The candidate selected for this role will direct the engineering and operations of vulnerability scanning technologies and manage a team of engineers to continuously identify and report vulnerabilities across the enterprise to improve risk and control practices within U.S. Bank's information security practice. We are seeking a highly effective and collaborative self-motivated technology manager with a proven track record of trans-formative leadership to drive results toward a best-in-class vulnerability management practice. This is a challenging and rewarding opportunity to be a leader in financial services information security.
Responsibilities include but are not limited to:
• Manage a continuous vulnerability scanning and reporting program encompassing a vast enterprise to identify and report on vulnerabilities and security baselines throughout on-premise and cloud-based environments across a global company.
• Ensure the successful completion and recording of scanning activities, as required by audit and regulatory authorities.
• Drive the development of key coverage and performance metrics to ensure program sustainability and actionable metrics at various levels (operations teams, managers and executives).
• Delivery of ongoing support and continuous development of a large vulnerability scanning platform.
• Own the technology road map to enable operations, manage the technology platform, and maintain vendor relationships.
• Responsible for staying abreast of industry leading vulnerability and software security vendors and informing their product road maps.
• Engage technology and business professionals across the company to strengthen existing information security controls and implement new controls.
• Provide key input into IT and cyber security strategies regarding asset management, integration/automation, security baseline development, and information security control design and testing.
• Coordinate with senior management and risk group partners to the information security practice to ensure appropriate compliance, alignment, and collaboration.
• Attract, recruit, and retain exceptional cyber security talent.
• Mentor and coach direct reports, ensuring success in their role.
• Accountable for the performance management, skill development, succession planning, and engagement of direct reports.
- Bachelor's degree or equivalent work experience
- At least 4 years experience with management approaches, tools, and techniques for gaining the cooperation and support of others
- At least 9 years experience with processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data
The ideal candidate will have a well-rounded and highly technical background with a strong understanding of supporting large vulnerability scanning platforms in a global enterprise environment (e.g., Tenable SC, Tenable.io, McAfee Vulnerability Manager, etc.).
The candidate should have familiarity with industry security frameworks and best practices (e.g., ITIL, NIST CyberSecurity Framework, COBIT, etc.). The candidate should also understand and have experience with the regulatory, legal and contractual requirements impacting financial institutions (e.g., FISMA, GLBA, SOX, GDPR, PSD2, SOC2, and PCI DSS). The candidate additionally will have or exhibit the following:
• Experience managing patch management or vulnerability management teams/programs.
• Technical experience with networks, operating systems, applications and other aspects of information technology architecture, particularly relating to vulnerability management.
• Familiarity with vulnerability management concepts and tools, including automated vulnerability scanning and reporting/analytical tools.
• Ability to successfully manage complex projects with numerous stakeholders across the organization.
• Ability to build and maintain relationships across diverse teams and multiple levels within an organization.
• Proficient at handling technical and security related topics.
• Skilled at balancing competing interests and requirements to deliver a working product.
• Skilled at communicating technical information to non-technical audiences and stakeholders at every level.
• Industry certifications such as CISSP, CISA, CISM, or CRISC.
• Strong technical writing skills.
• Careful attention to detail.
**Job:** Information Technology
**Primary Location:** United States
**Shift:** 1st - Daytime
**Average Hours Per Week:** 40
**Requisition ID:** 200002784
U.S. Bank is an Equal Opportunity Employer committed to creating a diverse workforce.
U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors.