Search jobs > Minneapolis, MN > Manager information

Sr. Manager - Information Security Risk Assessment

US Bank
Minneapolis, Minnesota, US
Full-time

At U.S. Bank, we’re on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed.

We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.

S. Bank gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career.

Try new things, learn new skills and discover what you excel at all from Day One.

Hit Apply below to send your application for consideration Ensure that your CV is up to date, and that you have read the job specs first.

Job Description

U.S. Bank is seeking a Sr. Information Security Manager with demonstrated competence and visionary leadership experience to contribute toward the success of our technology initiatives.

Directs and oversees the development and maintenance of an information security team that manages an enterprise information security program.

Directs and oversees day-to-day operation and effectiveness of security-related programs and initiatives. Sets policy and direction for securing the Bank's systems and information.

Directs and leads development, implementation, and enforcement of organization-wide security standards, baselines, and procedures in compliance with policy.

Works with development and infrastructure support management to ensure that processes and programs are in place for ongoing compliance and cyber risk mitigation.

Monitors cyber security threat environment for emerging threats impacting the Bank's information security program and initiatives.

Updates the policy and the program to support risk mitigation and regulatory compliance. Evaluates security requirements in context with other business requirements, and recommends measures to manage risk and adequately secure information systems.

Monitors changes in business, technology, and threat environments to identify and develop strategies for addressing new risks to Bank systems and information.

Establishes security monitoring practices for all platforms across the enterprise. Monitors and assesses security violations, vulnerabilities and other anomalies.

Directs and oversees maintenance of programs to manage risks to the Bank's network, systems, and data from malware, network intrusion, and other threats.

Assesses the risk associated with newly discovered vulnerabilities and directs the application of vendor-supplied patches to manage risk.

Assesses cost of potential threats relative to cost of solutions required to eliminate or minimize threats. Participates and oversees the execution of an incident management process that ensures timely detection, containment, and eradication of threats, recovery from resulting damage, and corrective action to minimize the risk of future incidents.

Evaluates and monitors supply chain risk, response, and due diligence. Serves as liaison to internal and external auditors, regulators, and customers in examinations of the Bank's security program.

Monitors all phases of audits to ensure progress according to audit plan; monitors status of ongoing reviews. Recommends : hires, transfers, terminations, salary adjustments, performance standards and reviews.

Plans, develops and controls moderate to large project / product budgets.

This role offers a hybrid / flexible schedule, which means there's an in-office expectation of 3 or more days per week and the flexibility to work outside the office location for the other days.

  • Minneapolis, MN
  • Cincinnati, Ohio
  • Charlotte, NC

Top 3 Skills

  • Demonstrated People Leader experience
  • Experience in Cyber security Risk management
  • Financial Industry regulatory requirements (PCI, etc)

Basic Qualifications

  • Bachelor's degree or equivalent work experience
  • At least 6 years experience with management approaches, tools, and techniques for gaining the cooperation and support of others
  • At least 10 years experience with processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data

Experience Should Include

  • 10+ years professional experience in information security and technology with a track record of increasing scope and responsibility.
  • 1+ years experience with ServiceNow security modules (IRM or SecOps preferred)
  • Experience developing and managing strategic roadmap tied to the business line objectives as well as day-to-day operations of the team.
  • Demonstrable experience with modern frameworks, including MITRE ATT&CK, Threat Informed Defense, Diamond Model, cyber kill chain and NIST 800-53.
  • Partner with Cyber Threat Intelligence team to review tactics, techniques and procedures (TTPs) of threat actors (including internal and external red / pentest teams) that target U.

S. Bank and the financial sector as well.

  • Experience partnering with Detection Engineering team to develop new capabilities to alert on the potential presence of threat actors.
  • Experience partnering with Computer Security Incident Response Team to review and investigate findings.
  • Understanding of Cloud and SaaS configuration management and risk reduction with various Cloud Service Providers (AWS, Azure, GCP) and how to investigate potential threats in those environments.
  • Experience developing and monitoring dashboards to follow trends and investigate anomalies.
  • Understanding of and experience in threat hunting, threat intelligence, red team, or incident response
  • Experience in process improvement around business processes and standard operating procedures.
  • Development and monitoring of system vulnerability, threat, control, response, and risk mitigation processes, procedures, and controls
  • Understanding of and experience with CIS Benchmarks ie : security configuration and countermeasures and prioritization.
  • Experience partnering with Cyber Security Risk and Third Party Risk Management teams to review and investigate supply chain attacks
  • Oversee the day-to-day management of a 5-10 person geographically dispersed team and develop the careers of the individuals on the team.
  • Experience with Information assurance
  • Understanding of Network and internet security, and how to mitigate threats in all part of the environment (Supply Chain, API, Open Source Software)
  • Understanding of I.T. standards, procedures, policy, governance, environment
  • Ability to translate technical language / terms into readily digestible / understandable language for business users
  • Experience with Product and vendor evaluation
  • Experience with and / or understanding of Information security management, technologies, architecture, audits, administration

