Lead, Cyber Sec IT RiskM

Job description

Tasks

• Implementation of information security risk assessment processes for new and existing Northern Trust business partners
• Demonstration of knowledge in the following areas:
  • Information security governance and risk management
  • Access control
  • Vulnerability and penetration
  • Network security
  • Application security
  • Cryptography
  • Security architecture and design
  • Operational safety
  • Business continuity and disaster recovery planning
  • Law, regulations, investigations and compliance
  • Physical and environmental safety
  • Cloud security
• Assessment of IT control operations, identification of gaps, risks and areas for improvement
• Report writing skills
• Knowledge of regulations related to banking and compliance
• Familiarity with contract language, analysis and negotiation processes; review of third-party master service contracts to identify IT and security-related clauses
• Work with procurement teams to formulate/renew contracts in accordance with Information Security team guidelines
• Documentation and reporting to management of all results from risk assessment processes
• Collaborate with internal stakeholders and cross-functional teams to ensure all identified risks within each third party vendor are assigned to business owners and tracked for timely closure
• Ability to interact professionally and develop relationships with individuals and teams at every level at Northern Trust
• Creating a positive and collaborative environment
• Demonstrate the ability to work effectively both as an individual contributor and as part of a team
• Quick and effective adaptation to a highly dynamic and fast-paced working environment

Requirements

• Bachelor's degree in computer science or a related field and at least ten years of experience in technology security or an equivalent combination of education and work experience
• Relevant certification (e.g. CISA, CISSP, CISSP-ISSAP) is an advantage

Preferred skills

• Deep understanding of information security, risk assessments and security risk management principles
• Basic understanding of technology controls in the context of application and system vulnerabilities
• Advanced experience with MS Office, SharePoint and reporting tools
• Ability to create visual representations of processes and risks to support executive updates

We offer

• A flexible and collaborative work culture in an organization where financial strength and stability are assets that encourage us to explore new ideas
• Movement within the organization is encouraged, senior leadership is accessible, and you can take pride in working for a company that is committed to supporting the communities we serve
• A workplace with a greater purpose
• Flexibility in work requirements; possibility to talk about flexible work requirements