Job Information
U.S. Bank Sr. ServiceNow Info Secty Risk & Compliance Consultant in Hopkins, Minnesota
At U.S. Bank, we’re on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed. We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.S. Bank gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career. Try new things, learn new skills and discover what you excel at—all from Day One.
Job Description
U.S. Bank is seeking a Sr Information Cyber Security Risk Specialist with ServiceNow IRM experience who will be responsible for conducting cyber security risk assessments to identify vulnerabilities and potential threats to the organization's information systems & networks, applications and data. Requires regular monitoring of potential cyber risk and reporting of compliance with established policies and procedures. The ideal candidate will have a well-rounded information security background including a strong understanding of information security controls (design, deployment, and testing), industry standards and best practices such as the NIST800 series. The candidate should understand and have experience with evaluating the design and operating effectiveness of controls, as they apply to the regulatory, legal and contractual requirements impacting financial institutions (e.g. GLBA, SOX, FFIEC, and PCI).
Responsibilities may include but are not limited to :
Provide leadership in formalizing/designing technical controls based on the current environment, while considering required control attributes, viability of control sustainability, and the cost benefit equation of control changes
Provide recommendations on internal control assessments with business and technology partners
Possess understanding and ability to communicate emerging information security threats and their impact on the business environment
Evaluate the effectiveness of controls in place to mitigate threats and communicate remaining residual risk
Will assist technical owners in defining risk and risk mitigation to ensure continuous improvement of the Bank’s information security posture.
Will ensure that all stakeholders are aware of potential risks to information systems (infrastructure, application & data)
Monitors security controls and technologies to protect the organization's information assets including but not limited to data encryption, vulnerability management , access controls, and intrusion detection and prevention systems.
T he candidate additionally will have or exhibit the following:
Diverse technical background including experience with multiple security technologies
Ability to analyze and articulate implications of a threat actor exploiting vulnerabilities or gaps in controls
Professional writing skills with experience in documenting controls, control testing procedures and control testing results
Skilled at communicating technical information to both technical and non-technical audiences and stakeholders at every level of the organization
Ability to build and maintain relationships across diverse technical and non-technical teams
We are seeking a self-motivated individual well-versed in information security controls, information assurance and risk management. The candidate will collaborate across organizations to achieve mutual goals.
This role offers a hybrid/flexible schedule, which means there's an in-office expectation of 3 or more days per week and the flexibility to work outside the office location for the other days.
Top 3 skills:
ServiceNow Integrated Risk Management (IRM)
Experience with MITRE ATT&CK
Technical Risk Assessment - configurations / tools/ controls to mitigate technical risk
Minimum Requirements:
Bachelor's degree or equivalent work experience
Typically 8+ years of experience in information technology and/or information security and compliance
Understanding of financial industry legal, regulatory and compliance requirements for information security
Experience Should Include
1+ years experience with ServiceNow Integrated Risk Management (IRM)
1+ years using ServiceNow module to manage technical assets ie: CMDB, SecOps, ITSM, 3rd party risk management, application portfolio management, software portfolio management
2+ years experience using Archer for risk management
2+ years experience with PCI requirements
Understanding of financial industry regulations
2+ years experience using MITRE ATT&CK for threat & risk mitigation
Experience with CIS benchmarks to mitigate threat
NIST800 series framework
Professional communication and collaboration skills
Preferred Skills/Experience
Security Certifications: CISSP, CISA, CRISC, CISM
Cloud Certifications (AWS or Azure)
Familiarity with technical control design and deployment
Ability to articulate complex technical issues in a clear and concise manner
#ISS
#LI-HYBRID
If there’s anything we can do to accommodate a disability during any portion of the application or hiring process, please refer to our disability accommodations for applicants (https://careers.usbank.com/global/en/disability-accommodations-for-applicants) .
Benefits:
Our approach to benefits and total rewards considers our team members’ whole selves and what may be needed to thrive in and outside work. That's why our benefits are designed to help you and your family boost your health, protect your financial security and give you peace of mind. Our benefits include the following (some may vary based on role, location or hours):
Healthcare (medical, dental, vision)
Basic term and optional term life insurance
Short-term and long-term disability
Pregnancy disability and parental leave
401(k) and employer-funded retirement plan
Paid vacation (from two to five weeks depending on salary grade and tenure)
Up to 11 paid holiday opportunities
Adoption assistance
Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law
EEO is the Law
U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors. Applicants can learn more about the company’s status as an equal opportunity employer by viewing the federal KNOW YOUR RIGHTS (https://eeoc.gov/sites/default/files/2023-06/22-088_EEOC_KnowYourRights6.12ScreenRdr.pdf) EEO poster.
E-Verify
U.S. Bank participates in the U.S. Department of Homeland Security E-Verify program in all facilities located in the United States and certain U.S. territories. The E-Verify program is an Internet-based employment eligibility verification system operated by the U.S. Citizenship and Immigration Services. Learn more about the E-Verify program (https://careers.usbank.com/verification-of-eligibility-for-employment) .
The salary range reflects figures based on the primary location, which is listed first. The actual range for the role may differ based on the location of the role. In addition to salary, U.S. Bank offers a comprehensive benefits package, including incentive and recognition programs, equity stock purchase 401(k) contribution and pension (all benefits are subject to eligibility requirements). Pay Range: $116,280.00 - $136,800.00 - $150,480.00
Job postings typically remain open for approximately 20 days of the posting date listed above, however the job posting may be closed earlier should it be determined the position is no longer required due to business need. Job postings in areas with a high volume of applicants, such as customer service, contact center, and Financial Crimes investigations, remain open for approximately 5 days of the posting listed date.
U.S. Bank
- U.S. Bank Jobs