Lead, Cyber Sec IT RiskM

About Northern Trust:

Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.

Northern Trust is proud to provide innovative financial services and guidance to the world’s most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service.

Principal Responsibilities/Requirements:

Primary candidate has techno-functional knowledge and experience in Information Security domain involving undertakings and projects focusing on data security activities. This includes working knowledge of, and experience in supporting the development and enterprise-wide implementation of end-to-end processes, as well as data security best practices.

Supports the development, socialisation, and maintenance of complex data security governance elements (e.g., policy, standard, TOM, business processes, procedures, and business continuity plans) that define data security requirements.

Supports the development, implementation, execution, and enhancement of governance and monitoring processes as required per internal/external standards and regulations (e.g.: FFIEC, GDPR, NYDFS, etc).

Supports the execution of Data Protection Risk & Controls Self Assessments (RCSA) and the development of Process Risk & Controls Inventories (PRCI).

Supports all efforts related to the optimisation, execution, and maintenance of a data security program elements, especially those involving business processes, repeatable methods, automation, and measurements needed for a viable risk-based data security program (e.g.: KRI/KPI metrics).

Supports the monitoring of risk and associated performance indicators (KRI/KPI) and conducting escalation activities for non-compliance to data protection policies, standards, and procedures to various levels of leadership.

Supports the development of communication, both verbally, and in writing, to complex inquiries and new periodic exams from both internal partners (e.g., legal, compliance, audit, risk) and external partners (e.g., regulators, external auditors, third parties). This also includes prior experience in supporting efforts related to the optimisation and execution methods to improve future responses to such enquiries.

Supports the management and tracking of internal and external issues or areas of concerns related to the Data Protection program (e.g.: audit responses, escalations tracking, etc.)

Supports the creation and maintenance of content on the Enterprise-wide knowledge and collaboration workspace specifically for the Data Protection program.

Minimum:

Bachelor’s degree or equivalent experience

Experience with Information Security Governance teams at both the Enterprise and various business levels level

Working knowledge of information security management and governance frameworks (i.e., ISO 2700X, NIST CSF, SANS Top 20 Critical Security Controls, COBIT, etc.)

Working knowledge of business process analysis, design, process map re-engineering and optimisation utilising industry protocols (i.e., BPMN 2.0, etc.), best practices and tools (i.e., MS Visio, TIBCO, ARIS, EPC, etc.).

Experience supporting the response to IT Audits (FFIEC Handbook)

Working knowledge of any enterprise grade GRC platform (i.e., ServiceNow GRC, MetricStream, IBM OpenPages, etc.)

Experience with end-to-end strategic programme roadmap development

Strong analytical and problem-solving skills

Expert experience with report visualization (Excel, PowerPoint, Tableau, Power BI, etc.)

Experience with enterprise-grade content/knowledge management tools (i.e., Confluence, SharePoint, Documentum, etc.)

Excellent communication skills

Strong organizational and facilitation skills

Ability to work autonomously, under pressure, and to prioritise tasks.

Preferred:

CISSP, CISM, CISA, CRISC or other information security certifications

Experience with computer languages (SQL Query, Python, etc.)

Vast working knowledge of Business Process Engineering and Management

Experience with KRI/KPI and dashboard reporting development and socialisation.

Experience and/or working knowledge of Agile frameworks and practices such as Scrum, Kanban, Lean, etc.

Working with Us:

As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas.

Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to assisting the communities we serve! Join a workplace with a greater purpose.

We’d love to learn more about how your interests and experience could be a fit with one of the world’s most admired and sustainable companies! Build your career with us and apply today. #MadeForGreater

Reasonable accommodation

Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at .

We hope you’re excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different things to different people.

Apply today and talk to us about your flexible working requirements and together we can achieve greater.

R125783