e.g.,
Open Banking ,
PSD2 ,
HIPAA ,
GDPR ) and enterprise security standards.
Partner with Risk, Compliance, and Security Engineering to define
control objectives , evidence, and auditability (e.g., NIST, ISO 27001, SOC 2).
Developer Experience & Enablement
Collaborate with the API Gateway and DevEx teams to optimize
portal usability , API discoverability, and policy adoption.
Provide training, guidance, and office hours on
governance best practices
and standards for internal teams.
Create artifacts (cheat sheets, checklists, sample OpenAPI specs, policy catalogs) that accelerate compliant delivery.
Analytics, Metrics & Continuous Improvement
Define and track
governance KPIs
(e.g., % APIs compliant, time-to-approve, policy adoption rates, security defect trends).
Use
Apigee Analytics
and GCP monitoring to identify gaps and refine standards based on data insights and evolving business needs.
Conduct periodic maturity assessments; publish roadmaps and quarterly updates to stakeholders.
Risk, Audit & Controls
Establish
controls and evidence
for audits (design-time and runtime), including conformity checks against policy and standards.
Coordinate remediation plans for non-compliant APIs; manage waivers/exceptions with clear time-bound conditions.
Tooling & Automation
Partner with platform teams to integrate
policy-as-code
checks (linting, contract validation, auth enforcement) into CI/CD.
Evaluate governance tooling (spec linters, catalog quality checks, portal workflows) to automate compliance wherever feasible.
Qualifications
Basic Qualifications
Bachelors Degree in CS OR equivalent experience.
7+ years in IT with strong API design, development, and governance experience.
5+ years in API governance or platform leadership roles.
Deep familiarity with
OpenAPI/Swagger , REST fundamentals, GraphQL design considerations, and API lifecycle management.
Hands-on experience with
security standards
(OAuth2, JWT, JWKS, mTLS) and
regulatory
frameworks (Open Banking/PSD2, HIPAA, GDPR).
Experience with
Apigee X
on
GCP
(or similar API management platforms like Kong, MuleSoft, AWS API Gateway, Azure APIM) from a
governance/architecture
perspective.
Demonstrated ability to write clear
policies, standards, and procedures ; facilitate governance forums; drive alignment across stakeholders.
Strong communication, stakeholder management, and
change management
skills.
Preferred
10+ years in IT with strong API design, development, and governance experience
GCP certifications
(e.g., Professional Cloud Architect);
Apigee
certifications a plus.
Experience with
Ping Identity
integration and enterprise IAM.
Familiarity with
GCP services
(Cloud Armor, IAM, VPC networking) and platform security controls.
Background in
DevSecOps , CI/CD automation, and policy-as-code for API compliance.
Experience improving
API portals , catalogs, and developer experience, including analytics-driven enhancements.
Core Competencies
Strategic thinking and policy design
Enterprise architecture alignment
Risk and compliance mindset
Stakeholder facilitation and influence
Data-driven continuous improvement
Clear, concise technical writing and storytelling
Role Clarity
This is a governance, standards, and architecture leadership role—focused on policy, enablement, oversight, and measurable outcomes.
Not a day-to-day software engineering or Apigee proxy development role.
Limited hands-on configuration may be required to validate governance controls or demonstrate patterns.
Workplace & Compensation Exempt Status:
Exempt from overtime; status varies by location.
Workplace Type:
Office. Some roles may be eligible for flexible/work-from-home arrangements; specifics provided by the hiring team.
Compensation Range:
Total Base Pay Range 70,000.00 - 140,000.00 USD Annual. The range represents the base compensation; actual may vary based on location, experience, and performance. Eligible for applicable incentive plan; Huntington offers benefits including health insurance, wellness, life and disability insurance, retirement savings, paid leave, holidays, and PTO.
Huntington is an Equal Opportunity Employer.
Tobacco-Free Hiring Practice: Visit Huntington's Career Web Site for details.
Note to Agencies Huntington will not pay a fee for unsolicited resumes. Agencies must have a valid Master Service Agreement and Statement of Work for consideration.
#J-18808-Ljbffr
API Standards & Compliance Lead Position Summary: As the
API Standards & Compliance Lead , you will define, implement, and enforce enterprise-wide API governance frameworks that ensure consistency, security, and scalability across all APIs. This strategic role focuses on establishing API design standards, lifecycle governance, and compliance policies aligned with industry best practices and regulatory requirements. You will partner closely with Enterprise Architecture, Security, Platform Engineering, and Developer Experience teams to advance an
API-first
strategy and enable seamless integration across the enterprise. You will shape our API strategy by balancing innovation with risk management—creating clear standards, operating models, and guardrails for API design, onboarding, publishing, versioning, and retirement. This role emphasizes
policy, architecture, enablement, and oversight
rather than hands-on software development.
What You’ll Do
Governance Framework & Standards
Define and maintain enterprise-wide
API design and governance policies
aligned with architecture principles and industry standards (OpenAPI, REST, GraphQL).
