hero

Find Your Dream Job Today

Our mission is to help high-achieving LGBTQ+ undergraduates reach their full potential.

Sr. Manager - Information Security Risk Assessment

U.S. Bank

U.S. Bank

IT
Multiple locations
Posted on Sep 11, 2024

At U.S. Bank, we’re on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed. We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.S. Bank gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career. Try new things, learn new skills and discover what you excel at—all from Day One.

Job Description

U.S. Bank is seeking a Sr. Information Security Manager with demonstrated competence and visionary leadership experience to contribute toward the success of our technology initiatives. Directs and oversees the development and maintenance of an information security team that manages an enterprise information security program. Directs and oversees day-to-day operation and effectiveness of security-related programs and initiatives. Sets policy and direction for securing the Bank's systems and information. Directs and leads development, implementation, and enforcement of organization-wide security standards, baselines, and procedures in compliance with policy. Works with development and infrastructure support management to ensure that processes and programs are in place for ongoing compliance and cyber risk mitigation. Monitors cyber security threat environment for emerging threats impacting the Bank's information security program and initiatives. Updates the policy and the program to support risk mitigation and regulatory compliance. Evaluates security requirements in context with other business requirements, and recommends measures to manage risk and adequately secure information systems. Monitors changes in business, technology, and threat environments to identify and develop strategies for addressing new risks to Bank systems and information. Establishes security monitoring practices for all platforms across the enterprise. Monitors and assesses security violations, vulnerabilities and other anomalies. Directs and oversees maintenance of programs to manage risks to the Bank's network, systems, and data from malware, network intrusion, and other threats. Assesses the risk associated with newly discovered vulnerabilities and directs the application of vendor-supplied patches to manage risk. Assesses cost of potential threats relative to cost of solutions required to eliminate or minimize threats. Participates and oversees the execution of an incident management process that ensures timely detection, containment, and eradication of threats, recovery from resulting damage, and corrective action to minimize the risk of future incidents. Evaluates and monitors supply chain risk, response, and due diligence. Serves as liaison to internal and external auditors, regulators, and customers in examinations of the Bank's security program. Monitors all phases of audits to ensure progress according to audit plan; monitors status of ongoing reviews. Recommends: hires, transfers, terminations, salary adjustments, performance standards and reviews. Plans, develops and controls moderate to large project/product budgets.

This role offers a hybrid/flexible schedule, which means there's an in-office expectation of 3 or more days per week and the flexibility to work outside the office location for the other days.

  • Minneapolis, MN
  • Cincinnati, Ohio
  • Charllote, NC

Top 3 Skills

  • Demonstrated People Leader experience
  • Experience in Cyber security Risk management
  • Financial Industry regulatory requirements (PCI, etc)

Basic Qualifications

  • Bachelor's degree or equivalent work experience

  • At least 6 years experience with management approaches, tools, and techniques for gaining the cooperation and support of others

  • At least 10 years experience with processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data


Experience Should Include

  • 10+ years professional experience in information security and technology with a track record of increasing scope and responsibility.

  • 1+ years experience with ServiceNow security modules (IRM or SecOps preferred)

  • Experience developing and managing strategic roadmap tied to the business line objectives as well as day-to-day operations of the team.

  • Demonstrable experience with modern frameworks, including MITRE ATT&CK, Threat Informed Defense, Diamond Model, cyber kill chain and NIST 800-53.

  • Partner with Cyber Threat Intelligence team to review tactics, techniques and procedures (TTPs) of threat actors (including internal and external red/pentest teams) that target U.S. Bank and the financial sector as well.

  • Experience partnering with Detection Engineering team to develop new capabilities to alert on the potential presence of threat actors.

  • Experience partnering with Computer Security Incident Response Team to review and investigate findings.

  • Understanding of Cloud and SaaS configuration management and risk reduction with various Cloud Service Providers (AWS, Azure, GCP) and how to investigate potential threats in those environments.

