CAREERS

Manager, Technology Risk & Information Security

📁
Risk Management/Compliance
📅
76450 Requisition #

Northern Trust is currently seeking a qualified professional to join the Information Security and Technology Risk Management Team (ISTRM) to develop and manage the day to day functional requirements for Governance, Risk, and Compliance (GRC); specifically focusing on Information (Cyber) Security Risk Management and Information Technology Risk Management Globally.



Primarily this individual will be responsible for five core practice areas of Information Security and Technology Risk Governance, Risk and Compliance:



1. Program Governance, including delivery, management, and validation of overarching corporate programs, policies, standards, frameworks, and guidelines



2. Program Analytics, Metrics and Reporting



3. Audit, Exam, and Committee Coordination



4. Regulatory and Legal Compliance


5. Industry Alignment and Legal Analysis (i.e., precedent setting cyber litigation)


The candidate will collaborate with functional peers and cross-functional colleagues to deliver a mature, global 1st and 2nd Line of Defense GRC Framework, and will manage all operational aspects of the ISTRM’s 2nd Line of Defense GRC Practices.



Job Responsibilities



- Skillfully manage a small, diverse team of professionals ranging from quantitative analysts, to legal experts, to control validation specialists.



- Work directly with the Corporate Information Security and Technology Risk Management functional domain heads to develop and maintain a risk assessment framework and methodology based on NIST and COBIT, to effectively communicate Technology and Information Security risk to the business.



- Assist in maturing the first line of defense function across Northern Trust by establishing requirements for monitoring technology and security controls across the organization.



- Develop a process, risk, control framework with Technology to map organizational controls and establish the accountability and ownership for security and technology risk management and control activities.



- Validate IT control alignment to various industry standards, framework and requirements (e.g., NIST, COBIT, PCI, SWIFT)



- Act as a liaison between Corporate Information Security and Technology Risk Management to manage internal audit activity, track audit issues and aggregate findings against the IT control framework.



- Assist in Information Security and Technology Risk Management governance activities including coordinating monthly risk committee meetings with senior management from IT, Risk and Business Units.


- Perform validation activities against stated 2nd line of defense control objectives, including survey based self-assessments and formal sample-based testing as appropriate.


Required Knowledge, Skills and Abilities


- Understanding of IT audit and IT risk management principles. 


- Basic knowledge of IT related processes such as system and information security, system development and change management, computer operations and data protection.


- Understanding of industry accepted IT risk management and control frameworks such as COBIT 5, ISO 27001/27002 and NIST 800-53.


- Demonstrated track record of implementing innovative risk countermeasures and security controls specific to PCI-DSS, SSAE-16, ISO-27001, and the like.


- Intermediate skill level in Microsoft Office products and SharePoint preferred.


- Ability to work well in both an individual contributor and team capacity.


- Able to effectively manage projects and complete multiple tasks simultaneously and efficiently while maintaining a sense of urgency and attention to detail.


- Able to evaluate and analyze complex data to assess risk and formulate sound decisions and justifications.


- Possess excellent written and verbal communication skills.  Able to prepare clearly written, organized documents, reports and communications that demonstrate proper justification and support for any conclusions and assessment results and contain correct grammar, punctuation and spelling.


- Able to interact in a professional manner and develop relationships with individuals and teams at any level in the organization.


Experience


- Minimum of 7 years of IT audit and/or IT risk management experience.


- Preferred: CISA, CISM, CRISC, CISSP or similar IT and/or Security certifications.   


- Bachelor’s degree in Accounting, Finance, Information Technology, Management Information Systems, Computer Science or a related discipline


- Managing a team of five or more individual; preferably in a globally diverse arena

 

  

For more than a century, Northern Trust has worked hard building our legacy of outstanding service, expertise and integrity. From a Chicago-based bank founded in 1889, we now have more than 20 international locations and 18,500 employees globally. We serve the world’s most-sophisticated clients – from sovereign wealth funds and the wealthiest individuals and families, to the most-successful hedge funds and corporate brands.


We burnished our reputation as a global leader delivering innovative investment management, asset and fund administration, fiduciary and banking solutions enabled by sophisticated, leading technology. And through it all, we continually laid a solid, forward-looking foundation on which future generations can continue growing and achieving greater.


As of March 31,2019, Northern Trust Corporation had:


$10.9 trillion in assets under custody/administration
$8.2 trillion in assets under custody
$1.2 trillion in assets under management
$122 billion in banking assets

 

Previous Job Searches

My Profile

Create and manage profiles for future opportunities.

Go to Profile

My Submissions

Track your opportunities.

My Submissions

Similar Listings

United States, Illinois, Chicago

📁 Risk Management/Compliance

Requisition #: 77147

United States, Illinois, Chicago

📁 Risk Management/Compliance

Requisition #: 76107

United States, Illinois, Chicago

📁 Risk Management/Compliance

Requisition #: 78064

Reasonable Accommodation
Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the employment process, please email our HR Service Center or call 1-800-807-0302 (North America), +630-276-5353 (Asia Pacific), +44(0)207 982 4357 (Europe, Middle East and Africa) and let us know the nature of your request and your contact information.

Equal Employment Opportunity Statements
  • APAC EEO Statement
    • APAC EEO STATEMENT

      It is the policy and practice of Northern Trust to provide equal employment opportunities to all employees and applicants. Northern Trust does not discriminate on the basis of race, colour, religion or belief, nationality, ethnic or national origin, sex, marital status, sexual orientation, disability or age. All employment decisions will be made in a non-discriminatory manner in accordance with our obligations under the law and codes of practice. This includes human resources’ decisions relating to recruitment, terms and conditions of employment, transfers, promotions and access to learning and development.

  • Canada EEO Statement
    • Canada EEO STATEMENT

      Northern Trust is an Equal Opportunity Employer. Hiring and other employment decisions at Northern Trust are made without regard to race, colour, religion, sex, ancestry, national origin, ethnic origin, age, disability, citizenship, veteran status, sexual orientation, record of offences, marital status, family status, or any other characteristic protected by federal, provincial, or local law, regulation, or ordinance.

  • EMEA EEO Statement
    • EMEA EEO STATEMENT

      It is the policy and practice of Northern Trust to provide equal employment opportunities to all employees and applicants. Northern Trust does not discriminate on the basis of race, colour, religion or belief, nationality, ethnic or national origin, sex, marital status, sexual orientation, disability or age. All employment decisions will be made in a non-discriminatory manner in accordance with our obligations under the law and codes of practice. This includes human resources’ decisions relating to recruitment, terms and conditions of employment, transfers, promotions and access to learning and development.

  • USA EEO Statement
    • USA EEO STATEMENT

      It is the policy of The Northern Trust Company to afford equal opportunity in all phases of employment without regard to an individual's age, race, color, religion, creed, gender, national origin, citizenship status, marital status, pregnancy, sexual orientation, gender identity, gender expression, genetic tests and information, physical or mental disability, protected veteran status or any other legally protected status. EEO poster (U.S.)EEO is Law Poster Supplement