U.S. Bank Central Key Manager in Omaha, Nebraska

U.S. Bank / Elavon is seeking a Central Key Manager for North America to contribute toward the success of our information security technology initiatives. The Central Key Manager, working within the Enterprise Key Management team, acts as the governance and oversight authority for all key management activities within their assigned domain and bears responsibility for maintaining security of keys at all points in their lifecycle within these domains. The Central Key Manager will ensure compliance with all responsibilities for cryptographic key management in their assigned domain and have oversight over other key management roles, e.g. Key Administrators, Site Key Managers, and Key Custodians, etc. within their domain. This ensures that any tasks involving key management life cycle events are closely monitored and documented in accordance with Elavon, US Bank, and industry regulations.

Security Responsibilities:

  • Aware of regulatory and contractual requirements that apply to Elavon system(s), and ensure compliance with those requirements.

  • Maintains Key Management Practice Statements (KMPS) for Elavon global processes.

  • Maintains Key Management Operational Procedures (KMOP) for all Elavon global processes.

  • Ensures key management processes are in alignment with US Bank and Elavon standards and policies.

  • Maintains accurate key inventory records, including metadata for all keys, for all environments.

  • Ensure keys exist only at the minimum number of locations necessary for the functional operation of the organization including disaster recovery or redundant processing sites.

  • Authorizes and controls key lifecycle events for keys in all environments, including

  • Authorization to create any key utilized for cryptographic purposes.

  • Authorization to rotate any key utilized for cryptographic purposes.

  • Authorization to destroy any key utilized for cryptographic purposes.

  • Authorize and track Key Management assignments, including Key Administrators and Key Custodians.

  • Communicates key management practices, policies, and guidelines to Key Administrators.

  • Provides security training to Key Administrators for key management duties.

  • Manages and coordinates Key Custodian security duties relating to cryptographic key life cycle management.

  • Clearly communicates key management security practices, policies, and guidelines to all levels of staff within Elavon

  • Coordinates key ceremonies for key lifecycle events

  • Provides training to Key Custodians for key management duties.

  • Ensures proper separation of duties for key lifecycle administration.

  • Coordinates periodic incident response exercises, audits, and risk assessments.

  • Make final determination of potential key compromise, and take appropriate actions to secure data and keys.

  • Works closely with Enterprise Key Manager and team to ensure proper governance of key management is being maintained.

  • Actively participate in industry forums on key management security changes and concerns.

Governance / Oversight Responsibilities:

  • Coordinating Keyholder Activities across all Elavon global operations

  • Coordination of internal and external compliance audits.

  • Coordinate and perform as required, internal QA and QCP processes.

  • Organizing quarterly, annual / bi-annual Key Maintenances

  • Supporting, reviewing and updating 3rd party Key Management processes and procedures

  • SME on industry and regulatory requirements for key and PIN management. (I.e. PCI PIN, PCI DSS, PCI P2PE, TR-39, etc.)

  • Monitor and report as necessary on 3 rd party service provider compliance.

Operational Responsibilities:

  • Development of processes, procedures, for new and existing team members including the sharing of knowledge, experiences to minimise project delays.

  • Maintain and audit service providers as necessary.

  • Investigate higher level production and testing issues and requirements as requested by team management.

  • Provide assistance and troubleshooting for all Pin encryption Production and testing technical issues whether terminal, injection or Host related.

  • Working on new product and merchant Implementations as required.

  • Liaison to industry governing bodies, i.e. EFT networks, Visa, Inc., etc. as required on any cryptographic issues key management issues.

  • Project management responsibilities.

  • Develop and deliver training to global population of key management staffs and applicable users and administrators of cryptographic keys.

  • Subject Matter Experts in the operation of cryptographic hardware operation.


Basic Skills:

  • High-level understanding of symmetric cryptography and cryptographic key management practices

  • Working knowledge of Payments Industry regulatory requirements that apply to Elavon

  • Advanced understanding of Microsoft offices tools

  • Ability to communicate clearly, orally and written, with all levels of staff and management on the topic of cryptographic key management

  • Technical aptitude on PC operations, Host to Host networking, Cloud computing, and Wireless networks.

  • High-level understanding of Public Key Infrastructure (PKI) - Digital certificate management

  • Excellent organizational skills

Job: Information Technology

Primary Location: Tennessee-TN-Knoxville

Shift: 1st - Daytime

Average Hours Per Week: 40

Requisition ID: 180009712

Other Locations: United States

U.S. Bank is an Equal Opportunity Employer committed to creating a diverse workforce.

U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors.