Information Security Risk Oversight Professional

At U.S. Bank, we're on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed. We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.S. Bank gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career. Try new things, learn new skills and discover what you excel at-all from Day One.

Job Description

The Information Security Risk Oversight Professional serves as a key member of the Cybersecurity Risk Oversight team within the Second Line of Defense (2LoD). This role is accountable for providing independent oversight and credible challenge of the First Line Information Security program to ensure risks are appropriately identified, assessed, managed, monitored, and reported in alignment with regulatory requirements, industry standards, and internal risk appetite.

This position is intentionally designed for a senior, autonomous professional who can manage their own oversight portfolio, prioritize work based on material risk, and engage effectively with Information Security Services, Technology teams, and senior leadership.

Key Responsibilities

• Provide independent oversight and credible challenge of the Information Security program across multiple security pillars, including governance, risk assessments, controls, metrics, and issue management.

• Perform risk‑based assessments of first line security practices, identifying gaps, weaknesses, thematic concerns, emerging risks, and control deficiencies.

• Develop and articulate independent risk opinions supported by sound analysis, evidence, and professional judgment.

• Evaluate alignment of first line activities with applicable laws, regulations, regulatory guidance, industry standards (e.g., NIST 800-53, FFIEC, PCI, NIST CSF 2.0, etc), and internal policies.

• Monitor key risk indicators, security metrics, assessment results, and issue trends to identify systemic risks or areas requiring escalation.

• Escalate material risks, control weaknesses, or ineffective risk management practices through appropriate governance and reporting channels.

• Act as a subject matter expert on information security risk, providing insights and guidance to stakeholders while maintaining 2LoD independence.

• Build and maintain strong, professional relationships with first line stakeholders while confidently challenging assumptions, conclusions, and risk positions when necessary.

• Contribute to executive‑level risk reporting by clearly summarizing risk posture, trends, and areas of concern in a concise and defensible manner.

• Stay current on evolving cybersecurity threats, regulatory expectations, and industry best practices to continuously strengthen oversight effectiveness.

Basic Qualifications

• Bachelor's degree, or equivalent work experience

• Typically more than eight years of applicable experience

Preferred Skills/Experience

• Strong foundational understanding of information security domains (e.g., vulnerability management, identity and access management, application security, cloud security, security governance, incident management).

• Demonstrated ability to perform risk assessments and oversight activities with depth, critical thinking, and professional skepticism.

• Experience operating in or with a Second Line of Defense, audit, or regulatory environment is strongly preferred.

• Proven ability to work independently and autonomously, managing priorities and delivering high‑quality work with limited direction.

• Strong written and verbal communication skills, including the ability to translate technical risk into clear, executive‑ready insights.

• Ability to engage confidently with senior stakeholders while maintaining independence, objectivity, and professionalism.

• Relevant certifications (e.g., CISSP, CISA, CRISC, CISM) are preferred but not required.

This role requires working from a U.S. Bank location three (3) or more days per week.

If there's anything we can do to accommodate a disability during any portion of the application or hiring process, please refer to our disability accommodations for applicants.

Benefits:

Our approach to benefits and total rewards considers our team members' whole selves and what may be needed to thrive in and outside work. That's why our benefits are designed to help you and your family boost your health, protect your financial security and give you peace of mind. Our benefits include the following:

• Healthcare (medical, dental, vision)

• Basic term and optional term life insurance

• Short-term and long-term disability

• Pregnancy disability and parental leave

• 401(k) and employer-funded retirement plan

• Paid vacation (from two to five weeks depending on salary grade and tenure)

• Up to 11 paid holiday opportunities

• Adoption assistance

• Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law

Review our full benefits available by employment status here.

U.S. Bank is an equal opportunity employer. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, and other factors protected under applicable law.

E-Verify

U.S. Bank participates in the U.S. Department of Homeland Security E-Verify program in all facilities located in the United States and certain U.S. territories. The E-Verify program is an Internet-based employment eligibility verification system operated by the U.S. Citizenship and Immigration Services. Learn more about the E-Verify program.

The salary range reflects figures based on the primary location, which is listed first. The actual range for the role may differ based on the location of the role. In addition to salary, U.S. Bank offers a comprehensive benefits package, including incentive and recognition programs, equity stock purchase 401(k) contribution and pension (all benefits are subject to eligibility requirements). Pay Range: $111,605.00 - $131,300.00

U.S. Bank will consider qualified applicants with arrest or conviction records for employment. U.S. Bank conducts background checks consistent with applicable local laws, including the Los Angeles County Fair Chance Ordinance and the California Fair Chance Act as well as the San Francisco Fair Chance Ordinance. U.S. Bank is subject to, and conducts background checks consistent with the requirements of Section 19 of the Federal Deposit Insurance Act (FDIA). In addition, certain positions may also be subject to the requirements of FINRA, NMLS registration, Reg Z, Reg G, OFAC, the NFA, the FCPA, the Bank Secrecy Act, the SAFE Act, and/or federal guidelines applicable to an agreement, such as those related to ethics, safety, or operational procedures.

Applicants must be able to comply with U.S. Bank policies and procedures including the Code of Ethics and Business Conduct and related workplace conduct and safety policies.

Posting may be closed earlier due to high volume of applicants.