Sr. ServiceNow Info Secty Risk & Compliance Consultant

at  US Bank National Association

Charlotte, NC 28202, USA -

Start DateExpiry DateSalaryPosted OnExperienceSkillsTelecommuteSponsor Visa
Immediate27 May, 2024USD 150480 Annual01 Mar, 20242 year(s) or aboveServicenow,Azure,Professional Communication,Cissp,Aws,Application Portfolio Management,Archer,Information Technology,Cisa,Control Design,Integrated Risk Management,Security,Information SecurityNoNo
Required Visa Status:
CitizenGC
US CitizenStudent Visa
H1BCPT
OPTH4 Spouse of H1B
GC Green Card
Employment Type:
Full TimePart Time
PermanentIndependent - 1099
Contract – W2C2H Independent
C2H W2Contract – Corp 2 Corp
Contract to Hire – Corp 2 Corp

Description:

At U.S. Bank, we’re on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed. We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.S. Bank gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career. Try new things, learn new skills and discover what you excel at—all from Day One.

JOB DESCRIPTION

U.S. Bank is seeking a Sr Information Cyber Security Risk Specialist with ServiceNow IRM experience who will be responsible for conducting cyber security risk assessments to identify vulnerabilities and potential threats to the organization’s information systems & networks, applications and data. Requires regular monitoring of potential cyber risk and reporting of compliance with established policies and procedures. The ideal candidate will have a well-rounded information security background including a strong understanding of information security controls (design, deployment, and testing), industry standards and best practices such as the NIST800 series. The candidate should understand and have experience with evaluating the design and operating effectiveness of controls, as they apply to the regulatory, legal and contractual requirements impacting financial institutions (e.g. GLBA, SOX, FFIEC, and PCI).

Responsibilities may include but are not limited to:

  • Provide leadership in formalizing/designing technical controls based on the current environment, while considering required control attributes, viability of control sustainability, and the cost benefit equation of control changes
  • Provide recommendations on internal control assessments with business and technology partners
  • Possess understanding and ability to communicate emerging information security threats and their impact on the business environment
  • Evaluate the effectiveness of controls in place to mitigate threats and communicate remaining residual risk
  • Will assist technical owners in defining risk and risk mitigation to ensure continuous improvement of the Bank’s information security posture.
  • Will ensure that all stakeholders are aware of potential risks to information systems (infrastructure, application & data)
  • Monitors security controls and technologies to protect the organization’s information assets including but not limited to data encryption, vulnerability management, access controls, and intrusion detection and prevention systems.

The candidate additionally will have or exhibit the following:

  • Diverse technical background including experience with multiple security technologies
  • Ability to analyze and articulate implications of a threat actor exploiting vulnerabilities or gaps in controls
  • Professional writing skills with experience in documenting controls, control testing procedures and control testing results
  • Skilled at communicating technical information to both technical and non-technical audiences and stakeholders at every level of the organization
  • Ability to build and maintain relationships across diverse technical and non-technical teams
  • We are seeking a self-motivated individual well-versed in information security controls, information assurance and risk management. The candidate will collaborate across organizations to achieve mutual goals.

This role is a hybrid working model in Twin Cities, MN; Cincinnati, OH; Irving, TX; Charlotte, NC; Atlanta, GA; Milwaukee/Madison/Oshkosh/Brookfield, WI

TOP 3 SKILLS:

  • ServiceNow Integrated Risk Management (IRM)
  • Experience with MITRE ATT&CK
  • Technical Risk Assessment - configurations / tools/ controls to mitigate technical risk

MINIMUM REQUIREMENTS:

  • Bachelor’s degree or equivalent work experience
  • Minimum of 8 years of experience in information technology and/or information security and compliance
  • Understanding of financial industry legal, regulatory and compliance requirements for information security

EXPERIENCE SHOULD INCLUDE

  • 1+ years experience with ServiceNow Integrated Risk Management (IRM)
  • 1+ years using ServiceNow module to manage technical assets ie: CMDB, SecOps, ITSM, 3rd party risk management, application portfolio management, software portfolio management
  • 2+ years experience using Archer for risk management
  • 2+ years experience with PCI requirements
  • Understanding of financial industry regulations
  • 2+ years experience using MITRE ATT&CK for threat & risk mitigation
  • Experience with CIS benchmarks to mitigate threat
  • NIST800 series framework
  • Professional communication and collaboration skills

PREFERRED SKILLS/EXPERIENCE

  • Security Certifications: CISSP, CISA, CRISC, CISM
  • Cloud Certifications (AWS or Azure)
  • Familiarity with technical control design and deployment
  • Ability to articulate complex technical issues in a clear and concise manner

Responsibilities:

Responsibilities may include but are not limited to:

  • Provide leadership in formalizing/designing technical controls based on the current environment, while considering required control attributes, viability of control sustainability, and the cost benefit equation of control changes
  • Provide recommendations on internal control assessments with business and technology partners
  • Possess understanding and ability to communicate emerging information security threats and their impact on the business environment
  • Evaluate the effectiveness of controls in place to mitigate threats and communicate remaining residual risk
  • Will assist technical owners in defining risk and risk mitigation to ensure continuous improvement of the Bank’s information security posture.
  • Will ensure that all stakeholders are aware of potential risks to information systems (infrastructure, application & data)
  • Monitors security controls and technologies to protect the organization’s information assets including but not limited to data encryption, vulnerability management, access controls, and intrusion detection and prevention systems

Our approach to benefits and total rewards considers our team members’ whole selves and what may be needed to thrive in and outside work. That’s why our benefits are designed to help you and your family boost your health, protect your financial security and give you peace of mind. Our benefits include the following (some may vary based on role, location or hours):

  • Healthcare (medical, dental, vision)
  • Basic term and optional term life insurance
  • Short-term and long-term disability
  • Pregnancy disability and parental leave
  • 401(k) and employer-funded retirement plan
  • Paid vacation (from two to five weeks depending on salary grade and tenure)
  • Up to 11 paid holiday opportunities
  • Adoption assistance
  • Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by la


REQUIREMENT SUMMARY

Min:2.0Max:8.0 year(s)

Financial Services

IT Software - Network Administration / Security

Finance

Graduate

Proficient

1

Charlotte, NC 28202, USA