SeniorTechnology Risk Manager
Summary
The Technology Risk Senior Consultant is a key role in Northern Trust’s first line of defense for managing technology and information security risk.
The Technology Risk Senior Consultant is responsible for overseeing the execution of risk management processes for two Technology practice areas: Information Security, and Enterprise Architecture.
The Technology Risk Senior Consultant tailors first line of defense risk management activities and outputs to meet the needs of their specific Technology stakeholders, while ensuring overall first line of defense risk program objectives are consistently achieved.
Major Duties
1. Works with key stakeholders to identify and prioritize technology risk management areas for focus.
2. Drives ownership and accountability for technology controls within specific technology group(s) by identifying control owners and/or control operators and ensuring specific controls are adequately documented by the first line.
3. Assists the first line in defining requirements and guidelines for controls.
4. Monitors and assesses effectiveness of control implementation within the first line, through a variety of processes including self-assessments, testing, and monitoring key performance indicators.
5. Performs targeted risk assessments.
6. Identifies key performance indicators for technology controls, works with key stakeholders to agree thresholds that align with appropriate risk tolerance/appetites definitions, and proactively monitors for potential control concerns.
7. Maintains a detailed risk register reflecting control gaps identified through processes noted above, monitors resolution, and escalates concerns as appropriate to key stakeholders.
8. Provides periodic reporting to highlight areas for concern, emerging risk or control patterns, etc., to key stakeholders.
9. Defines and delivers an awareness and training agenda to promote a culture of effective controls.
10. Identifies and drives improvement in first line of defense technology risk management processes, practices, frameworks and tools.
Knowledge/Skills
• In-depth understanding of information security, IT audit and IT risk management principles.
• Understanding of assessments of IT related processes such as system and information security, system development and change management, computer operations and data protection.
• Demonstrated ability to work well in both an individual contributor and team capacity.
• Demonstrated consultative and advisory mindset and critical thinking acumen. • Strong written and verbal communication skills. Able to prepare clearly written, organized documents, reports and communications that demonstrate proper justification and support for any conclusions and assessment results and contain correct grammar, punctuation and spelling.
• Eagerness to learn and apply new concepts.
• Able to interact in a professional manner and develop relationships with individuals and teams at any level in Northern Trust or third party service provider, including experience interfacing with executive management.
Experience Required
• At least four, typically six or more, years of IT audit or IT risk management experience.
• Bachelor’s degree in Accounting, Finance, Information Technology, Management Information Systems, Computer Science or a related discipline.