Information Security Risk and Compliance Analyst


At U.S. Bank, we're passionate about helping customers and the communities where we live and work. The fifth-largest bank in the United States, we’re one of the country's most respected, innovative and successful financial institutions. U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors.

  U.S. Bank is seeking an Information Security Risk and Compliance Analyst with demonstrated competence and visionary leadership experience to contribute toward the success of our technology initiatives. The IS R&C Analyst will support enterprise adherence to information security controls and industry best practices by supporting various initiatives to protect the confidentiality, integrity and availability of our information systems. We are seeking a self-motivated individual versed in information security control testing with a minimum of 3 years of experience in information security. The candidate will have a general understanding of security controls and can collaborate across organizations to achieve mutual goals.

Responsibilities may include but are not limited to:
• Participate in SME discussions with various application owners to effectively document control design and operating effectiveness testing requirements and standards for the organization
• Analyze current processes and procedures to validate effectiveness
• Research and understand emerging IT risk factors and their impact on current control testing standards and/or documentation
• Report and escalate issues appropriately and timely
• Work with senior management to ensure the project meets all corporate goals gaining and maintaining compliance
• Provide recommendation to leadership on program effectiveness and enhancements

The ideal candidate will have a well-rounded information security background including an understanding of IT risk management, IT governance, information security controls, industry standards and best practices such as the NIST 800 series, NIST CSF, and ISO 27000 series. The candidate should understand and have experience with the security configuration, as well as, various design controls, regulatory, legal and contractual requirements impacting financial institutions (e.g. GLBA, SOX, FFIEC, and PCI). The candidate additionally will have or exhibit the following:

• Strong writing skills with experience in documenting test procedures and results
• Skilled in supporting, collaborating, and communicating to achieve work efforts with other team members to meet tactical and strategic goals
• Experience with measurement through development and implementation of process efficiency and effectiveness measurements
• Ability to analyze and articulate implications of compliance requirements
• Skilled at communicating technical information to non-technical audiences and stakeholders at every level of the organization
• Ability to build and maintain relationships across diverse technical and non-technical teams
• Effective in communication with peers, management, as well as internal & external auditors



  Minimum Requirements:
• Bachelor's degree or equivalent work experience
• Minimum of 3 years of experience in information technology and/or information security and compliance
• Understanding of financial industry legal, regulatory and compliance requirements for information security
• Demonstrated partnership and collaboration with teams/individuals and large/complex enterprise projects
• Effective communication
• Proficient in MS Office tool suite including, Excel, PowerPoint, SharePoint and Visio

Preferred Skills:
• Working knowledge of RSA Archer tool
• Experience in Network and/or Database Administration
• Practical knowledge of how information security controls are implemented in complex financial services environments such as those at U.S. Bank.
• Knowledge and experience with industry best practices in the implementation of security controls
• Knowledge of U.S. Bank business-line activities and processes is a plus
• Proven track record in negotiation and conflict resolution



Information Technology

Primary Location


Other Locations

Other Locations Ohio-OH-Cincinnati, United States


1st - Daytime

Average Hours Per Week