AUDIT PROJECT MANAGER (INFORMATION SECURITY)

At U.S. Bank, we're on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed.

We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.

S. Bank gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career.

Try new things, learn new skills and discover what you excel at-all from Day One.

Job Description

The Corporate Audit Services Audit Project Manager - Information Security Service is primarily responsible for supervising staff in the completion of audit engagements with minimal supervision from managers, however there are no direct reports.

The Audit Project Manager- Cybersecurity is expected to monitor progress of audit engagements against plan and schedule, assess work performed by the audit engagement team, and provide coaching and on-the-job training for team members to ensure engagements are completed in conformance with internal audit policies and procedures.

Responsibilities :

• Supervising audit staff in the completion of audit engagements, ensuring the highest quality work delivered timely. Supervision includes :
• Assessing work performed by staff by providing coaching notes that are relevant to the scope, accuracy and completeness of work performed.
• Performing sufficient reviews to ensure work contains relevant facts to support audit scope and conclusions and adhere to internal audit policies and procedures.
• Reviewing issues to ensure potential exposures and significance are included, root causes are identified, and operationally effective and cost-effective actions to address those causes are developed into appropriate recommendations.
• Completing or assisting managers in planning audit engagements. Includes identifying and analyzing business processes, key risks and critical controls;

interviewing auditees; determining audit scope; evaluating control design adequacy; and developing audit programs which provide sufficient guidance for testing control performance effectiveness and making evaluations which effectively achieve audit objectives.

• Assisting the managers in reporting and wrap-up phases of audits. Includes appropriate disposition of issues and drafting audit reports which include issues.
• Monitoring progress of audit engagements against plan and schedule. Includes making necessary adjustments and promptly completing work paper reviews on a timely basis to ensure all issues are identified and dispositioned prior to report draft issuance.
• Providing on-the-job training for staff. Includes business knowledge of products, services, and delivery systems; company policies and procedures;

applicable laws and regulations; and formal / informal control frameworks.

Collaborating across the three lines of defense regarding information technology and business processes, risks, and controls.

Coordinating audit activities by integrating other internal audit subject matter teams (Information Technology, Anti-Money Laundering, Compliance, Risk Management, Treasury, etc.

to ensure appropriate and efficient coverage of the business products, services and processes. Managing the team's workload to assist other audit teams when resources are needed for areas of higher risk.

Performing other duties as requested by management.

Preferred Skills / Experience

• Bachelor's degree, or equivalent work experience
• 10 or more years of applicable experience
• Considerable knowledge of applicable laws, regulations, financial services, and regulatory trends that impact their assigned line of business
• Relevant Financial Service Industry and Information Security knowledge (Threat Hunting and Intelligence, Data Loss Prevention, Identity Management, Vulnerability Management, Application Security, etc.) knowledge.
• Knowledge of the NIST Cybersecurity Framework.
• Thorough understanding of Institute of Internal Auditors (IIA) Standards and the common definition of internal controls.
• CISA, CISSP, CIA, CPA or other relevant professional designation or advanced degree.
• Experience in leading complex information security / cybersecurity audits
• Bachelor's degree in information systems / technology or a related field (preferably in Management Information Systems MIS ).
• Considerable understanding of the business line's operations, products / services, systems, and associated risks / controls
• Considerable knowledge of Risk / Compliance / Audit competencies
• Strong process facilitation, project management, and analytical skills
• Must possess business acumen and credibility to help business line(s) proactively identify and address changing workforce needs
• Excellent presentation, interpersonal, written and verbal communication skills
• Proficient computer navigation skills using a variety of software packages, including Microsoft Office applications and word processing, spreadsheets, databases, and presentations
• Applicable professional certifications preferred

INDMO

The role offers a hybrid / flexible schedule, which means there's an in-office expectation of 3 or more days per week and the flexibility to work outside the office location for the other days.

If there's anything we can do to accommodate a disability during any portion of the application or hiring process, please refer to our disability accommodations for applicants.

Benefits :

Our approach to benefits and total rewards considers our team members' whole selves and what may be needed to thrive in and outside work.

That's why our benefits are designed to help you and your family boost your health, protect your financial security and give you peace of mind.

Our benefits include the following (some may vary based on role, location or hours) :

• Healthcare (medical, dental, vision)
• Basic term and optional term life insurance
• Short-term and long-term disability
• Pregnancy disability and parental leave
• 401(k) and employer-funded retirement plan
• Paid vacation (from two to five weeks depending on salary grade and tenure)
• Up to 11 paid holiday opportunities
• Adoption assistance
• Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law

EEO is the Law

U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors.

Applicants can learn more about the company's status as an equal opportunity employer by viewing the federal KNOW YOUR RIGHTS EEO poster.

E-Verify

U.S. Bank participates in the U.S. Department of Homeland Security E-Verify program in all facilities located in the United States and certain U.

S. territories. The E-Verify program is an Internet-based employment eligibility verification system operated by the U.S.

Citizenship and Immigration Services. Learn more about the E-Verify program.

The salary range reflects figures based on the primary location, which is listed first. The actual range for the role may differ based on the location of the role.

In addition to salary, U.S. Bank offers a comprehensive benefits package, including incentive and recognition programs, equity stock purchase 401(k) contribution and pension (all benefits are subject to eligibility requirements).

Pay Range : $116,280.00 - $136,800.00 - $150,480.00

Job postings typically remain open for approximately 20 days of the posting date listed above, however the job posting may be closed earlier should it be determined the position is no longer required due to business need.

Job postings in areas with a high volume of applicants, such as customer service, contact center, and Financial Crimes investigations, remain open for approximately 5 days of the posting listed date.