Job Description
Demonstrated People Leader experience
Experience in Cyber security Risk management
Financial Industry regulatory requirements (PCI, etc)
Bachelor's degree or equivalent work experience
At least 6 years experience with management approaches, tools, and techniques for gaining the cooperation and support of others
At least 10 years experience with processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data
10+ years professional experience in information security and technology with a track record of increasing scope and responsibility
Experience developing and managing strategic roadmap tied to the business line objectives as well as day-to-day operations of the team
Demonstrable experience with modern frameworks, including MITRE ATT&CK, Threat Informed Defense, Diamond Model, cyber kill chain and NIST 800-53
Partner with Cyber Threat Intelligence team to review tactics, techniques and procedures (TTPs) of threat actors (including internal and external red/pentest teams) that target U.S. Bank and the financial sector as well
Experience partnering with Detection Engineering team to develop new capabilities to alert on the potential presence of threat actors
Experience partnering with Computer Security Incident Response Team to review and investigate findings
Understanding of Cloud and SaaS configuration management and risk reduction with various Cloud Service Providers (AWS, Azure, GCP) and how to investigate potential threats in those environments
Experience developing and monitoring dashboards to follow trends and investigate anomalies
Understanding of and experience in threat hunting, threat intelligence, red team, or incident response
Experience in process improvement around business processes and standard operating procedures
Development and monitoring of system vulnerability, threat, control, response, and risk mitigation processes, procedures, and controls
Understanding of and experience with CIS Benchmarks ie: security configuration and countermeasures and prioritization
Experience partnering with Cyber Security Risk and Third Party Risk Management teams to review and investigate supply chain attacks
Experience with Information assurance
Understanding of Network and internet security, and how to mitigate threats in all part of the environment (Supply Chain, API, Open Source Software)
Understanding of I.T. standards, procedures, policy, governance, environment
Ability to translate technical language/terms into readily digestible/understandable language for business users
Experience with Product and vendor evaluation
Experience with and /or understanding of Information security management, technologies, architecture, audits, administration
Benefits
Our approach to benefits and total rewards considers our team members' whole selves and what may be needed to thrive in and outside work
That's why our benefits are designed to help you and your family boost your health, protect your financial security and give you peace of mind
Healthcare (medical, dental, vision)
Basic term and optional term life insurance
Short-term and long-term disability
Pregnancy disability and parental leave
401(k) and employer-funded retirement plan
Paid vacation (from two to five weeks depending on salary grade and tenure)
Up to 11 paid holiday opportunities
Adoption assistance
Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law
In addition to salary, U.S. Bank offers a comprehensive benefits package, including incentive and recognition programs, equity stock purchase 401(k) contribution and pension (all benefits are subject to eligibility requirements)
Pay Range: $12+,455.00 - $152,300.00 - $167,530.00
Responsibilities
Information Security Manager with demonstrated competence and visionary leadership experience to contribute toward the success of our technology initiatives
Directs and oversees the development and maintenance of an information security team that manages an enterprise information security program
Directs and oversees day-to-day operation and effectiveness of security-related programs and initiatives
Sets policy and direction for securing the Bank's systems and information
Directs and leads development, implementation, and enforcement of organization-wide security standards, baselines, and procedures in compliance with policy
Works with development and infrastructure support management to ensure that processes and programs are in place for ongoing compliance and cyber risk mitigation
Monitors cyber security threat environment for emerging threats impacting the Bank's information security program and initiatives
Updates the policy and the program to support risk mitigation and regulatory compliance
Evaluates security requirements in context with other business requirements, and recommends measures to manage risk and adequately secure information systems
Monitors changes in business, technology, and threat environments to identify and develop strategies for addressing new risks to Bank systems and information
Establishes security monitoring practices for all platforms across the enterprise
Monitors and assesses security violations, vulnerabilities and other anomalies
Directs and oversees maintenance of programs to manage risks to the Bank's network, systems, and data from malware, network intrusion, and other threats
Assesses the risk associated with newly discovered vulnerabilities and directs the application of vendor-supplied patches to manage risk
Assesses cost of potential threats relative to cost of solutions required to eliminate or minimize threats
Participates and oversees the execution of an incident management process that ensures timely detection, containment, and eradication of threats, recovery from resulting damage, and corrective action to minimize the risk of future incidents
Evaluates and monitors supply chain risk, response, and due diligence
Serves as liaison to internal and external auditors, regulators, and customers in examinations of the Bank's security program
Monitors all phases of audits to ensure progress according to audit plan; monitors status of ongoing reviews
Recommends: hires, transfers, terminations, salary adjustments, performance standards and reviews
Plans, develops and controls moderate to large project/product budgets
This role offers a hybrid/flexible schedule, which means there's an in-office expectation of 3 or more days per week and the flexibility to work outside the office location for the other days
Oversee the day-to-day management of a 5-10 person geographically dispersed team and develop the careers of the individuals on the team
Job description
At U.S. Bank, we're on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed. We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.S. Bank gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career. Try new things, learn new skills and discover what you excel at-all from Day One.
