At U.S. Bank, we’re on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed. We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.S. Bank gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career. Try new things, learn new skills and discover what you excel at—all from Day One.

JOB DESCRIPTION

The Senior Information Security Specialist supports enterprise adherence to information security controls and industry best practices by leading various initiatives to protect the confidentiality, integrity and availability of our information systems. We are seeking a self-motivated individual with extensive experience in third party risk. The candidate will have a broad understanding of security controls and can collaborate across organizations to achieve mutual goals.

Responsibilities may include but are not limited to:

• Facilitating SME discussions with various third parties to effectively understand security control effectiveness
• Researching emerging IT/IS risk factors and their impact on current control standards and understanding vendor risk management processes and due diligence reviews
• Analyzing responses to third party assessment questionnaires and reviewing supporting documentation
• Reporting and escalating issues appropriately and in a timely manner
• Providing recommendation to leadership on program enhancements and strategic direction
• Facilitating SME discussions as it relates to IS applicable contractual requirements
• Performing Continuous Monitoring activities and Post Incident Response analysis

The ideal candidate will have a well-rounded information security background including a strong understanding of Third Party Risk Management, information security controls, industry standards and best practices such as the NIST 800-53, NIST CSF, and ISO 27000 series. The candidate should understand and have experience with the security configuration and various design controls, regulatory, legal and contractual requirements impacting financial institutions (e.g. GLBA, SOX, FFIEC, GDPR and PCI). The candidate additionally will have or exhibit the following:

• Strong writing skills with experience in documenting risk analysis results
• Ability to lead and coordinate work efforts to meet tactical and strategic goals
• Experience with program management and measurement through development and implementation of process efficiency and effectiveness measurements
• Ability to analyze and articulate implications of compliance requirements
• Ability to communicate technical information to non-technical audiences and stakeholders
• Ability to build and maintain effective relationships with cross-functional teams, senior leadership, technical resources, and auditor

Minimum Requirements:

• Bachelor’s degree or equivalent work experience
• Minimum of 10 years of experience in information technology, information security, risk management, and/or complianc

Preferred Skills/Experience:

• Experience in financial or legal regulatory and compliance requirements for information security
• Industry certification in the area of information security, project management, or auditing, including CISSP (strongly preferred), CTPRP, CISM, CGEIT, CISA, GIAC GSEC, CRISC, or PMP
• Experience in process development and documentation
• Knowledge of RSA Archer tool, Cloud technologies, and/or SIG/Shared Assessments
• Familiarity with security monitoring tools such as Risk Recon and/or Bitsight
• Familiarity with Artificial Intelligence Information Security Requirement

THE ROLE OFFERS A HYBRID/FLEXIBLE SCHEDULE, WHICH MEANS THERE’S AN IN-OFFICE EXPECTATION OF 3 OR MORE DAYS PER WEEK AND THE FLEXIBILITY TO WORK OUTSIDE THE OFFICE LOCATION FOR THE OTHER DAYS AT ONE OF THE FOLLOWING LOCATIONS:

• Minneapolis, MN
• Cincinnati, Ohio
• Dallas, TX
• Charlotte, NC
• Atlanta, GA

The ideal candidate will have a well-rounded information security background including a strong understanding of Third Party Risk Management, information security controls, industry standards and best practices such as the NIST 800-53, NIST CSF, and ISO 27000 series. The candidate should understand and have experience with the security configuration and various design controls, regulatory, legal and contractual requirements impacting financial institutions (e.g. GLBA, SOX, FFIEC, GDPR and PCI). The candidate additionally will have or exhibit the following:

• Strong writing skills with experience in documenting risk analysis results
• Ability to lead and coordinate work efforts to meet tactical and strategic goals
• Experience with program management and measurement through development and implementation of process efficiency and effectiveness measurements
• Ability to analyze and articulate implications of compliance requirements
• Ability to communicate technical information to non-technical audiences and stakeholders
• Ability to build and maintain effective relationships with cross-functional teams, senior leadership, technical resources, and auditors

Minimum Requirements:

• Bachelor’s degree or equivalent work experience
• Minimum of 10 years of experience in information technology, information security, risk management, and/or compliance

Preferred Skills/Experience:

• Experience in financial or legal regulatory and compliance requirements for information security
• Industry certification in the area of information security, project management, or auditing, including CISSP (strongly preferred), CTPRP, CISM, CGEIT, CISA, GIAC GSEC, CRISC, or PMP
• Experience in process development and documentation
• Knowledge of RSA Archer tool, Cloud technologies, and/or SIG/Shared Assessments
• Familiarity with security monitoring tools such as Risk Recon and/or Bitsight
• Familiarity with Artificial Intelligence Information Security Requirements

If there’s anything we can do to accommodate a disability during any portion of the application or hiring process, please refer to our disability accommodations for applicants.

Responsibilities may include but are not limited to:

• Facilitating SME discussions with various third parties to effectively understand security control effectiveness
• Researching emerging IT/IS risk factors and their impact on current control standards and understanding vendor risk management processes and due diligence reviews
• Analyzing responses to third party assessment questionnaires and reviewing supporting documentation
• Reporting and escalating issues appropriately and in a timely manner
• Providing recommendation to leadership on program enhancements and strategic direction
• Facilitating SME discussions as it relates to IS applicable contractual requirements
• Performing Continuous Monitoring activities and Post Incident Response analysi

Our approach to benefits and total rewards considers our team members’ whole selves and what may be needed to thrive in and outside work. That’s why our benefits are designed to help you and your family boost your health, protect your financial security and give you peace of mind. Our benefits include the following (some may vary based on role, location or hours):

• Healthcare (medical, dental, vision)
• Basic term and optional term life insurance
• Short-term and long-term disability
• Pregnancy disability and parental leave
• 401(k) and employer-funded retirement plan
• Paid vacation (from two to five weeks depending on salary grade and tenure)
• Up to 11 paid holiday opportunities
• Adoption assistance
• Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by la