Sr. Manager - Information Security Risk Assessment

At U.S. Bank, we’re on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed.

We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.

S. Bank gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career.

Try new things, learn new skills and discover what you excel at all from Day One.

Hit Apply below to send your application for consideration Ensure that your CV is up to date, and that you have read the job specs first.

Job Description

U.S. Bank is seeking a Sr. Information Security Manager with demonstrated competence and visionary leadership experience to contribute toward the success of our technology initiatives.

Directs and oversees the development and maintenance of an information security team that manages an enterprise information security program.

Directs and oversees day-to-day operation and effectiveness of security-related programs and initiatives. Sets policy and direction for securing the Bank's systems and information.

Directs and leads development, implementation, and enforcement of organization-wide security standards, baselines, and procedures in compliance with policy.

Works with development and infrastructure support management to ensure that processes and programs are in place for ongoing compliance and cyber risk mitigation.

Monitors cyber security threat environment for emerging threats impacting the Bank's information security program and initiatives.

Updates the policy and the program to support risk mitigation and regulatory compliance. Evaluates security requirements in context with other business requirements, and recommends measures to manage risk and adequately secure information systems.

Monitors changes in business, technology, and threat environments to identify and develop strategies for addressing new risks to Bank systems and information.

Establishes security monitoring practices for all platforms across the enterprise. Monitors and assesses security violations, vulnerabilities and other anomalies.

Directs and oversees maintenance of programs to manage risks to the Bank's network, systems, and data from malware, network intrusion, and other threats.

Assesses the risk associated with newly discovered vulnerabilities and directs the application of vendor-supplied patches to manage risk.

Assesses cost of potential threats relative to cost of solutions required to eliminate or minimize threats. Participates and oversees the execution of an incident management process that ensures timely detection, containment, and eradication of threats, recovery from resulting damage, and corrective action to minimize the risk of future incidents.

Evaluates and monitors supply chain risk, response, and due diligence. Serves as liaison to internal and external auditors, regulators, and customers in examinations of the Bank's security program.

Monitors all phases of audits to ensure progress according to audit plan; monitors status of ongoing reviews. Recommends : hires, transfers, terminations, salary adjustments, performance standards and reviews.

Plans, develops and controls moderate to large project / product budgets.

This role offers a hybrid / flexible schedule, which means there's an in-office expectation of 3 or more days per week and the flexibility to work outside the office location for the other days.

• Minneapolis, MN
• Cincinnati, Ohio
• Charlotte, NC

Top 3 Skills

• Demonstrated People Leader experience
• Experience in Cyber security Risk management
• Financial Industry regulatory requirements (PCI, etc)

Basic Qualifications

• Bachelor's degree or equivalent work experience
• At least 6 years experience with management approaches, tools, and techniques for gaining the cooperation and support of others
• At least 10 years experience with processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data

Experience Should Include

• 10+ years professional experience in information security and technology with a track record of increasing scope and responsibility.
• 1+ years experience with ServiceNow security modules (IRM or SecOps preferred)
• Experience developing and managing strategic roadmap tied to the business line objectives as well as day-to-day operations of the team.
• Demonstrable experience with modern frameworks, including MITRE ATT&CK, Threat Informed Defense, Diamond Model, cyber kill chain and NIST 800-53.
• Partner with Cyber Threat Intelligence team to review tactics, techniques and procedures (TTPs) of threat actors (including internal and external red / pentest teams) that target U.

S. Bank and the financial sector as well.

• Experience partnering with Detection Engineering team to develop new capabilities to alert on the potential presence of threat actors.
• Experience partnering with Computer Security Incident Response Team to review and investigate findings.
• Understanding of Cloud and SaaS configuration management and risk reduction with various Cloud Service Providers (AWS, Azure, GCP) and how to investigate potential threats in those environments.
• Experience developing and monitoring dashboards to follow trends and investigate anomalies.
• Understanding of and experience in threat hunting, threat intelligence, red team, or incident response
• Experience in process improvement around business processes and standard operating procedures.
• Development and monitoring of system vulnerability, threat, control, response, and risk mitigation processes, procedures, and controls
• Understanding of and experience with CIS Benchmarks ie : security configuration and countermeasures and prioritization.
• Experience partnering with Cyber Security Risk and Third Party Risk Management teams to review and investigate supply chain attacks
• Oversee the day-to-day management of a 5-10 person geographically dispersed team and develop the careers of the individuals on the team.
• Experience with Information assurance
• Understanding of Network and internet security, and how to mitigate threats in all part of the environment (Supply Chain, API, Open Source Software)
• Understanding of I.T. standards, procedures, policy, governance, environment
• Ability to translate technical language / terms into readily digestible / understandable language for business users
• Experience with Product and vendor evaluation
• Experience with and / or understanding of Information security management, technologies, architecture, audits, administration

Preferred Skills / Experience

• Certified Information Systems Auditor (CISA)
• ISACA Certified Information Security Manager (CISM)
• Certified Information System Security Professional (CISSP)

Benefits :

Our approach to benefits and total rewards considers our team members’ whole selves and what may be needed to thrive in and outside work.

That's why our benefits are designed to help you and your family boost your health, protect your financial security and give you peace of mind.

Our benefits include the following (some may vary based on role, location or hours) :

• Healthcare (medical, dental, vision)
• Basic term and optional term life insurance
• Short-term and long-term disability
• Pregnancy disability and parental leave
• 401(k) and employer-funded retirement plan
• Paid vacation (from two to five weeks depending on salary grade and tenure)
• Up to 11 paid holiday opportunities
• Adoption assistance
• Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law

U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors.

Applicants can learn more about the company’s status as an equal opportunity employer by viewing the federal KNOW YOUR RIGHTS EEO poster.

E-Verify

U.S. Bank participates in the U.S. Department of Homeland Security E-Verify program in all facilities located in the United States and certain U.

S. territories. The E-Verify program is an Internet-based employment eligibility verification system operated by the U.S.

Citizenship and Immigration Services. Learn more about the E-Verify program.

J-18808-Ljbffr