Job Description
U.S. Bank is seeking a Sr. Information Security Manager with demonstrated competence and visionary leadership experience to contribute toward the success of our technology initiatives. Directs and oversees the development and maintenance of an information security team that manages an enterprise information security program. Directs and oversees day-to-day operation and effectiveness of security-related programs and initiatives. Sets policy and direction for securing the Bank's systems and information. Directs and leads development, implementation, and enforcement of organization-wide security standards, baselines, and procedures in compliance with policy. Works with development and infrastructure support management to ensure that processes and programs are in place for ongoing compliance and cyber risk mitigation. Monitors cyber security threat environment for emerging threats impacting the Bank's information security program and initiatives. Updates the policy and the program to support risk mitigation and regulatory compliance. Evaluates security requirements in context with other business requirements, and recommends measures to manage risk and adequately secure information systems. Monitors changes in business, technology, and threat environments to identify and develop strategies for addressing new risks to Bank systems and information. Establishes security monitoring practices for all platforms across the enterprise. Monitors and assesses security violations, vulnerabilities and other anomalies. Directs and oversees maintenance of programs to manage risks to the Bank's network, systems, and data from malware, network intrusion, and other threats. Assesses the risk associated with newly discovered vulnerabilities and directs the application of vendor-supplied patches to manage risk. Assesses cost of potential threats relative to cost of solutions required to eliminate or minimize threats. Participates and oversees the execution of an incident management process that ensures timely detection, containment, and eradication of threats, recovery from resulting damage, and corrective action to minimize the risk of future incidents. Evaluates and monitors supply chain risk, response, and due diligence. Serves as liaison to internal and external auditors, regulators, and customers in examinations of the Bank's security program. Monitors all phases of audits to ensure progress according to audit plan; monitors status of ongoing reviews. Recommends: hires, transfers, terminations, salary adjustments, performance standards and reviews. Plans, develops and controls moderate to large project/product budgets.
This role offers a hybrid/flexible schedule, which means there's an in-office expectation of 3 or more days per week and the flexibility to work outside the office location for the other days.
• Minneapolis, MN
• Cincinnati, Ohio
• Charllote, NC
Top 3 Skills
• Demonstrated People Leader experience
• Experience in Cyber security Risk management
• Financial Industry regulatory requirements (PCI, etc)
Basic Qualifications
• Bachelor's degree or equivalent work experience
• At least 6 years experience with management approaches, tools, and techniques for gaining the cooperation and support of others
• At least 10 years experience with processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data
Experience Should Include
• 10+ years professional experience in information security and technology with a track record of increasing scope and responsibility.
• 1+ years experience with ServiceNow security modules (IRM or SecOps preferred)
• Experience developing and managing strategic roadmap tied to the business line objectives as well as day-to-day operations of the team.
• Demonstrable experience with modern frameworks, including MITRE ATT&CK, Threat Informed Defense, Diamond Model, cyber kill chain and NIST 800-53.
• Partner with Cyber Threat Intelligence team to review tactics, techniques and procedures (TTPs) of threat actors (including internal and external red/pentest teams) that target U.S. Bank and the financial sector as well.
