Job Description

Northern Trust Technology Risk Control function is responsible for enabling Global Information Technology to build a strong 1st Line of Defense, foster a control aware culture, deliver compliant and secure technology capabilities, protect customers and meet regulatory requirements. The Sr. Associate Risk and Control Officer is part of the InfoSec/Infra Control Officer Team, responsible for leading and supporting risk and control assessments for core cyber security domains, performing security testing, and evaluating compliance to information security policies and procedures and regulatory requirements. The role will work directly with cybersecurity, Infrastructure and business units teams providing guidance to implement defense-in-depth controls to protect Northern Trust and the customers. As well as work with a dynamic team and contribute to the overall cyber security of the firm. Major Duties include but not limited to; Support risk and control assessments for core cyber security domains Support remediation of cyber security findings from various sources Solves problems and timely management of open risk and control gaps Participate in the development and maintenance of cyber security standards in line with industry best practices, as well as support technical engagements around security threats vulnerabilities and software security testing Knowledge /Skills/Abilities/ Experience Desirable Criteria include; Technical or audit experience in core cyber security fields such as IAM, vulnerability / threat management, Pen-Testing, Data Protection, IH / IR, AppSec, Network Security, System Administrator, GRC Understanding of Technology Risk Controls across domains Knowledge of performing risk management and industry standards , NIST etc. Ability to proactively assess issues, identify solutions and problem solve. Ability to understand and interact with technology subject matter experts regarding technology topics Analytical, consultative and communication skills with ability to communicate control requirements to partners in terms easily understood Organized and time management skill, with ability to produce high quality timely deliverables Flexible approach towards changing work methods, deadlines and variable workloads. Ability to adapt and react timely and positively in a changing and dynamic work environment. Knowledge Microsoft Office Suite and ability to learn new tools as needed. Applicable industry standard certification(s) desired Bachelor degree in Computer Science or a related discipline and technical experience in the security aspects of multiple platforms, operating systems, software, communications and network protocols or an equivalent combination of education and work experience Major Duties : Provides technical expertise and support to client, IT management and staff in risk assessments, implement. Identifies, evaluates, conducts, schedules and leads technical analyses functions to ensure all applicable IS security requirements are met. Participates in the evaluation, development, implementation, communication, monitoring and maintenance of information technology security policies and procedures. May act as Project Member. May be involved in providing assistance and training to lower level specialists. Keeps abreast on the direction of emerging industry standards. Provides technical analysis of requirements necessary for the protection of all information processed, stored, or transmitted by systems. Serves as an resource or go to person within a group. Conducts preliminary analysis and reviews work of others. Handles more extensive, high-profile work. Responsible for direct interaction with different committees and/or management. Knowledge : Is technical with working knowledge in area of expertise and strong knowledge of other areas. Requires good analytical ability, consultative and communication skills, strong judgment and the ability to work effectively with client, IT management and staff, vendors and consultants. Experience: Bachelor degree in Computer Science or a related discipline and at least four, typically six or more years of technical experience in the security aspects of multiple platforms, operating systems, software, communications and network protocols or an equivalent combination of education and work experience.