U.S. Bank Principal Information Security Risk Analyst in Denver, Colorado
U.S. Bank is seeking a Principal Information Security Risk Analyst to help advance the information security risk management oversight team. As part of U.S. Bancorp's Corporate Risk Management and Compliance Division, the Operational Risk Management (ORM) Department serves a central coordinated role in helping to assess the levels and trends of operational risk, determining the effectiveness of operational risk controls, and working with Business Lines on opportunities to mitigate operational risk.
The Principal Information Security Risk Analyst role will be a member of the Technology Oversight team (a second line of defense function) and will be responsible for oversight of activities related to the security of corporate and customer information. They will partner with senior risk management leaders within lines of business and corporate second line of defense functions to establish and carry out oversight routines that ensure effective management of information security risk across all data storage and processing environments, both internal and external to the company. They will actively assess information security program activities and controls to identify risks to the security of information and inform solutions (and/or escalate, as appropriate). The successful candidate will coordinate information security oversight activities across all lines of business and multiple SLOD functions, including Corporate Compliance, Technology and Operations Services Risk and Compliance Management, Information Security and the Corporate Privacy Office.
The role will be responsible for carrying out the following responsibilities:
Support and develop oversight routines to ensure effective management of risk to the security of information in all data storage and processing areas, including vendor, physical, network, systems and personnel handling environments.
Support and develop independent assessment activities to provide insight on the effectiveness of first and second line of defense information protection controls.
Review and provide direction on the soundness of remediation plans resulting from control assessments, internal audits or regulatory exam findings.
Assess sufficiency of corporate information security controls, policies and training, and drive improvements, as necessary.
Monitor information security testing results and risk metrics, identify risk tolerance breaches, research root causes, and provide recommendations for solutions.
Routinely analyze corporate issues repository and identify and report new and/or pervasive risk trends.
Support Technology Oversight team administration activities, as needed.
Bachelor's degree, or equivalent work experience
10 or more years of experience in an applicable information security and/or risk management environment
Applicable professional certifications
Thorough understanding of information security regulations and best practices
Experience in formal business writing and multimedia communications skills
Experience in collaborating and communicating with senior business leadership
Strong leadership and management skills of processes, projects and people
Proficient computer skills, especially Microsoft Office applications
Information security, compliance or regulatory program administration experience
Industry certifications in the area of information security, project management and technology auditing including, CRISC, CISSP, CISM, CGEIT, CISA, GIAC GSEC, and/or comparable qualifications
Experience in corporate operational risk management
Experience in RSA Archer or similar governance, risk and compliance tool
Experience in FFIEC/GLBA regulatory environment
Experience in PCI requirements and/or assessments
Skilled in data manipulation and report generation
Graduate degree or law degree
Outstanding communication skills and ability to interact with all levels of management
Strong analytical, problem-solving and negotiation skills
Job: Compliance / Quality Control
Primary Location: Ohio-OH-Cincinnati
Shift: 1st - Daytime
Average Hours Per Week: 40
Requisition ID: 170026754
Other Locations: Minnesota-MN-Minneapolis, North Carolina-NC-Charlotte, United States