Cybersecurity Program Manager

At U.S. Bank, we're on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed. We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.S. Bank gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career. Try new things, learn new skills and discover what you excel at-all from Day One.

Job Description

Agilists at U.S. Bank are customer obsessed with a focus on serving product teams, ensuring all product vision, planning and development activities are rooted in Agile and Product Values & Principles. Agilists enable the organization to consistently experiment and evolve business strategy based on prior outcomes and feedback. They drive culture change through day to day to work with a focus on Agile & Product mindset, values and continuous improvement and keep the team focused on achieving product goals using agile methods. Owns the agile practices of the team/product group/journey including cross-portfolio impacts, planning, dependency maps, OKRs and key metrics for success in partnership with Product Management, business partners, digital and technology modelling agile methods, values, and principles. Provides regular communication to stakeholders and partners for transparency and awareness of outcomes and impediments; creates visual displays and communications with key information and agile updates for leadership.

This role will perform program management services in an agile environment with an emphasis (but not exclusion) on security-related initiatives and operational support for cybersecurity.

The role: The program manager for security fulfills a critical role in reducing the risk of cybersecurity issues for our customers. The program manager manages security-related initiatives, ensures effective ongoing security vulnerability incidents are tracked and managed, strategically analyzes future threats to propose additional focus where needed, and overall contributes to operational excellence. The program manager partners closely with enterprise security and compliance partners as well as business line-specific leadership spanning technology, product, compliance, program management and business risk management. The program manager is also the subject matter expert for guiding effective security remediations across >20 scrum teams.

This role will help build, maintain, and enhance a best-in-class security practice that includes the following elements:

• Refine the Security Vulnerability Reference Guide to reflect new vulnerability scope documented in 2023. This will include process, tools, governance, partnerships, reporting, and more.

• Reconstruct the ServiceNow Vulnerability Dashboard

• Communication: Improve the communication capacities for planned and ad-hoc security vulnerability for all kinds of stakeholders within talech and across the enterprise. Key audiences include CBB CRO, Risk Management, Technology & Product Leadership, Portfolio Management insights for effective guidance for teams, ISS, and more. Continue to host cross-team planning and tracking at the right frequency (currently biweekly).

• Strategic Insights for Protecting Against Upcoming Threats: Every business line has expertise in how its products are used by its intended customer base, and therefore each business line's product and technology management needs to be aware of upcoming threats posted by an ever-growing skill base of bad actors seeking to steal information or otherwise harm our business and customers. Association with select industry-appropriate organizations will be part of this including proposed ongoing training for selected roles.

• Cyclical: Annual/repeated cyclical items like cert pinning, minimum version, and penetration testing.

• Build a Security Vulnerability "101" Training: Each new team member in certain roles will benefit from security onboarding so that competencies needed for scanning (prevention), remediation, and effective operations are part of our regular teamwork.

Role Responsibilities:

• Program management: Initiate, plan, track, and lead multiple security initiatives (also known as programs) for the point-of-sale portfolio which includes more than 20 scrum teams and multiple business areas such as Risk, Compliance, Commercialization (Go to Market), Customer Care.

• Operational excellence: Develop, improve, and lead innovative processes for a variety of business-as-usual security concerns such as: vulnerability remediation, penetration testing, transport layer security upgrades; and more.

• Security events: Triage and orchestrate resolution for security events by guiding effective triage and from a portfolio level for any server- or application-side security events (including customer devices and anything between) if high-priority incidents occur coordinating amount potentially a large population of subject matter experts and teams.

• Quarterly planning: Exercise excellent quarterly planning skills to contribute toward Program Increment Planning (also known as Quarterly Product Planning) as part of a SAFe (Scaled Agile Framework) approach; this includes recommendations on requirements, team member capacity, skills, etc.

• Communicate: Develop executive-level communications using a variety of approaches to meet the needs of many stakeholders in an efficient, scalable manner to reach enterprise-wide representatives from Business Risk, Compliance, and Information Security Services as well as all leadership and teams within the talech business area; this requires expert-level use of PowerPoint, Confluence, visual-based collaboration tools such as Visio and Mural, and more.

• Analysis: Expert-level ability to build dashboards and reporting in ServiceNow using advanced skills in ability to export and analyze data through Excel capabilities such as Pivot Tables and Power Query to support all aspects of the job.

• Facilitate: Lead meetings effectively including preparation, hosting, and follow-up while documenting actions and references to ensure strong commitments for action and easy retrieval of decisions and findings.

• Resolve: Document, monitor, delegate, and bring portfolio-level risks, issues, actions, and decisions to resolve.

• Subject Matter Expert: Apply robust on-the-job learning skills to serve all team members by fielding questions and advising on processes and procedures to resolve security concerns by understanding security scanning tools and methods and U.S. Bank's processes to upload scan outcomes into ServiceNow along with ways to analyze and resolve any security incident.

• Stay a Step Ahead: Research and advise on where the organization needs to adapt based on insightful awareness of industry trends.

Preferred Skills/Experience:

• Experience in a Cyber Security Program, Project, Portfolio Management role

• Excellent relationship building and cross-functional team experience

• Bachelor's degree, or equivalent work experience

• PMP a plus

• SAFe environment experience also a plus

• Power User in MS Excel (pivot tables, analytics functions, etc.)

• Typically three to five years of relevant experience

• Proficient agile practice professional

• Effective presentation, verbal and written communication skills

If there's anything we can do to accommodate a disability during any portion of the application or hiring process, please refer to our disability accommodations for applicants.

Benefits:

Our approach to benefits and total rewards considers our team members' whole selves and what may be needed to thrive in and outside work. That's why our benefits are designed to help you and your family boost your health, protect your financial security and give you peace of mind. Our benefits include the following (some may vary based on role, location or hours):

• Healthcare (medical, dental, vision)

• Basic term and optional term life insurance

• Short-term and long-term disability

• Pregnancy disability and parental leave

• 401(k) and employer-funded retirement plan

• Paid vacation (from two to five weeks depending on salary grade and tenure)

• Up to 11 paid holiday opportunities

• Adoption assistance

• Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law

EEO is the Law

U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors. Applicants can learn more about the company's status as an equal opportunity employer by viewing the federal KNOW YOUR RIGHTS EEO poster.

E-Verify

U.S. Bank participates in the U.S. Department of Homeland Security E-Verify program in all facilities located in the United States and certain U.S. territories. The E-Verify program is an Internet-based employment eligibility verification system operated by the U.S. Citizenship and Immigration Services. Learn more about the E-Verify program.

The salary range reflects figures based on the primary location, which is listed first. The actual range for the role may differ based on the location of the role. In addition to salary, U.S. Bank offers a comprehensive benefits package, including incentive and recognition programs, equity stock purchase 401(k) contribution and pension (all benefits are subject to eligibility requirements). Pay Range: $102,340.00 - $120,400.00 - $132,440.00

U.S. Bank will consider qualified applicants with criminal histories in a manner consistent with the San Francisco Fair Chance Ordinance.

Job postings typically remain open for approximately 20 days of the posting date listed above, however the job posting may be closed earlier should it be determined the position is no longer required due to business need. Job postings in areas with a high volume of applicants, such as customer service, contact center, and Financial Crimes investigations, remain open for approximately 5 days of the posting listed date.