Job DescriptionThe Information Security Risk Oversight Professional serves as a key member of the Cybersecurity Risk Oversight team within the Second Line of Defense (2LoD). This role is accountable for providing independent oversight and credible challenge of the First Line Information Security program to ensure risks are appropriately identified, assessed, managed, monitored, and reported in alignment with regulatory requirements, industry standards, and internal risk appetite.
This position is intentionally designed for a senior, autonomous professional who can manage their own oversight portfolio, prioritize work based on material risk, and engage effectively with Information Security Services, Technology teams, and senior leadership.
Key Responsibilities- Provide independent oversight and credible challenge of the Information Security program across multiple security pillars, including governance, risk assessments, controls, metrics, and issue management.
- Perform risk-based assessments of first line security practices, identifying gaps, weaknesses, thematic concerns, emerging risks, and control deficiencies.
- Develop and articulate independent risk opinions supported by sound analysis, evidence, and professional judgment.
- Evaluate alignment of first line activities with applicable laws, regulations, regulatory guidance, industry standards (e.g., NIST 800-53, FFIEC, PCI, NIST CSF 2.0, etc), and internal policies.
- Monitor key risk indicators, security metrics, assessment results, and issue trends to identify systemic risks or areas requiring escalation.
- Escalate material risks, control weaknesses, or ineffective risk management practices through appropriate governance and reporting channels.
- Act as a subject matter expert on information security risk, providing insights and guidance to stakeholders while maintaining 2LoD independence.
- Build and maintain strong, professional relationships with first line stakeholders while confidently challenging assumptions, conclusions, and risk positions when necessary.
- Contribute to executive-level risk reporting by clearly summarizing risk posture, trends, and areas of concern in a concise and defensible manner.
- Stay current on evolving cybersecurity threats, regulatory expectations, and industry best practices to continuously strengthen oversight effectiveness.
Basic Qualifications- Bachelor's degree, or equivalent work experience
- Typically more than eight years of applicable experience
Preferred Skills/Experience- Strong foundational understanding of information security domains (e.g., vulnerability management, identity and access management, application security, cloud security, security governance, incident management).
- Demonstrated ability to perform risk assessments and oversight activities with depth, critical thinking, and professional skepticism.
- Experience operating in or with a Second Line of Defense, audit, or regulatory environment is strongly preferred.
- Proven ability to work independently and autonomously, managing priorities and delivering high-quality work with limited direction.
- Strong written and verbal communication skills, including the ability to translate technical risk into clear, executive-ready insights.
- Ability to engage confidently with senior stakeholders while maintaining independence, objectivity, and professionalism.
- Relevant certifications (e.g., CISSP, CISA, CRISC, CISM) are preferred but not required.
This role requires working from a U.S. Bank location three (3) or more days per week.
Benefits:Our approach to benefits and total rewards considers our team members' whole selves and what may be needed to thrive in and outside work. That's why our benefits are designed to help you and your family boost your health, protect your financial security and give you peace of mind. Our benefits include the following:
- Healthcare (medical, dental, vision)
- Basic term and optional term life insurance
- Short-term and long-term disability
- Pregnancy disability and parental leave
- 401(k) and employer-funded retirement plan
- Paid vacation (from two to five weeks depending on salary grade and tenure)
- Up to 11 paid holiday opportunities
- Adoption assistance
- Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law
Review our full benefits available by employment status here.
The salary range reflects figures based on the primary location, which is listed first. The actual range for the role may differ based on the location of the role. In addition to salary, U.S. Bank offers a comprehensive benefits package, including incentive and recognition programs, equity stock purchase 401(k) contribution and pension (all benefits are subject to eligibility requirements). Pay Range: $119,765.00 - $140,900.00
Posting may be closed earlier due to high volume of applicants. 