Preferred Skills / Experience

  • Certified Information Systems Auditor (CISA)
  • ISACA Certified Information Security Manager (CISM)
  • Certified Information System Security Professional (CISSP)

Benefits :

Our approach to benefits and total rewards considers our team members’ whole selves and what may be needed to thrive in and outside work.

That's why our benefits are designed to help you and your family boost your health, protect your financial security and give you peace of mind.

Our benefits include the following (some may vary based on role, location or hours) :

  • Healthcare (medical, dental, vision)
  • Basic term and optional term life insurance
  • Short-term and long-term disability
  • Pregnancy disability and parental leave
  • 401(k) and employer-funded retirement plan
  • Paid vacation (from two to five weeks depending on salary grade and tenure)
  • Up to 11 paid holiday opportunities
  • Adoption assistance
  • Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law

U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors.

Applicants can learn more about the company’s status as an equal opportunity employer by viewing the federal KNOW YOUR RIGHTS EEO poster.

E-Verify

U.S. Bank participates in the U.S. Department of Homeland Security E-Verify program in all facilities located in the United States and certain U.

S. territories. The E-Verify program is an Internet-based employment eligibility verification system operated by the U.S.

Citizenship and Immigration Services. Learn more about the E-Verify program.

J-18808-Ljbffr

11 hours ago
Related jobs
Promoted
VirtualVocations
Saint Paul, Minnesota

A company is looking for a Senior Manager Information Security Risk Management. ...

Promoted
Maverick Risk Partners
Coon Rapids, Minnesota

Maverick Risk Partners uses our “People Over Policies” approach to managing the unique insurance and risk management needs of our business and individual clients. Commercial Insurance Account Manager will be responsible for managing the agency’s larger client base, and key client accounts. In additi...

Promoted
VirtualVocations
Saint Paul, Minnesota

A company is looking for a Manager, Information Security to oversee its information security infrastructure and mentor a security operations support team. CISSP, CISM, CEH)Expertise in security controls such as AWS security, Azure, and network securityExperience managing data masking, encryption, an...

Promoted
Voiceflow
Minneapolis, Minnesota

Act as Reema Health's Information Security Officer, by understanding our security program, developing and executing on a strategy for maintaining and strengthening our security posture. Our mission-driven and member-focused company is seeking an experienced and highly self-motivated IT Manager &...

Randstad
Minneapolis, Minnesota

Manager in Product Information Management (PIM) to lead their efforts in integrating, optimizing, and managing product information across their dynamic organization. Our Client is looking for an innovative Sr. In this pivotal role, you'll be at the forefront of enhancing their product information ma...

Federal Reserve Bank (FRB)
Minneapolis, Minnesota

Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA) or other similar credentials. Execute ongoing or operational infor...

Deluxe
Minneapolis, Minnesota

The Senior Information Security Risk Analyst leads enterprise information security training and awareness activities, including secure development training, compliance & ethics training, and phishing simulations. Launch your cybersecurity career as an Information Security Risk Analyst at Deluxe. Inf...

UnitedHealth Group
Eden Prairie, Minnesota
Remote

Manage and execute the assessment process and deliverables by providing oversight to assessment results to include but not limited to Security Assessment Plans (SAPs) and Security Assessment Reports (SARs). Oversee and manage the successful execution of Information Risk Governance’s (IRG) strategy, ...

Schwan's Company
Bloomington, Minnesota

Ensures the accumulation of these risk assessments results are appropriately incorporated into an enterprise view and communicated to the corporate executives and Board of Directors Audit & Risk Committee, and further used to define an audit services project plan. Administers a comprehensive, ongoin...

UnitedHealth Group
Eden Prairie, Minnesota

This position is responsible for leading third party risk assessment and security consulting activities to assess the design, effectiveness and efficiency of the IT controls and compliance with laws and regulations. Assists with the development and execution of Information Risk Governance department...