Establish naming conventions, versioning guidelines, backward compatibility expectations, deprecation/retirement policies, and documentation standards.
Run the
API Governance Board
(reviews, approvals, waivers) and maintain the governance operating model and RACI.
Author and maintain reference architecture, standards playbooks, and reusable policy templates.
Lifecycle Governance & Platform Integration (Apigee X)
Design and oversee
API onboarding workflows
via the Developer Portal, ensuring proper documentation, cataloging, and discoverability.
Define governance processes integrated with
Apigee X
for publishing, runtime policies (e.g., quotas, rate limiting), and analytics.
Ensure consistent use of
API products , proxies, and catalogs; promote high-quality API definitions and reusability.
Security & Regulatory Compliance
Implement governance for
security patterns
(OAuth2, JWT, JWKS, mTLS) using
Apigee X
and
Ping Identity .
Align APIs to regulatory requirements (e.g.,
Open Banking ,
PSD2 ,
HIPAA ,
GDPR ) and enterprise security standards.
Partner with Risk, Compliance, and Security Engineering to define
control objectives , evidence, and auditability (e.g., NIST, ISO 27001, SOC 2).
Developer Experience & Enablement
Collaborate with the API Gateway and DevEx teams to optimize
portal usability , API discoverability, and policy adoption.
Provide training, guidance, and office hours on
governance best practices
and standards for internal teams.
Create artifacts (cheat sheets, checklists, sample OpenAPI specs, policy catalogs) that accelerate compliant delivery.
Analytics, Metrics & Continuous Improvement
Define and track
governance KPIs
(e.g., % APIs compliant, time-to-approve, policy adoption rates, security defect trends).
Use
Apigee Analytics
and GCP monitoring to identify gaps and refine standards based on data insights and evolving business needs.
Conduct periodic maturity assessments; publish roadmaps and quarterly updates to stakeholders.
Risk, Audit & Controls
Establish
controls and evidence
for audits (design-time and runtime), including conformity checks against policy and standards.
Coordinate remediation plans for non-compliant APIs; manage waivers/exceptions with clear time-bound conditions.
Tooling & Automation
Partner with platform teams to integrate
policy-as-code
checks (linting, contract validation, auth enforcement) into CI/CD.
Evaluate governance tooling (spec linters, catalog quality checks, portal workflows) to automate compliance wherever feasible.
Qualifications
Basic Qualifications
Bachelors Degree in CS OR equivalent experience.
7+ years in IT with strong API design, development, and governance experience.
5+ years in API governance or platform leadership roles.
Deep familiarity with
OpenAPI/Swagger , REST fundamentals, GraphQL design considerations, and API lifecycle management.
Hands-on experience with
security standards
(OAuth2, JWT, JWKS, mTLS) and
regulatory
frameworks (Open Banking/PSD2, HIPAA, GDPR).
Experience with
Apigee X
on
GCP
(or similar API management platforms like Kong, MuleSoft, AWS API Gateway, Azure APIM) from a
governance/architecture
perspective.
Demonstrated ability to write clear
policies, standards, and procedures ; facilitate governance forums; drive alignment across stakeholders.
Strong communication, stakeholder management, and
change management
skills.
Preferred
10+ years in IT with strong API design, development, and governance experience
GCP certifications
(e.g., Professional Cloud Architect);
Apigee
certifications a plus.
Experience with
Ping Identity
integration and enterprise IAM.
Familiarity with
GCP services
(Cloud Armor, IAM, VPC networking) and platform security controls.
Background in
DevSecOps , CI/CD automation, and policy-as-code for API compliance.
Experience improving
API portals , catalogs, and developer experience, including analytics-driven enhancements.
Core Competencies
Strategic thinking and policy design
Enterprise architecture alignment
Risk and compliance mindset
Stakeholder facilitation and influence
Data-driven continuous improvement
Clear, concise technical writing and storytelling
Role Clarity
This is a governance, standards, and architecture leadership role—focused on policy, enablement, oversight, and measurable outcomes.
Not a day-to-day software engineering or Apigee proxy development role.
Limited hands-on configuration may be required to validate governance controls or demonstrate patterns.
Workplace & Compensation Exempt Status:
Exempt from overtime; status varies by location.
Workplace Type:
Office. Some roles may be eligible for flexible/work-from-home arrangements; specifics provided by the hiring team.
Compensation Range:
Total Base Pay Range 70,000.00 - 140,000.00 USD Annual. The range represents the base compensation; actual may vary based on location, experience, and performance. Eligible for applicable incentive plan; Huntington offers benefits including health insurance, wellness, life and disability insurance, retirement savings, paid leave, holidays, and PTO.
Huntington is an Equal Opportunity Employer.
Tobacco-Free Hiring Practice: Visit Huntington's Career Web Site for details.
Note to Agencies Huntington will not pay a fee for unsolicited resumes. Agencies must have a valid Master Service Agreement and Statement of Work for consideration.
#J-18808-Ljbffr