Security Posture and Configuration Manager

 

At U.S. Bank, we’re on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed.  We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.S. Bank gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career. Try new things, learn new skills and discover what you excel at—all from Day One.

Job Description

Role Overview

The Security Posture and Configuration Manager is responsible for enabling business speed and innovation while measurably reducing security risk and operating with strong financial and governance discipline. This role partners closely with technology leaders, executives, and businesses to embed security into platforms, products, and delivery models, particularly across AI, data, and digital initiatives to consistently accelerate enterprise priorities. The leader brings deep expertise in information security, risk management, and security operations, along with the ability to build strong teams and foster a culture of security awareness across the enterprise.

Key Responsibilities

• Establish, lead, and mature an enterprise Configuration Management capability, consolidating multiple previously distributed configuration functions into a scalable and consistent operating model across cloud, SaaS, containerized, and on‑prem environments.
• Direct and develop multiple teams of senior security professionals responsible for configuration baseline definition, automated and manual validation, monitoring, governance, and remediation execution.
• Define and operationalize risk‑based configuration standards and tolerance thresholds, translating complex configuration data into enterprise‑level risk signals that inform compliance monitoring and decision‑making.
• Design and oversee how configuration data, scanning results, and validation checks are sourced, integrated, and consumed to ensure accurate, defensible, and actionable security outcomes.
• Lead a highly visible, customer‑facing security function, partnering with Technology, Business Line Risk, and Governance teams to enable secure delivery while minimizing friction, unnecessary exceptions, and repeated escalations.
• Serve as a senior escalation point for configuration deviations and risk exceptions, balancing security requirements with business enablement through executive‑level negotiation and influence.
• Build and evolve remediation strategies and operating models, including standing up new capability where required, while transitioning from manual approaches to scalable, automated solutions.
• Drive tooling assessment, integration, and rationalization to address capability gaps and improve efficiency, accuracy, and sustainability of configuration management outcomes.
• Lead teams through a build‑and‑run transformation, unifying legacy and modern approaches while delivering measurable risk reduction and control effectiveness results.
• Influence enterprise security strategy by ensuring configuration posture supports evolving technology adoption, including cloud platforms, AI enablement, and modern delivery models.

Basic Qualifications

• Bachelor’s degree in Information Security, Computer Science, Information Technology, Engineering, or a related field.
• Ten (10) or more years of progressive experience in information security, technology risk, or related technology disciplines.
• Five (5) or more years of people leadership experience, including managing managers and leading teams with diverse technical skillsets.
• Broad experience across enterprise security operations, risk management, governance, and security controls.

Preferred Qualifications

• Demonstrated ability to influence and drive outcomes across large, complex organizations without relying solely on direct authority.
• Experience building, scaling, or unifying enterprise security capabilities across multiple platforms or organizational boundaries.
• Experience operating in environments with cloud‑first architectures, SaaS platforms, containerized workloads, and modern DevOps practices.
• Proven success leading teams through ambiguous, transformational environments, including standing up new capabilities while maintaining operational delivery.
• Advanced degree in Information Security, Technology, or a related discipline.
• Professional certifications such as CISSP, CISM, CISA, or equivalent.

Technical Competencies Required for Success

The successful candidate is not expected to be the hands‑on expert, but must demonstrate the subject matter expertise to lead teams responsible for:

• Managing and evolving enterprise security configuration baselines, including CIS and comparable frameworks.
• Designing and overseeing automated configuration monitoring and validation, leveraging scanning and telemetry solutions to assess deep technical configurations.
• Reducing configuration drift through scalable remediation approaches aligned with application and platform teams.
• Integrating Policy‑as‑Code (PaC) and Infrastructure‑as‑Code (IaC) practices into security governance and delivery workflows.
• Leading SaaS and container configuration management strategies at enterprise scale.
• Leveraging data analytics and security telemetry to evaluate configuration posture and produce risk‑based insights from configuration and security metadata.

Location Expectation

This role requires working from a U.S. Bank location three (3) or more days per week.

If there’s anything we can do to accommodate a disability during any portion of the application or hiring process, please refer to our disability accommodations for applicants.

Benefits: 

Our approach to benefits and total rewards considers our team members’ whole selves and what may be needed to thrive in and outside work. That's why our benefits are designed to help you and your family boost your health, protect your financial security and give you peace of mind. Our benefits include the following:

• Healthcare (medical, dental, vision)

• Basic term and optional term life insurance

• Short-term and long-term disability

• Pregnancy disability and parental leave

• 401(k) and employer-funded retirement plan

• Paid vacation (from two to five weeks depending on salary grade and tenure)

• Up to 11 paid holiday opportunities

• Adoption assistance

• Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law

Review our full benefits available by employment status here.

U.S. Bank is an equal opportunity employer. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, and other factors protected under applicable law.

E-Verify

U.S. Bank participates in the U.S. Department of Homeland Security E-Verify program in all facilities located in the United States and certain U.S. territories. The E-Verify program is an Internet-based employment eligibility verification system operated by the U.S. Citizenship and Immigration Services. Learn more about the E-Verify program.

The salary range reflects figures based on the primary location, which is listed first. The actual range for the role may differ based on the location of the role. In addition to salary, U.S. Bank offers a comprehensive benefits package, including incentive and recognition programs, equity stock purchase 401(k) contribution and pension (all benefits are subject to eligibility requirements). Pay Range: $170,255.00 - $200,300.00

U.S. Bank will consider qualified applicants with arrest or conviction records for employment. U.S. Bank conducts background checks consistent with applicable local laws, including the Los Angeles County Fair Chance Ordinance and the California Fair Chance Act as well as the San Francisco Fair Chance Ordinance. U.S. Bank is subject to, and conducts background checks consistent with the requirements of Section 19 of the Federal Deposit Insurance Act (FDIA). In addition, certain positions may also be subject to the requirements of FINRA, NMLS registration, Reg Z, Reg G, OFAC, the NFA, the FCPA, the Bank Secrecy Act, the SAFE Act, and/or federal guidelines applicable to an agreement, such as those related to ethics, safety, or operational procedures.

Applicants must be able to comply with U.S. Bank policies and procedures including the Code of Ethics and Business Conduct and related workplace conduct and safety policies.

Posting may be closed earlier due to high volume of applicants.