Risk Assessment Lead - Cybersecurity Risk Oversight

About The Position

Requirements

• Bachelor's degree, or equivalent work experience
• Typically more than 10 years of applicable experience
• Advanced knowledge of information security domains (e.g., identity and access management, application security, cloud security, vulnerability management, incident response)
• Strong understanding of regulatory requirements and industry standards (e.g., NIST, FFIEC, PCI, and risk management frameworks)
• Experience performing risk assessments, control evaluations, and oversight activities
• Advanced understanding of business operations, systems, and associated risks and controls
• Ability to operate independently with strong judgment and professional skepticism
• Strong analytical, problem-solving, and decision-making skills
• Excellent written and verbal communication skills, including executive-level messaging
• Proven ability to influence stakeholders and challenge effectively without direct authority
• Strong leadership and management skills across people, processes, and projects
• Experience operating within Second Line of Defense, audit, or regulatory environments
• Advanced knowledge of regulatory environment and trends in financial services
• This role requires working from a U.S. Bank location three (3) or more days per week.

Nice To Haves

• Relevant certifications (e.g., CISSP, CISA, CRISC, CISM) preferred

Responsibilities

• Provide independent oversight and credible challenge across Technology and Information Security domains including governance, controls, risk assessments, metrics, and issue management.
• Perform risk-based assessments to identify control gaps, thematic risks, and emerging threats.
• Develop independent risk opinions supported by analysis, evidence, and professional judgment.
• Evaluate alignment with applicable laws, regulations, and industry frameworks (e.g., NIST, FFIEC, PCI).
• Partner with business and risk stakeholders to support the implementation and maintenance of effective risk management frameworks.
• Identify gaps in processes, systems, controls and drive solutions to minimize risk exposure.
• Ensure risks are actively identified, monitored, escalated, and remediated as appropriate.
• Influence policies and procedures to strengthen the control environment and reduce regulatory risk.
• Build and maintain strong relationships with First Line stakeholders while maintaining independence and objectivity.
• Provide clear, concise, and executive-ready communication of risk posture, key issues, and trends.
• Engage senior leadership to support risk-informed decision making.
• Translate complex technical risks into actionable business insights.
• Lead, coach, or mentor risk and security professionals; support talent development and team capability.
• Contribute to strategic initiatives impacting enterprise technology, security and risk programs.
• Act as a subject matter expert on technology and cybersecurity risk and regulatory expectations.
• Promote a strong risk culture emphasizing accountability, transparency, and continuous improvement.

Benefits

• Healthcare (medical, dental, vision)
• Basic term and optional term life insurance
• Short-term and long-term disability
• Pregnancy disability and parental leave
• 401(k) and employer-funded retirement plan
• Paid vacation (from two to five weeks depending on salary grade and tenure)
• Up to 11 paid holiday opportunities
• Adoption assistance
• Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law
• Incentive and recognition programs
• Equity stock purchase
• Pension