  • Experience developing and monitoring dashboards to follow trends and investigate anomalies.

  • Understanding of and experience in threat hunting, threat intelligence, red team, or incident response

  • Experience in process improvement around business processes and standard operating procedures.

  • Development and monitoring of system vulnerability, threat, control, response, and risk mitigation processes, procedures, and controls

  • Understanding of and experience with CIS Benchmarks ie: security configuration and countermeasures and prioritization.

  • Experience partnering with Cyber Security Risk and Third Party Risk Management teams to review and investigate supply chain attacks

  • Oversee the day-to-day management of a 5-10 person geographically dispersed team and develop the careers of the individuals on the team.

  • Experience with Information assurance

  • Understanding of Network and internet security, and how to mitigate threats in all part of the environment (Supply Chain, API, Open Source Software)

  • Understanding of I.T. standards, procedures, policy, governance, environment

  • Ability to translate technical language/terms into readily digestible/understandable language for business users

  • Experience with Product and vendor evaluation

  • Experience with and /or understanding of Information security management, technologies, architecture, audits, administration


Preferred Skills/Experience

  • Certified Information Systems Auditor (CISA)

  • ISACA Certified Information Security Manager (CISM)

  • Certified Information System Security Professional (CISSP)

If there’s anything we can do to accommodate a disability during any portion of the application or hiring process, please refer to our disability accommodations for applicants.

Benefits:

Our approach to benefits and total rewards considers our team members’ whole selves and what may be needed to thrive in and outside work. That's why our benefits are designed to help you and your family boost your health, protect your financial security and give you peace of mind. Our benefits include the following (some may vary based on role, location or hours):

  • Healthcare (medical, dental, vision)

  • Basic term and optional term life insurance

  • Short-term and long-term disability

  • Pregnancy disability and parental leave

  • 401(k) and employer-funded retirement plan

  • Paid vacation (from two to five weeks depending on salary grade and tenure)

  • Up to 11 paid holiday opportunities

  • Adoption assistance

  • Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law

EEO is the Law

U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors. Applicants can learn more about the company’s status as an equal opportunity employer by viewing the federal KNOW YOUR RIGHTS EEO poster.

E-Verify

U.S. Bank participates in the U.S. Department of Homeland Security E-Verify program in all facilities located in the United States and certain U.S. territories. The E-Verify program is an Internet-based employment eligibility verification system operated by the U.S. Citizenship and Immigration Services. Learn more about the E-Verify program.

The salary range reflects figures based on the primary location, which is listed first. The actual range for the role may differ based on the location of the role. In addition to salary, U.S. Bank offers a comprehensive benefits package, including incentive and recognition programs, equity stock purchase 401(k) contribution and pension (all benefits are subject to eligibility requirements). Pay Range: $129,455.00 - $152,300.00 - $167,530.00

U.S. Bank will consider qualified applicants with arrest or conviction records for employment. U.S. Bank conducts background checks consistent with applicable local laws, including the Los Angeles County Fair Chance Ordinance and the California Fair Chance Act as well as the San Francisco Fair Chance Ordinance. U.S. Bank is subject to, and conducts background checks consistent with the requirements of Section 19 of the Federal Deposit Insurance Act (FDIA). In addition, certain positions may also be subject to the requirements of FINRA, NMLS registration, Reg Z, Reg G, OFAC, the NFA, the FCPA, the Bank Secrecy Act, the SAFE Act, and/or federal guidelines applicable to an agreement, such as those related to ethics, safety, or operational procedures.

Applicants must be able to comply with U.S. Bank policies and procedures including the Code of Ethics and Business Conduct and related workplace conduct and safety policies.

Job postings typically remain open for approximately 20 days of the posting date listed above, however the job posting may be closed earlier should it be determined the position is no longer required due to business need. Job postings in areas with a high volume of applicants, such as customer service, contact center, and Financial Crimes investigations, remain open for approximately 5 days of the posting listed date.