Role Overview
This is an individual contributor position responsible for the execution of activities supporting IT and Cybersecurity Risk Management, including regulatory interactions, IT risk and control assessments, information security initiatives, and management reporting.
The role plays a key part in the identification, assessment, management, and reporting of technology and information security risk.
Responsibilities
Develop and maintain technology and cybersecurity risk metrics and assessments to inform the firm of its risk posture.
Manage preparation and delivery of materials for key engagements, including regulatory interactions, audit examinations, and senior management meetings.
Identify and assess risks associated with internal technologies and externally hosted systems.
Define requirements and execution plans for information security and technology risk management programs.
Ensure risk management programs align with applicable regulations, industry standards, and compliance requirements.
Communicate security policies and requirements clearly to ensure organisational understanding and adoption.
Produce meaningful, measurable metrics for owned risk management programs.
Review and assess technology and security controls using established frameworks.
Drive risk reduction through defined risk treatment and remediation processes.
Document, track, and report risk findings and remediation plans to management.
Collaborate with Information Security, Privacy, and Enterprise Risk teams to enhance policies, standards, and frameworks.
Evaluate and provide risk advice on strategic business and technology initiatives.
Participate in cybersecurity incident response activities as required.
Stay current on industry trends, emerging threats, technologies, and regulatory developments and advise management on their potential business and financial impact.
Qualifications and Experience
Strong experience in IT Risk Management, Technology Risk, or IT Audit.
Experience creating metrics and reporting using tools such as Power BI and PowerPoint.
Required certification: CISA, CISM, CRISC, CISSP, or equivalent.
Bachelor's degree in Accounting, Finance, Information Technology, MIS, Computer Science, or related discipline.
Advanced degree in an IT-related field is desirable.
Strong ability to develop effective technology and cybersecurity risk metrics, assessments, and executive-level presentations.
Experience assessing IT processes including information security, system development and change management, computer operations, and data protection.
Working knowledge of Financial Services regulatory requirements, including FFIEC handbooks and relevant country-specific regulatory bodies.
Hands-on experience applying industry frameworks such as COBIT 5, ISO ***********, and NIST ******.
Exposure to one or more information security disciplines (e.g., forensics, secure development, threat intelligence, penetration testing).
Strong analytical skills with the ability to assess complex data and formulate sound, well-justified risk decisions.
Proven ability to manage multiple priorities with urgency and attention to detail.
Excellent written and verbal communication skills, including the ability to produce clear, well-structured documentation and reports.
Ability to work effectively both independently and within global, multi-national teams.
Professional presence and ability to build strong working relationships across all organisational levels and with third-party providers.
EEO Statement
It is the policy of The Northern Trust Company to afford equal opportunity in all phases of employment without regard to an individual's age, race, color, religion, creed, gender, national origin, citizenship status, marital status, pregnancy, sexual orientation, gender identity, gender expression, genetic tests and information, physical or mental disability, protected veteran status or any other legally protected status.
#J-*****-Ljbffr