This individual's primary day to day responsibilities are mentioned below (but are not limited to these):
- Conduct security risk assessment on new and existing Northern Trust's third parties business partners. Ensure proper preventative and detective controls are in place and prepare recommendations to strengthen control weaknesses.
- Demonstrate some proven knowledge on some of the following domains:
- Information Security Governance and Risk Management
- Access Control
- Vulnerability and Penetration
- Network Security
- Application Security
- Cryptography
- Security Architecture and Design
- Operations Security
- Business Continuity and Disaster Recovery Planning
- Legal, Regulations, Investigations and Compliance
- Physical and Environmental Security
- Cloud Security
- Knowledge of regulatory requirements and guidelines relating to Cyber Security, Information Security, Business Resilience and Business Continuity Management.
- Responsible for reviewing master services contracts of the third parties to identify information technology and security related clauses.
- Knowledge on risk treatment and issues management functions and industry tools to support the program.
- Support Issue Owners and/or Issue Identifiers in accurate documentation of root cause analysis, impact analysis, severity ratings and corresponding remediation actions.
- Review evidence provided to validate remediation actions were implemented as required and meet all acceptance criteria to close the issue.
- Monitor the status of remediation actions and provide periodic updates to applicable stakeholders.
- Work across the lines of defense to coordinate changes, provide review and challenge, and respond to audit and regulatory requirements.
- Participate in cyber incident responses to provide guidance related to cyber security risks and control assurance
- Able to interact in a professional manner and develop relationships with individuals and teams at any level in Northern Trust.
- Foster a positive and collaborative environment.
- Flexibility, multi-tasking, good business judgment skills are required to meet competing priorities.
- Contribute to automation, analytics, and continuous improvements of processes
- Demonstrate ability to work well in both an individual contributor and team capacity. Train associates on the incident / issue management process and procedures via mentoring.
Skills Preferred:
- Excellent written and verbal communication skills.
- Experience working in global, cross-functional, collaborative teams.
- Attention to detail.
- In-depth understanding of information security, network management, operating systems, software development, database systems and information technology.
- Understanding of information security, Cyber Security Framework like NIST, Center for Internet Security (CIS), ISO etc. Technology controls around Cloud Computing reviews.
- Advanced experience with MS Office, SharePoint, and Reporting tools
Experience:
Bachelor's degree in computer science or a related discipline and at least ten or more years of experience in the field of Technology Security. Professional certifications (such as CISA, CRISC, CISM, CISSP or similar) is a plus
