Senior Information Security Risk & Compliance Consultant - Remote
: $122,210.00 - $170,270.00 /year *
: Information Technology
Loading some great jobs for you...
The Security Program Execution organization provides Information Security Strategy, Security Program management and training for related processes necessary to safeguard customer information. It also manages and oversees the PCI security program to ensure that the Bank meets relevant contractual obligations.
For PCI, specifically, it provides leadership, guidance and education on the Payment Card Industry (PCI) Data Security Standard and the PCI PIN Security standard. In addition, it provides support for audits, regulatory examinations, and customer assessments of the information security program and supports business line response to audit and examination requests for security-related information.
The Security Program Execution organization has a remarkable opportunity to participate in the assessment of applications and systems that must comply with the Payment Card Industry Data Security Standard. This person will be responsible for executing assessments and projects related to assessments. They will also help set the direction for PCI DSS compliance at US Bancorp. We are seeking strong, individually motivated candidates with a proven track record of understanding security controls and working across organizations to implement controls. This is a challenging and rewarding opportunity to be a leader in payment card compliance.
The IS Risk and Compliance Consultant will lead and support various security initiatives to support the above programs and services and the overall Security Compliance strategy and roadmap.
Responsibilities will include but may not be limited to:
? Leading both internal and external application/system assessments
? Working with business line and technical experts to determine the scope of assessments
? Becoming a subject matter expert in the application of PCI DSS controls at US Bancorp and provide guidance and expertise to projects or systems that are seeking to be compliant
? Analyzing and enhancing business processes to support the continuing compliance of your assigned applications/systems
? Working with senior management to ensure the project meets all corporate goals gaining and maintaining compliance
? Guiding applications/systems through the process of the assessment and tracking their progress against their plan.
- 10 years' of experience in Information Security
- Bachelor's degree or equivalent work experience
- 10 years' experience with process, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data.
The ideal candidate will have a strong and well-rounded technical background; good understanding of IT governance; risk management concepts and industry accepted practices; and regulatory, legal and contractual requirements impacting financial institutions. Additionally we look for the following qualifications:
? Five years of technical leadership of technology projects
? Proven ability to adapt to a fast growing and constantly changing environment Excellent verbal and written communication skills Excellent analytical and decision-making skills
? Issue, problem and change management skills with a proven track record in negotiation and conflict resolution
? Knowledge and experience with PCI DSS
? Good understanding of the U.S. Bank environment and business line activities and processes
? PCIP and/or PCI ISA/QSA certification
? IT audit or security assessments experience
? Knowledge and experience with industry best practices in the implementation of security controls
? CISSP certification
**Job:** Information Technology
**Primary Location:** Minnesota-MN-Richfield
**Shift:** 1st - Daytime
**Average Hours Per Week:** 40
**Requisition ID:** 190027277
**Other Locations:** United States
U.S. Bank is an Equal Opportunity Employer committed to creating a diverse workforce.
U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors. Associated topics: attack, iam, information assurance, information security, information technology security, leak, security analyst, security engineer, threat, vulnerability
* The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.