Technology Risk Professional - Information Security Oversight

At U.S. Bank, we're on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed. We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.S. Bank gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career. Try new things, learn new skills and discover what you excel at-all from Day One.

Job Description

This role offers a hybrid/flexible schedule, which means there's an in-office expectation of 3 or more days per week and the flexibility to work outside the office location for the other days.

US Bank Technology Risk Management is seeking a highly motivated Technology Risk Professional to support execution of the information security oversight program. This role is critical to helping the company identify and address compliance, financial, operational, strategic and technology risks in technology processes including those related to merger and acquisition activities. The work requires proficiency in the areas of Information security controls, standards, and requirements as well as industry and regulatory frameworks such as SOX, PCI, HIPPA, GDPR, DORA, NIST CSF, etc. The role will focus on robust planning, execution, and tracking of Information security control integration within Technology solutions to build a robust security posture.

Partners with their assigned Line of Business, other Risk/Compliance/Audit (RCA) professionals, and RCA Managers to, depending on their function, create, implement, maintain, review or oversee an effective risk management framework. Participates in projects and/or activities that ensure compliance with applicable federal, state, and local laws and regulations. Identifies gaps and inform solutions that minimize losses resulting from inadequate internal processes, systems or human errors. Identifies, responds and/or escalates risks as appropriate. Serves as a functional liaison between the Line of Business and the Lines of Defense.

Top Skills:

• Technology Risk Management
• Information Security Risk Management
• Technology Controls
• SDLC

Basic Qualifications

• Bachelor's degree, or equivalent work experience
• Typically, more than six years of applicable experience

Preferred Skills/Experience

• Considerable knowledge of applicable laws, regulations, financial services, and regulatory trends that impact their assigned line of business
• Considerable understanding of the business line's operations, products/services, systems, and associated risks/controls
• Thorough knowledge of Risk/Compliance/Audit competencies
• Strong analytical, process facilitation and project management skills
• Effective presentation, interpersonal, written and verbal communication skills
• Effective relationship building and negotiation skills
• Proficient computer navigation skills using a variety of software packages, including Microsoft Office applications and word processing, spreadsheets, databases, and presentations
• Applicable professional certifications

Responsibilities include:

• Assist with Technology Merger & Acquisition Risk Assessment reviews during integration to ensure technology teams understand information security standards, requirements, and control objectives.
• Track the information security control related technology deliverables to completion after integration of new technologies.
• Assist with information security-specific Technology controls that need to be developed throughout technology implementation and integration lifecycles.
• Assist in management of any information security risk management findings and associated remediation efforts for Technology including reporting and escalation to management.

Other key responsibilities that may apply:

• Consult on strategic initiatives that are defined by product area owners to ensure risks are appropriately understood, documented, reported, and escalated.
• Provide advisory and implementation support in the development of management response plans to manage associated risk stemming from incomplete implementation of information security control requirements.
• Perform risk assessments to evaluate compliance with existing policies and procedures and to accurately identify risks, impacts, and help drive remediation processes to ensure that compliance and security gaps are addressed.
• Use data analysis to help aligned Program Leaders drive proactive and anticipatory approaches to risk management.
• Provide guidance on how to effectively achieve and sustain compliance with regulatory, industry and contractual obligations, as well as information security policies and practices.
• Support Technology teams in demonstrating evidence of control effectiveness as well as identification and escalation of control gaps in a timely manner.
• Deliver targeted and actionable risk reporting across various leadership levels.
• Serve as a functional liaison between the Business Line, Information Security, and second and third lines of defense.
• Perform control procedure and documentation reviews including conducting interviews to clarify processes, data flows and architectures.
• Assist in root cause and impact analysis and provide management with recommendations to resolve issued findings.
• Use knowledge of the current IT and Information Security environment and industry IT and information security trends to help identify and anticipate potential issues that may impact the companies risk landscape
• Assist in building continuous monitoring/reporting to improve efficiency and awareness of control activities

If there's anything we can do to accommodate a disability during any portion of the application or hiring process, please refer to our disability accommodations for applicants .

Benefits:

Our approach to benefits and total rewards considers our team members' whole selves and what may be needed to thrive in and outside work. That's why our benefits are designed to help you and your family boost your health, protect your financial security and give you peace of mind. Our benefits include the following (some may vary based on role, location or hours):

• Healthcare (medical, dental, vision)
• Basic term and optional term life insurance
• Short-term and long-term disability
• Pregnancy disability and parental leave
• 401(k) and employer-funded retirement plan
• Paid vacation (from two to five weeks depending on salary grade and tenure)
• Up to 11 paid holiday opportunities
• Adoption assistance
• Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law

EEO is the Law

U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors. Applicants can learn more about the company's status as an equal opportunity employer by viewing the federal KNOW YOUR RIGHTS EEO poster.

E-Verify

U.S. Bank participates in the U.S. Department of Homeland Security E-Verify program in all facilities located in the United States and certain U.S. territories. The E-Verify program is an Internet-based employment eligibility verification system operated by the U.S. Citizenship and Immigration Services. Learn more about the E-Verify program .

The salary range reflects figures based on the primary location, which is listed first. The actual range for the role may differ based on the location of the role. In addition to salary, U.S. Bank offers a comprehensive benefits package, including incentive and recognition programs, equity stock purchase 401(k) contribution and pension (all benefits are subject to eligibility requirements). Pay Range: $95,285.00 - $112,100.00 - $123,310.00

U.S. Bank will consider qualified applicants with arrest or conviction records for employment. U.S. Bank conducts background checks consistent with applicable local laws, including the Los Angeles County Fair Chance Ordinance and the California Fair Chance Act as well as the San Francisco Fair Chance Ordinance. U.S. Bank is subject to, and conducts background checks consistent with the requirements of Section 19 of the Federal Deposit Insurance Act (FDIA). In addition, certain positions may also be subject to the requirements of FINRA, NMLS registration, Reg Z, Reg G, OFAC, the NFA, the FCPA, the Bank Secrecy Act, the SAFE Act, and/or federal guidelines applicable to an agreement, such as those related to ethics, safety, or operational procedures.

Applicants must be able to comply with U.S. Bank policies and procedures including the Code of Ethics and Business Conduct and related workplace conduct and safety policies.

Job postings typically remain open for approximately 20 days of the posting date listed above, however the job posting may be closed earlier should it be determined the position is no longer required due to business need. Job postings in areas with a high volume of applicants, such as customer service, contact center, and Financial Crimes investigations, remain open for approximately 5 days of the posting listed date.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.