Job Description

At U.S. Bancorp India, we’re on a journey to do our best. We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.S. Bancorp India gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career. Try new things, learn new skills and discover what you excel at—all from Day One.

1. Technology Risk Management

• Own and maintain the adherence to the Group policy on Resiliency at the GCC. Oversee all relevant IT control assessments, identify control gaps, and drive remediation in partnership with the Technology and Cybersecurity teams.
• Manage the IT Risk and Control Self-Assessment (RCSA) process for technology-facing business units; facilitate workshops to surface emerging risks in areas.
• Define and monitor technology-focused Key Risk Indicators (KRIs) and Key Control Indicators (KCIs); escalate threshold breaches to the CRO.
• Assess operational risk arising from technology changes at the GCC: review change management practices and project risk assessments for material technology programmes.
• Provide second-line oversight of the Cybersecurity risk posture within the GCC and security incident response readiness.

2. Business Continuity Planning (BCP) & Operational Resilience

• Lead the design, maintenance, and annual testing of the GCC Business Continuity Management (BCM) framework, in accordance with Group BCM standards.
• Work with business units and functions in the GCC to identify critical business services and supporting assets, define Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs)
• Coordinate and manage all BCP exercises — tabletop walkthroughs, functional drills, and full failover simulations — ensuring meaningful participation from business, technology, and facilities stakeholders.
• Maintain and test the IT Disaster Recovery (DR) plan for the GCC in partnership with the Technology team; validate DR outcomes against agreed RTOs and RPOs; report results and gaps to the CRO.
• Maintain the Crisis Management Plan and support the Crisis Management Team during actual disruption events; coordinate communication to GCC leadership, Group Risk.
• Track post-exercise and post-incident findings through to closure; report resilience metrics and BCP test outcomes to the CRO and the GCC Risk Committee on a periodic basis.

3. Physical Security Risk

• Working closely with Corporate Security support the oversight the physical security requirements of the GCC including access control, CCTV surveillance, visitor management, perimeter security, and secure information handling across all GCC facilities.
• Working closely with Corporate Security support the Physical Security risk assessments across GCC premises; identify vulnerabilities and drive remediation..
• Coordinate emergency response and evacuation planning in conjunction with the BCP and Crisis Management framework; ensure fire safety, medical emergency, and security incident protocols are current and tested.
• Co-ordinate with Corporate Security on the development of physical security requirements for new GCC facility expansions, fit-outs, or relocations.
• Manage relationships with security service provider; ensure contractual SLAs are met and third party security risks are assessed..

4. Risk Governance, Reporting & CRO Support

• Prepare and present high-quality risk papers covering technology risk, BCP status, operational resilience metrics, and physical security for the CRO, Risk & Compliance Committee, and Board Committee.
• Maintain risk dashboards and management information that give the CRO real-time visibility of technology and resilience risk exposure across the GCC.

5. Stakeholder Management & Risk Culture

• Build and maintain productive relationships with Group Technology Risk, Group Cybersecurity, Group BCM, and Group Physical Security teams to ensure GCC frameworks remain aligned with enterprise standards.
• Lead awareness campaigns and training on technology risk, BCP responsibilities, and physical security protocols to embed a resilience-first culture across the GCC workforce.

Required

• Third level qualification.
• 8-20 years working experience with at least 8+ years of relevant experience in technology risk, IT audit, cybersecurity risk, or operational resilience within financial services GCC.
• Demonstrable hands-on experience designing, executing, and reporting on BCP/DR programmes
• Experience managing physical security risk assessments within a GCC
• Solid understanding of IT General Controls, RCSA methodology, KRI frameworks, and technology-related loss event management.
• Ability to translate complex technical risk issues into clear executive-level communications and Board papers for the CRO.
• Strong stakeholder management and influencing skills; comfortable operating in a global matrix organisation.

Preferred

• Familiarity with international standards and frameworks: ISO 22301 (BCM), ISO 27001 (Information Security), NIST Cybersecurity Framework.
• Experience of the Digital Personal Data Protection Act (DPDP Act) and its implications for GCC technology operations.
• Experience with GRC platforms (Archer, ServiceNow) and other security monitoring tools.

If there’s anything we can do to accommodate a disability during any portion of the application or hiring process, please refer to our disability accommodations for applicants

Posting may be closed earlier due to high volume of applicants.

This is an U.S. Bancorp India posting. U.S. Bancorp India is a part of the U.S. Bank family.