At U.S. Bank, we’re on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed. We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.S. Bank gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career. Try new things, learn new skills and discover what you excel at—all from Day One.
Job Description
This role offers a hybrid/flexible schedule, which means there's an in-office expectation of 3 or more days per week and the flexibility to work outside the office location for the other days.
US Bank Technology Risk Management is seeking a highly motivated Technology Risk Professional to support execution of the information security oversight program. This role is critical to helping the company identify and address compliance, financial, operational, strategic and technology risks in technology processes including those related to merger and acquisition activities. The work requires proficiency in the areas of Information security controls, standards, and requirements as well as industry and regulatory frameworks such as SOX, PCI, HIPPA, GDPR, DORA, NIST CSF, etc. The role will focus on robust planning, execution, and tracking of Information security control integration within Technology solutions to build a robust security posture.
Partners with their assigned Line of Business, other Risk/Compliance/Audit (RCA) professionals, and RCA Managers to, depending on their function, create, implement, maintain, review or oversee an effective risk management framework. Participates in projects and/or activities that ensure compliance with applicable federal, state, and local laws and regulations. Identifies gaps and inform solutions that minimize losses resulting from inadequate internal processes, systems or human errors. Identifies, responds and/or escalates risks as appropriate. Serves as a functional liaison between the Line of Business and the Lines of Defense.
Top Skills:
- Technology Risk Management
- Information Security Risk Management
- Technology Controls
- SDLC
Basic Qualifications
- Bachelor's degree, or equivalent work experience
- Typically, more than six years of applicable experience
Preferred Skills/Experience
- Considerable knowledge of applicable laws, regulations, financial services, and regulatory trends that impact their assigned line of business
- Considerable understanding of the business line’s operations, products/services, systems, and associated risks/controls
- Thorough knowledge of Risk/Compliance/Audit competencies
- Strong analytical, process facilitation and project management skills
- Effective presentation, interpersonal, written and verbal communication skills
- Effective relationship building and negotiation skills
- Proficient computer navigation skills using a variety of software packages, including Microsoft Office applications and word processing, spreadsheets, databases, and presentations
- Applicable professional certifications
Responsibilities include:
- Assist with Technology Merger & Acquisition Risk Assessment reviews during integration to ensure technology teams understand information security standards, requirements, and control objectives.
- Track the information security control related technology deliverables to completion after integration of new technologies.
- Assist with information security-specific Technology controls that need to be developed throughout technology implementation and integration lifecycles.
- Assist in management of any information security risk management findings and associated remediation efforts for Technology including reporting and escalation to management.
Other key responsibilities that may apply:
- Consult on strategic initiatives that are defined by product area owners to ensure risks are appropriately understood, documented, reported, and escalated.
- Provide advisory and implementation support in the development of management response plans to manage associated risk stemming from incomplete implementation of information security control requirements.
- Perform risk assessments to evaluate compliance with existing policies and procedures and to accurately identify risks, impacts, and help drive remediation processes to ensure that compliance and security gaps are addressed.
- Use data analysis to help aligned Program Leaders drive proactive and anticipatory approaches to risk management.
- Provide guidance on how to effectively achieve and sustain compliance with regulatory, industry and contractual obligations, as well as information security policies and practices.
- Support Technology teams in demonstrating evidence of control effectiveness as well as identification and escalation of control gaps in a timely manner.
- Deliver targeted and actionable risk reporting across various leadership levels.
- Serve as a functional liaison between the Business Line, Information Security, and second and third lines of defense.
- Perform control procedure and documentation reviews including conducting interviews to clarify processes, data flows and architectures.
- Assist in root cause and impact analysis and provide management with recommendations to resolve issued findings.
- Use knowledge of the current IT and Information Security environment and industry IT and information security trends to help identify and anticipate potential issues that may impact the companies risk landscape.
- Assist in building continuous monitoring/reporting to improve efficiency and awareness of control activities.
#J-18808-Ljbffr
