U. S. Bank

Banking

VulnerabilityandExposureManagementProgramManager

$170–200k Minneapolis, Minnesota, United States FULL TIME

Market Sentiment

HIGH DEMAND

Neural analysis suggests this role is
optimal for Senior candidates.

The Brief

“Vulnerability and Exposure Management Program Manager at U. S. Bank. Skills: Vulnerability management strategy, Exposure management capability, Risk-based prioritization, Enterprise scale leadership. Define and execute enterprise vulnerability and exposure management strategy. Build, scale, and lead exposure management capability”

What You'll Achieve.

Transforming program effectiveness; Improving stakeholder confidence; Reducing risk; Enabling business and technology development; Reduce real-world exploitability; Faster, AI-influenced threat environment; Improve speed, accuracy, and efficiency of detection and remediation; Identify themes, root causes, and opportunities for targeted risk reduction; Improve coverage and remediation effectiveness; Support enterprise-scale responsiveness

Industry & Context.

Banking

Problems you'll solve

Address effectiveness gaps; Improve stakeholder confidence; Reduce risk; Root cause analysis; Issue management

Eligibility Requirements

Working from a U. S. Bank location three (3) or more days per week, Background checks, Compliance with U. S. Bank policies and procedures, Code of Ethics and Business Conduct

What They're Looking For.

Must Have

Bachelor's degree in information security, Computer Science, Information Technology, or a related advanced degree, 10+ years of progressive experience in information security, technology risk, or security operations, ownership of enterprise-scale programs in large, complex organizations, 5+ years of people leadership experience, leading managers and multi-layer teams (leader of leaders), Demonstrated ability to influence senior executives, drive cross-functional alignment, deliver results in complex, evolving environments, Experience operating in highly regulated industries (e.g., banking, insurance, healthcare)

Nice to Have

Professional certifications such as CISSP, CISM, CISA, or equivalent, Exceptional executive communication and stakeholder management skills, regulator- and audit-facing interactions, Strong negotiation skills to drive alignment, resolve conflict, and deliver outcomes with senior leaders, Experience leading vulnerability management and/or exposure management programs at enterprise scale, Expertise in risk-based prioritization, vulnerability lifecycle management, exposure reduction strategies, Deep understanding of attack surface management, EASM, asset discovery across internal and external environments, data and analytics capability, experience working with large datasets, translating insights into action, Metrics-driven leadership (KPIs/KRIs, SLA performance, MTTR, risk posture), focus on measurable outcomes, Experience modernizing security programs through automation, tooling, AI-enabled capabilities, Proven ability to operate at enterprise scale, balancing risk reduction with business enablement in a regulated environment

What You'll Do.

Define and execute enterprise vulnerability and exposure management strategy

and lead exposure management capability

Establish and operate scalable model

Drive risk-based prioritization and remediation

Set and enforce remediation SLAs

Partner across organizations to embed vulnerability reduction

Deliver executive reporting and insights

Leverage large-scale data analysis

Ensure regulatory and audit readiness

Lead and develop multi-layer organization

and strategic partnerships

Establish and enhance External Attack Surface Management (EASM)

Incorporate adversary-informed perspectives

Evolve program toward continuous

global operating model

How You'll Work.

Team & Collaboration

Partner across technology and business leadership; Partner across CIO/CTO organizations, security, engineering, and business lines; Drive cross-functional alignment

Communication Scope

Executive communication; Stakeholder management; Regulator-facing interactions; Audit-facing interactions; Negotiation skills; Translate technical risk into clear business impact

Process & Methodology

Program management, Multi-year roadmap development, Budget management

Full Job Description

At U.S. Bank, we’re on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed. We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.S. Bank gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career. Try new things, learn new skills and discover what you excel at—all from Day One. ## **_Job Description_** **Location Expectation** This role requires working from a U.S. Bank location three (3) or more days per week. **Role Overview** The Vulnerability and Exposure Management Program Manager is accountable for the enterprise vulnerability management strategy and operating model—expanding beyond traditional vulnerability management to build and lead a largely newly established continuous exposure management capability. This is a **strategic, enterprise-scale leadership role** responsible for transforming an evolving program, addressing effectiveness gaps, and improving stakeholder confidence while reducing risk and enabling business and technology development. The role partners across technology and business leadership to embed vulnerability and exposure reduction practices across cloud, data, digital, and AI initiatives. It includes ownership of internal and external exposure management capabilities, including attack surface visibility, attack path mitigation, and risk-based prioritization to reduce real-world exploitability. The leader will operate within a highly regulated environment and must demonstrate **strong executive presence and negotiation skills** , with the ability to influence senior stakeholders and lead through a multi-layer organization at enterprise scale. **Key Responsibilities** * Define and execute the enterprise vulnerability and exposure management strategy and multi-year roadmap, including

Free ATS check

Applying for this Vulnerability and Exposure Management Program Manager role?

Most applicants get filtered before a human reads their resume. See if yours makes the cut.

Should you apply? AI reads your resume vs this job — match score, gaps to address, ATS keywords.

SKILL SIGNAL 28 detected · ranked by frequency

Vulnerability management strategy ×3

Exposure management capability ×3

Risk-based prioritization ×3

Vulnerability management ×3

Exposure management ×3

Risk assessment ×3

Threat intelligence ×3

Data analysis ×3

Budget management ×3

Vendor management ×3

Enterprise scale leadership ×2

AI ×2

Cloud

Data

Digital

CI/CD

Attack surface visibility

Attack path mitigation

Executive presence

Negotiation skills

Stakeholder management

Regulatory readiness

Audit readiness

External Attack Surface Management (EASM)

Enterprise asset intelligence

Adversary-informed perspectives

Global operating model

Tooling

Role Details

Seniority manager

Experience 10–10 yrs

Level Senior

Work Mode Hybrid

Type FULL TIME

Education Bachelor's degree

Salary Band 150k-200k

AI-Extracted Insights

Domain Areas

information-securitytechnology-risksecurity-operationshighly-regulated-industriesbankinginsurancehealthcarecloud

Certifications

CISSPCISMCISA

How to Apply on Workday

Workday has a multi-step form — save your progress after every section.
"Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
Job requisition numbers are useful when following up with HR by email.

ANONYMOUS · UNFILTERED

What do employees actually say about U. S. Bank?

Real rants from real employees. Read before you apply.

Read Company Rants →