Lead, Cyber Sec IT RiskM

Job description

Tasks

• Conduct information security risk assessment processes for new and existing Northern Trust business partners.
• Demonstration of knowledge in the following areas:
  • Information security governance and risk management
  • Access control
  • Vulnerability and penetration
  • Network security
  • Application security
  • Cryptography
  • Security architecture and design
  • Operational safety
  • Business continuity and contingency planning
  • Law, regulations, investigations and compliance
  • Physical and environmental safety
  • Cloud security
• Conducting assessments of IT controls, identifying gaps, risks and areas for improvement.
• Report writing skills.
• Knowledge of regulations related to banking and compliance.
• Familiarity with contract language, analysis and negotiation process; review third party master service agreements to identify information and security related clauses.
• Work with procurement teams to formulate/renew contracts in line with Information Security team guidelines.
• Documentation and reporting to management of all results from risk assessment processes.
• Collaborate with internal stakeholders and cross-functional teams to ensure all identified risks within each third party vendor are assigned to a business owner and tracked for timely closure.
• Ability to interact professionally and develop relationships with individuals and teams at all levels within Northern Trust.
• Promoting a positive and collaborative environment.
• Demonstrate the ability to work both as an individual contributor and as part of a team.
• Quick and effective adaptation to a highly dynamic and fast-moving working environment.

Requirements

• Bachelor's degree in computer science or a related field and a minimum of ten years of experience in technology security or an equivalent combination of education and work experience.
• Relevant certification (e.g. CISSP, CRISC, CISM, CISSIP) is an advantage.

Preferred skills

• Deep understanding of information security, risk assessments, security risk management principles.
• Basic understanding of technology controls related to application and system vulnerabilities.
• Advanced experience with MS Office, SharePoint and reporting tools.
• Ability to create visual representations of processes and risks to support executive updates.

We offer

• A flexible and collaborative working culture.
• An organization in which financial strength and stability are assets that encourage us to explore new ideas.
• Movement within the organization is encouraged, high-ranking managers are accessible.
• Proud to work for a company that is committed to supporting the communities we serve.
• A workplace with a greater purpose.