Technology Risk Manager

At U.S. Bank, we’re on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed. We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.S. Bank gives you a wide, ever‑growing range of opportunities to discover what makes you thrive at every stage of your career.

Try new things, learn new skills and discover what you excel at—all from Day One.

The Technology, Cybersecurity, and Digital, Data, and AI Risk team provide support to our business partners to maintain an agile, well‑controlled environment that can rapidly and reliably deliver services across the enterprise. This Technology Risk Manager position will support the Enterprise Data Office. To achieve this, the Technology Risk Manager must develop a deep understanding of the aligned leader’s area and partner to:

• Consult control owners and leaders about the risk profile of their portfolios of processes and applications
• Serve as a trusted risk advisor to aligned Technology leaders
• Identify and address risks before they impact objectives
• Oversee and enable the aligned Technology team’s compliance with existing and new requirements
• Evaluate and consult on the risks associated with strategic priorities or major programs and projects
• Provide actionable information to help prioritize risk‑mitigation actions across the portfolio of platforms/applications managed by the leader
• Design and enhance effective control environments for technology products and services
• Simplify the existing control environment using process/control re‑engineering and automation
• Respond to unexpected events and findings

• Technology Risk Management
• Data Management, Data Architecture, and Data Governance
• Product Management

• Identify, monitor, and report on processes, risks, and controls within risk appetite
• Influence risk‑based outcomes within the Technology group’s portfolios
• Provide guidance on how to effectively achieve and sustain compliance with regulatory, industry and contractual obligations, as well as information security policies and practices

• Collaborate to drive strategic outcomes for the good of the overall team
• Consult on strategic initiatives that are defined by the product area owner; ensure risks are appropriately documented, reported, and escalated
• Provide advisory and implementation support in the development of management responses to manage associated risk
• Perform risk assessments to evaluate compliance with existing policies and procedures and to accurately identify risks and drive remediation processes to ensure that compliance and security gaps are addressed
• Use data analysis to help aligned Program Leaders develop proactive and anticipatory approaches to risk management
• Support aligned Technology or Business Line team in demonstrating evidence of control effectiveness and identify and elevate control gaps in a timely manner
• Deliver targeted and actionable risk reporting across various leadership levels
• Serve as a functional liaison between the Business Line and second and third lines of defense

• Bachelor's degree, or equivalent work experience
• Typically, more than 10 years of applicable experience

• Advanced knowledge of applicable laws, regulations, financial services, and regulatory trends that impact their assigned line of business
• Advanced understanding of the business line’s operations, products/services, systems, and associated risks/controls
• Thorough knowledge of Risk/Compliance/Audit competencies
• Strong management skills in processes, projects and people
• Excellent presentation, interpersonal, written, and verbal communication skills
• Strong analytical, problem‑solving and negotiation skills
• Proficient computer skills, especially Microsoft Office applications
• Applicable professional certifications (e.g. CRISC, ITIL, CISSP, CGEIT, etc.)

• Agile frameworks and product management practices
• Defining and mapping data‑specific risks…