Risk Assessment Lead - Cybersecurity Risk Oversight

Risk Assessment Lead The Risk Assessment Lead serves as a key member of the Cybersecurity Risk Oversight team within the Second Line of Defense (2LoD). The role is accountable for independently assessing and challenging First Line Technology and Information Security practices to ensure effective risk management and regulatory compliance. Key Responsibilities Risk Oversight & Independent Challenge – Provide independent oversight and credible challenge across Technology and Information Security domains including governance, controls, risk assessments, metrics, and issue management. Perform risk‑based assessments to identify control gaps, thematic risks, and emerging threats. Develop independent risk opinions supported by analysis, evidence, and professional judgment. Evaluate alignment with applicable laws, regulations, and industry frameworks (e.g., NIST, FFIEC, PCI). Risk Management & Framework Execution – Partner with business and risk stakeholders to support the implementation and maintenance of effective risk management frameworks. Identify gaps in processes, systems, controls and drive solutions to minimize risk exposure. Ensure risks are actively identified, monitored, escalated, and remediated as appropriate. Influence policies and procedures to strengthen the control environment and reduce regulatory risk. Stakeholder Engagement & Communication – Build and maintain strong relationships with First Line stakeholders while maintaining independence and objectivity. Provide clear, concise, and executive‑ready communication of risk posture, key issues, and trends. Engage senior leadership to support risk‑informed decision making. Translate complex technical risks into actionable business insights. Leadership & Organizational Impact – Lead, coach, or mentor risk and security professionals; support talent development and team capability. Contribute to strategic initiatives impacting enterprise technology, security and risk programs. Act as a subject matter expert on technology and cybersecurity risk and regulatory expectations. Promote a strong risk culture emphasizing accountability, transparency, and continuous improvement. Basic Qualifications Bachelor's degree, or equivalent work experience Typically more than 10 years of applicable experience Preferred Skills & Experience Advanced knowledge of information security domains (e.g., identity and access management, application security, cloud security, vulnerability management, incident response) Strong understanding of regulatory requirements and industry standards (e.g., NIST, FFIEC, PCI, and risk management frameworks) Experience performing risk assessments, control evaluations, and oversight activities Advanced understanding of business operations, systems, and associated risks and controls Ability to operate independently with strong judgment and professional skepticism Strong analytical, problem‑solving, and decision‑making skills Excellent written and verbal communication skills, including executive‑level messaging Proven ability to influence stakeholders and challenge effectively without direct authority Strong leadership and management skills across people, processes, and projects Experience operating within Second Line of Defense, audit, or regulatory environments Relevant certifications (e.g., CISSP, CISA, CRISC, CISM) preferred Advanced knowledge of regulatory environment and trends in financial services Location & Availability This role requires working from a U.S. Bank location three (3) or more days per week. We offer reasonable accommodations for individuals with disabilities during any portion of the application or hiring process. Benefits Healthcare (medical, dental, vision) Basic term and optional term life insurance Short‑term and long‑term disability Pregnancy disability and parental leave 401(k) and employer‑funded retirement plan Paid vacation (from two to five weeks depending on salary grade and tenure) Up to 11 paid holiday opportunities Adoption assistance Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law Equal Opportunity & E‑Verify U.S. Bank is an equal opportunity employer. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, and other factors protected under applicable law. U.S. Bank participates in the U.S. Department of Homeland Security E‑Verify program in all facilities located in the United States and certain U.S. territories. Background Checks & Policy Compliance Applicants must be able to comply with U.S. Bank policies and procedures including the Code of Ethics and Business Conduct. Background checks are conducted in accordance with applicable local laws and federal regulations, including the Los Angeles County Fair Chance Ordinance, California Fair Chance Act, San Francisco Fair Chance Ordinance, and Section 19 of the Federal Deposit Insurance Act. Certain positions may also be subject to additional regulatory requirements (e.g., FINRA, NMLS, RegZ, RegG, OFAC, the NFA, the FCPA, the Bank Secrecy Act, the SAFE Act). Posting Status Posting may be closed earlier due to high volume of applicants. #J-18808-Ljbffr