Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
U.S. Bank

Information Security Risk Oversight Manager

U.S. Bank

. Provide independent oversight and credible challenge of the Information Security program across multiple security pillars, including governance, risk assessments, controls, metrics, and issue management .

Posted 4/23/2026full-timeCincinnati • Minnesota, Ohio, Texas • 🇺🇸 United StatesSeniorLead💰 $126,820 - $149,200 per yearWebsite

Tech Stack

Tools & technologies
CloudCyber Security

About the role

Key responsibilities & impact
  • Provide independent oversight and credible challenge of the Information Security program across multiple security pillars, including governance, risk assessments, controls, metrics, and issue management
  • Perform risk‑based assessments of first line security practices, identifying gaps, weaknesses, thematic concerns, emerging risks, and control deficiencies
  • Develop and articulate independent risk opinions supported by sound analysis, evidence, and professional judgment
  • Evaluate alignment of first line activities with applicable laws, regulations, regulatory guidance, industry standards (e.g., NIST 800-53, FFIEC, PCI, NIST CSF 2.0, etc), and internal policies
  • Monitor key risk indicators, security metrics, assessment results, and issue trends to identify systemic risks or areas requiring escalation
  • Escalate material risks, control weaknesses, or ineffective risk management practices through appropriate governance and reporting channels
  • Act as a subject matter expert on information security risk, providing insights and guidance to stakeholders while maintaining 2LoD independence
  • Build and maintain strong, professional relationships with first line stakeholders while confidently challenging assumptions, conclusions, and risk positions when necessary
  • Contribute to executive‑level risk reporting by clearly summarizing risk posture, trends, and areas of concern in a concise and defensible manner
  • Stay current on evolving cybersecurity threats, regulatory expectations, and industry best practices to continuously strengthen oversight effectiveness

Requirements

What you’ll need
  • Bachelor's degree, or equivalent work experience
  • Typically more than ten years of applicable experience
  • Strong foundational understanding of information security domains (e.g., vulnerability management, identity and access management, application security, cloud security, security governance, incident management)
  • Demonstrated ability to perform risk assessments and oversight activities with depth, critical thinking, and professional skepticism
  • Experience operating in or with a Second Line of Defense, audit, or regulatory environment is strongly preferred
  • Proven ability to work independently and autonomously, managing priorities and delivering high-quality work with limited direction
  • Strong written and verbal communication skills, including the ability to translate technical risk into clear, executive-ready insights
  • Ability to engage confidently with senior stakeholders while maintaining independence, objectivity, and professionalism
  • Relevant certifications (e.g., CISSP, CISA, CRISC, CISM) are preferred but not required

Benefits

Comp & perks
  • Healthcare (medical, dental, vision)
  • Basic term and optional term life insurance
  • Short-term and long-term disability
  • Pregnancy disability and parental leave
  • 401(k) and employer-funded retirement plan
  • Paid vacation (from two to five weeks depending on salary grade and tenure)
  • Up to 11 paid holiday opportunities
  • Adoption assistance
  • Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
risk assessmentsinformation securityvulnerability managementidentity and access managementapplication securitycloud securitysecurity governanceincident managementNIST 800-53PCI
Soft Skills
critical thinkingprofessional skepticismindependenceobjectivitycommunicationrelationship buildingexecutive reportinganalysisjudgmentautonomy
Certifications
CISSPCISACRISCCISM