• Experience partnering with Detection Engineering team to develop new capabilities to alert on the potential presence of threat actors.
• Experience partnering with Computer Security Incident Response Team to review and investigate findings.
• Understanding of Cloud and SaaS configuration management and risk reduction with various Cloud Service Providers (AWS, Azure, GCP) and how to investigate potential threats in those environments.
• Experience developing and monitoring dashboards to follow trends and investigate anomalies.
• Understanding of and experience in threat hunting, threat intelligence, red team, or incident response
• Experience in process improvement around business processes and standard operating procedures.
• Development and monitoring of system vulnerability, threat, control, response, and risk mitigation processes, procedures, and controls
• Understanding of and experience with CIS Benchmarks ie: security configuration and countermeasures and prioritization.
• Experience partnering with Cyber Security Risk and Third Party Risk Management teams to review and investigate supply chain attacks
• Oversee the day-to-day management of a 5-10 person geographically dispersed team and develop the careers of the individuals on the team.
• Experience with Information assurance
• Understanding of Network and internet security, and how to mitigate threats in all part of the environment (Supply Chain, API, Open Source Software)
• Understanding of I.T. standards, procedures, policy, governance, environment
• Ability to translate technical language/terms into readily digestible/understandable language for business users
• Experience with Product and vendor evaluation
• Experience with and /or understanding of Information security management, technologies, architecture, audits, administration
Preferred Skills/Experience
• Certified Information Systems Auditor (CISA)
• ISACA Certified Information Security Manager (CISM)
• Certified Information System Security Professional (CISSP)
If there's anything we can do to accommodate a disability during any portion of the application or hiring process, please refer to our disability accommodations for applicants.
Benefits:
Our approach to benefits and total rewards considers our team members' whole selves and what may be needed to thrive in and outside work. That's why our benefits are designed to help you and your family boost your health, protect your financial security and give you peace of mind. Our benefits include the following (some may vary based on role, location or hours):
• Healthcare (medical, dental, vision)
• Basic term and optional term life insurance
• Short-term and long-term disability
• Pregnancy disability and parental leave
• 401(k) and employer-funded retirement plan
• Paid vacation (from two to five weeks depending on salary grade and tenure)
• Up to 11 paid holiday opportunities
• Adoption assistance
• Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law
EEO is the Law
U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, ****** orientation, gender identity, disability or veteran status, among other factors. Applicants can learn more about the company's status as an equal opportunity employer by viewing the federal KNOW YOUR RIGHTS EEO poster.
E-Verify
U.S. Bank participates in the U.S. Department of Homeland Security E-Verify program in all facilities located in the United States and certain U.S. territories. The E-Verify program is an Internet-based employment eligibility verification system operated by the U.S. Citizenship and Immigration Services. Learn more about the E-Verify program.
The salary range reflects figures based on the primary location, which is listed first. The actual range for the role may differ based on the location of the role. In addition to salary, U.S. Bank offers a comprehensive benefits package, including incentive and recognition programs, equity stock purchase 401(k) contribution and pension (all benefits are subject to eligibility requirements). Pay Range: $12+,455.00 - $152,300.00 - $167,530.00
U.S. Bank will consider qualified applicants with arrest or conviction records for employment. U.S. Bank conducts background checks consistent with applicable local laws, including the Los Angeles County Fair Chance Ordinance and the California Fair Chance Act as well as the San Francisco Fair Chance Ordinance. U.S. Bank is subject to, and conducts background checks consistent with the requirements of Section 1+ of the Federal Deposit Insurance Act (FDIA). In addition, certain positions may also be subje
Original job Sr/ Manager - Information Security Risk Assessment posted on GrabJobs ©. To flag any issues with this job please use the Report Job button on GrabJobs.
💡 Quick Summary
Seeking a career-building opportunity? The Sr| Manager | Information Security Risk Assessment position is now open for candidates interested in the Bank Jobs sector. This role in New York City offers a professional environment and growth potential.
Requirement Snapshot: Candidates should possess basic communication skills, a proactive attitude, and the ability to work in a team. Experience in Bank Jobs is a plus.
