Job Description

Roles and Responsibilities: This individual s primary day to day responsibilities are mentioned below (but are not limited to these): Perform information security risk assessment processes for new and existing Northern Trust s third parties business partners. Demonstrate some proven knowledge on some of the following domains: Information Security Governance and Risk Management Access Control Vulnerability and Penetration Network Security Application Security Cryptography Security Architecture and Design Operations Security Business Continuity and Disaster Recovery Planning Legal, Regulations, Investigations and Compliance Physical and Environmental Security Cloud Security Perform assessment of IT controls operation, identifying, gaps, risks and areas for improvement. Report writing skills. Knowledge on regulations related to banking and compliance Should be well versed with contract language, analysis and negotiation process. Responsible for reviewing master services contracts of the third parties to identify information technology and security related clauses. Responsible for working with procurement teams to formulate/renew the contracts as per the information security team guidelines. Responsible for documenting, and reporting to management, all findings from risk assessment processes. Collaborate with internal stakeholders & functional teams to ensure that all identified risks within each third party are assigned to business owners and tracked for timely closure. Able to interact in a professional manner and develop relationships with individuals and teams at any level in Northern Trust. Foster a positive and collaborative environment. Demonstrate ability to work well in both an individual contributor and team capacity. Rapidly and effectively adapt to a highly dynamic and fast-paced work environment. Skills Preferred: Excellent written and verbal communication skills. Able to converse and develop business relationships with individuals and teams at any level within Northern Trust. Knowledge of IT Security Domains / Frameworks (e.g., NIST, ISO27001). Knowledge of Compliance regulations. Understanding of IT Audit process. In-depth understanding of information security, risk assessments, security risk management principles. Principle understanding of Technology controls relating to Application and system vulnerabilities, Advanced experience with MS Office, SharePoint, and Reporting tools Ability to develop visual representations of processes and risks to support executive updates. Experience: Bachelor s degree in computer science or a related discipline and at least ten or more years of experience in the field of Technology Security or an equivalent combination of education and work experience. Relevant certification (e.g. CISA, CRISC, CISM, CISSP) is a plus