Sr. Information Security Risk and Compliance Consultant


At U.S. Bank, we're passionate about helping customers and the communities where we live and work. The fifth-largest bank in the United States, we’re one of the country's most respected, innovative and successful financial institutions. U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors.

U.S. Bank is seeking a Sr. Information Security Risk and Compliance Consultant to contribute toward the success of our information security program. This position supports enterprise adherence to information security controls, baselines and industry best practices by leading various initiatives to protect the confidentiality, integrity and availability of our information systems. We are seeking a self-motivated individual versed in information security baseline management with a minimum of 8 years of experience in information security. The candidate will have a broad understanding of security controls and can collaborate across organizations to achieve mutual goals.

Responsibilities may include but are not limited to:

· Facilitate SME discussions with various application owners to effectively document Baseline requirements and standards for the organization
· Provide advisory support to the policy team on information security, baselines and industry best practices
· Partner with Policy team as needed to analyze, draft and recommend changes to Information Security documentation
· Lead the Baseline Working Group and drive discussions within the group to ensure program effectiveness and adequate audit remediation activities
· Research and understand emerging IT risk factors and their impact on current baseline standards and/or documentation
· Reports and escalates issues appropriately and timely
· Serves as a team lead, overseeing team operational activities
· Provide Information Security consultation and offer design recommendation to technical and application owners as needed
· Provide recommendation to leadership on program effectiveness and enhancements

The ideal candidate will have a well-rounded information security background including a strong understanding of IT risk management, information security controls, industry standards and best practices such as the NIST 800 series, NIST CSF, and ISO 27000 series. The candidate should understand and have experience with the security configuration, as well as, various design controls, regulatory, legal and contractual requirements impacting financial institutions (e.g. GLBA, SOX, FFIEC, and PCI). The candidate additionally will have or exhibit the following:

· Strong writing skills with experience in creating security baselines
· Skilled in leading and coordinating work efforts of other team members to meet tactical and strategic goals
· Experience with program management and measurement through development and implementation of process efficiency and effectiveness measurements
· Ability to analyze and articulate implications of compliance requirements
· Skilled at communicating technical information to non-technical audiences and stakeholders at every level of the organization
· Ability to build and maintain relationships across diverse technical and non-technical teams
· Effective in communication with management and senior leadership, as well as internal & external auditors




Minimum Requirements:
· Bachelor's degree or equivalent work experience
· Minimum of 8 years of experience in information technology and/or information security and compliance
· Understanding of financial industry legal, regulatory and compliance requirements for information security
· Experience in publishing information security baseline documents for enterprise-wide distribution
· Working knowledge of configuration management
· Demonstrated leadership with teams/individuals and large/complex enterprise projects
· Effective communication
· Proficient in MS Office tool suite including, Excel, PowerPoint, SharePoint and Visio

Preferred Skills:
· Graduate/Master's level degree in the areas of business administration, information security, computer science or information technology management
· Experience in risk and compliance management and process development in the areas of information technology and security
· Highly skilled in developing executive-level presentations and strategies that include process diagrams and designs
· Working knowledge of RSA Archer tool
· Experience in Network and/or Database Administration
· Industry certifications in the area of information security, project management and technology auditing including, CISSP, CISM, CGEIT, CISA, GIAC GSEC, and/or PMP
· IT Project Management



Information Technology

Primary Location

United States


1st - Daytime



Average Hours Per Week