Lead, Cyber Sec IT RiskM

Job description

Tasks

• Understanding of key management frameworks and best practices for Bring Your Own Key and Hold Your Own Key.
• Setting up DLP policies in Microsoft Defender for Cloud Apps (CASB), Microsoft Defender for Endpoints and Microsoft Purview.
• Support with the implementation of data loss prevention and guidance with unit tests, support with documentation.
• Determination of operational feasibility through evaluation, analysis, problem definition, creation of requirements and proposed solutions.
• Collaboration with enterprise architecture and documentation of processes or procedures and organization as required.
• Acting as a security ambassador, promoting data protection awareness across the organization, sharing best data protection practices and helping to shape Northern Trust as a security-focused organization.
• Reports on the effectiveness of the division's internal control structure and recommendations for improving the effectiveness, efficiency and economic value of a control or process.
• Assess audit findings/gaps, including control weaknesses with an appropriate level of professional skepticism, look for risks to Northern Trust and assist technology partners in developing remediation plans to mitigate weaknesses, provide leadership for the adequacy of the plan.
• Evaluate baseline configurations of system/infrastructure components and their technical controls, work with security technologists to recommend security controls for system owners to mitigate identified security vulnerabilities, create remediation plans and oversee effective implementation.
• Assess vulnerabilities using a risk-based approach, working with system owners to create remediation plans and monitor effective implementation.
• Analysis of trends and changes in the threat environment with regard to organizational risk; development and execution of plans to eliminate identified risks.

Requirements

• Background in networks, data security and cloud-based applications.
• Experience with distributed computing platforms for highly scalable systems.
• Experience with Azure services and ecosystem.
• Experience with Microsoft and Linux-based environments.
• Experience with continuous integration and deployment tools.

Experience

• At least 5+ years of experience in an information security monitoring and response role in a large, complex environment.

We offer

• A flexible and collaborative work culture in an organization where financial strength and stability are assets that enable us to explore new ideas.
• Movement within the organization is encouraged, high-level leadership is accessible, and you can take pride in working for a company that is committed to supporting the communities we serve with a higher purpose.

Reasonable Accommodation

• We understand that flexibility means different things to different people.