Principal Information Security Risk Analyst

U.S. Bank is seeking a Principal Information Security Risk Analyst to help advance the information security risk management oversight team. As part of U.S. Bancorp's Corporate Risk Management and Compliance Division, the Operational Risk Management (ORM) Department serves a central coordinated role in helping to assess the levels and trends of operational risk, determining the effectiveness of operational risk controls, and working with Business Lines on opportunities to mitigate operational risk.

The Principal Information Security Risk Analyst role will be a member of the Technology Oversight team (a second line of defense function) and will be responsible for oversight of activities related to the security of corporate and customer information. They will partner with senior risk management leaders within lines of business and corporate second line of defense functions to establish and carry out oversight routines that ensure effective management of information security risk across all data storage and processing environments, both internal and external to the company. They will actively assess information security program activities and controls to identify risks to the security of information and inform solutions (and/or escalate, as appropriate). The successful candidate will coordinate information security oversight activities across all lines of business and multiple SLOD functions, including Corporate Compliance, Technology and Operations Services Risk and Compliance Management, Information Security and the Corporate Privacy Office.

The role will be responsible for carrying out the following responsibilities:

* Support and develop oversight routines to ensure effective management of risk to the security of information in all data storage and processing areas, including vendor, physical, network, systems and personnel handling environments.

* Support and develop independent assessment activities to provide insight on the effectiveness of first and second line of defense information protection controls.

* Review and provide direction on the soundness of remediation plans resulting from control assessments, internal audits or regulatory exam findings.

* Assess sufficiency of corporate information security controls, policies and training, and drive improvements, as necessary.

* Monitor information security testing results and risk metrics, identify risk tolerance breaches, research root causes, and provide recommendations for solutions.

* Routinely analyze corporate issues repository and identify and report new and/or pervasive risk trends.

* Support Technology Oversight team administration activities, as needed.

Basic Qualifications

* Bachelor's degree, or equivalent work experience

* 10 or more years of experience in an applicable information security and/or risk management environment

* Applicable professional certifications

Preferred Skills/Experience

* Thorough understanding of information security regulations and best practices

* Experience in formal business writing and multimedia communications skills

* Experience in collaborating and communicating with senior business leadership

* Strong leadership and management skills of processes, projects and people

* Proficient computer skills, especially Microsoft Office applications

* Information security, compliance or regulatory program administration experience

* Industry certifications in the area of information security, project management and technology auditing including, CRISC, CISSP, CISM, CGEIT, CISA, GIAC GSEC, and/or comparable qualifications

* Experience in corporate operational risk management

* Experience in RSA Archer or similar governance, risk and compliance tool

* Experience in FFIEC/GLBA regulatory environment

* Experience in PCI requirements and/or assessments

* Skilled in data manipulation and report generation

* Graduate degree or law degree

* Outstanding communication skills and ability to interact with all levels of management

* Strong analytical, problem-solving and negotiation skills