At U.S. Bank, we’re on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed. We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.S. Bank gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career. Try new things, learn new skills and discover what you excel at—all from Day One.

Job Description

U.S. Bank is seeking a Sr Information Cyber Security Risk Specialist with ServiceNow IRM experience who will be responsible for conducting cyber security risk assessments to identify vulnerabilities and potential threats to the organization's information systems & networks, applications and data. Requires regular monitoring of potential cyber risk and reporting of compliance with established policies and procedures. The ideal candidate will have a well-rounded information security background including a strong understanding of information security controls (design, deployment, and testing), industry standards and best practices such as the NIST800 series. The candidate should understand and have experience with evaluating the design and operating effectiveness of controls, as they apply to the regulatory, legal and contractual requirements impacting financial institutions (e.g. GLBA, SOX, FFIEC, and PCI).

Responsibilities may include but are not limited to :

• Provide leadership in formalizing/designing technical controls based on the current environment, while considering required control attributes, viability of control sustainability, and the cost benefit equation of control changes

• Provide recommendations on internal control assessments with business and technology partners

• Possess understanding and ability to communicate emerging information security threats and their impact on the business environment

• Evaluate the effectiveness of controls in place to mitigate threats and communicate remaining residual risk

• Will assist technical owners in defining risk and risk mitigation to ensure continuous improvement of the Bank’s information security posture.

• Will ensure that all stakeholders are aware of potential risks to information systems (infrastructure, application & data)

• Monitors security controls and technologies to protect the organization's information assets including but not limited to data encryption, vulnerability management , access controls, and intrusion detection and prevention systems.

T he candidate additionally will have or exhibit the following:

• Diverse technical background including experience with multiple security technologies

• Ability to analyze and articulate implications of a threat actor exploiting vulnerabilities or gaps in controls

• Professional writing skills with experience in documenting controls, control testing procedures and control testing results

• Skilled at communicating technical information to both technical and non-technical audiences and stakeholders at every level of the organization

• Ability to build and maintain relationships across diverse technical and non-technical teams

• We are seeking a self-motivated individual well-versed in information security controls, information assurance and risk management. The candidate will collaborate across organizations to achieve mutual goals.

This role offers a hybrid/flexible schedule, which means there's an in-office expectation of 3 or more days per week and the flexibility to work outside the office location for the other days.

Top 3 skills:

• ServiceNow Integrated Risk Management (IRM)

• Experience with MITRE ATT&CK

• Technical Risk Assessment - configurations / tools/ controls to mitigate technical risk

Minimum Requirements:

• Bachelor's degree or equivalent work experience

• Typically 8+ years of experience in information technology and/or information security and compliance

• Understanding of financial industry legal, regulatory and compliance requirements for information security

Experience Should Include

• 1+ years experience with ServiceNow Integrated Risk Management (IRM)

• 1+ years using ServiceNow module to manage technical assets ie: CMDB, SecOps, ITSM, 3rd party risk management, application portfolio management, software portfolio management

• 2+ years experience using Archer for risk management

• 2+ years experience with PCI requirements

• Understanding of financial industry regulations

• 2+ years experience using MITRE ATT&CK for threat & risk mitigation

• Experience with CIS benchmarks to mitigate threat

• NIST800 series framework

• Professional communication and collaboration skills

Preferred Skills/Experience

• Security Certifications: CISSP, CISA, CRISC, CISM

• Cloud Certifications (AWS or Azure)

• Familiarity with technical control design and deployment

• Ability to articulate complex technical issues in a clear and concise manner

#ISS

#LI-HYBRID

If there’s anything we can do to accommodate a disability during any portion of the application or hiring process, please refer to our disability accommodations for applicants (https://careers.usbank.com/global/en/disability-accommodations-for-applicants) .

Benefits:

Our approach to benefits and total rewards considers our team members’ whole selves and what may be needed to thrive in and outside work. That's why our benefits are designed to help you and your family boost your health, protect your financial security and give you peace of mind. Our benefits include the following (some may vary based on role, location or hours):

• Healthcare (medical, dental, vision)

• Basic term and optional term life insurance

• Short-term and long-term disability

• Pregnancy disability and parental leave

• 401(k) and employer-funded retirement plan

• Paid vacation (from two to five weeks depending on salary grade and tenure)

• Up to 11 paid holiday opportunities

• Adoption assistance

• Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law

EEO is the Law

U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors. Applicants can learn more about the company’s status as an equal opportunity employer by viewing the federal KNOW YOUR RIGHTS (https://eeoc.gov/sites/default/files/2023-06/22-088_EEOC_KnowYourRights6.12ScreenRdr.pdf) EEO poster.

E-Verify

U.S. Bank participates in the U.S. Department of Homeland Security E-Verify program in all facilities located in the United States and certain U.S. territories. The E-Verify program is an Internet-based employment eligibility verification system operated by the U.S. Citizenship and Immigration Services. Learn more about the E-Verify program (https://careers.usbank.com/verification-of-eligibility-for-employment) .

The salary range reflects figures based on the primary location, which is listed first. The actual range for the role may differ based on the location of the role. In addition to salary, U.S. Bank offers a comprehensive benefits package, including incentive and recognition programs, equity stock purchase 401(k) contribution and pension (all benefits are subject to eligibility requirements). Pay Range: $116,280.00 - $136,800.00 - $150,480.00

Job postings typically remain open for approximately 20 days of the posting date listed above, however the job posting may be closed earlier should it be determined the position is no longer required due to business need. Job postings in areas with a high volume of applicants, such as customer service, contact center, and Financial Crimes investigations, remain open for approximately 5 days of the posting listed date.