Lead, IT Risk and Security Controls

About Northern Trust :

Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.

Northern Trust is proud to provide innovative financial services and guidance to the world's most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity.

With more than 130 years of financial experience and over 22,000 partners, we serve the world's most sophisticated clients using leading technology and exceptional service.

Major Duties :

1. Define and identify risks associated with the use of technology for internal systems and hosted external systems.

2. Define requirements and plan for various information security and technology risk management programs.

3. Ensure that programs meet relevant industry regulations, standards and compliance requirements.

4. Ensure that risk management programs communicate security policies and requirements so people know, understand and can follow.

5. Produce meaningful, measured metrics in regards to authored risk management programs.

6. Plan, schedule and monitor project / program deliverables, goals and milestones.

7. Review and assess controls through established frameworks.

8. Support training and awareness activities for assigned disciplines.

9. Work with individuals to determine action plans to remediate identified risks.

10. Complete peer reviews of risk assessment or other test results and findings within the team as assigned.

11. Document and report findings and remediation plans to management.

12. Collaborate with Information Security, Privacy, and Risk Management teams to provide continuous improvement to Information Security and Technology Risk Policies and frameworks.

13. Support Regional Information Security Officers in Information Security activities as needed.

14. Evaluate and opine on project risk for strategic company initiatives.

15. Provide consulting to the business on IT Risk.

16. Participate in cyber security incident response as required.

17. Remain informed on trends and issues in the security industry, including current and emerging technologies and prices.

Advise, counsel, and educate executive and management teams and others on their relative importance and financial impact.

Knowledge :

1.Data Analytics Experience

2.) Understanding of Cloud Environment - applications, security, etc.

3.) Understanding of AI and Emerging Technologies

• Strong understanding of information security, IT audit and IT risk management principles.
• Experience with assessing IT related processes such as system and information security, system development and change management, computer operations and data protection.
• Knowledge of Financial Services industry regulations, specifically those set forth in the Federal Financial Institutional Examination Council (FFIEC) handbooks and other country specific regulatory authorities.
• Have applied industry accepted IT risk management and control frameworks such as COBIT 5, ISO 27001 / 27002 and NIST 800-53.
• Experience in specific information security disciplines such as forensics, secure development, threat intelligence or penetration testing.
• Demonstrated ability to work well in both an individual contributor and team capacity, in particular multi-national teams.
• Able to effectively manage projects and complete multiple tasks simultaneously and efficiently while maintaining a sense of urgency and attention to detail.
• Able to evaluate and analyze complex data to assess risk and formulate sound decisions and justifications.
• Possess excellent written and verbal communication skills. Able to prepare clearly written, organized documents, reports and communications that demonstrate proper justification and support for any conclusions and assessment results and contain correct grammar, punctuation and spelling.
• Able to interact in a professional manner and develop relationships with individuals and teams at any level in Northern Trust or third party service provider.

Experience :

• Minimum of 6+ years of IT audit or IT risk management experience
• Required : Current CISA, CISM, CRISC, CISSP or similar IT certifications.
• Bachelor's degree in Accounting, Finance, Information Technology, Management Information Systems, Computer Science or a related discipline.
• Advanced Degree in IT related topics a plus.

Working with Us :

As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas.

Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to assisting the communities we serve! Join a workplace with a greater purpose.

We'd love to learn more about how your interests and experience could be a fit with one of the world's most admired and sustainable companies! Build your career with us and apply today. #MadeForGreater

Reasonable accommodation

Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at MyHRH redacted .

We hope you're excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different things to different people.

Apply today and talk to us about your flexible working requirements and together we can achieve greater.