Job Details
Experience Needed:
Career Level:
Education Level:
Salary:
Job Categories:
Job Description
- Work directly with the Corporate Information Security and Technology Risk Management function to develop the risk assessment framework and methodology based on NIST and COBIT to effectively communicate Technology and Information Security risk to the business.
- Assist in maturing the first line of defense function across Northern Trust by establishing requirements for monitoring IT controls across the organization.
- Develop a process, risk, control framework with Technology to map organizational controls and establish the accountability and ownership for IT risk management and control activities.
- Validate IT control alignment to various industry standards, framework and requirements (e.g., NIST, COBIT, PCI)
- Act as a liaison between Corporate Information Security and Technology Risk Management to manage internal audit activity, track audit issues and aggregate findings against the IT control framework.
- Assist in Information Security and Technology Risk Management governance activities including coordinating monthly risk committee meetings with senior management from IT, Risk and Business Units.
Job Requirements
- Understanding of IT audit and IT risk management principles.
- Basic knowledge of IT related processes such as system and information security, system development and change management, computer operations and data protection.
- Understanding of industry accepted IT risk management and control frameworks such as COBIT 5, ISO 27001/27002 and NIST 800-53.
- Intermediate skill level in Microsoft Office products and SharePoint preferred.
- Ability to work well in both an individual contributor and team capacity.
- Able to effectively manage projects and complete multiple tasks simultaneously and efficiently while maintaining a sense of urgency and attention to detail.
- Able to evaluate and analyze complex data to assess risk and formulate sound decisions and justifications.
- Possess excellent written and verbal communication skills. Able to prepare clearly written, organized documents, reports and communications that demonstrate proper justification and support for any conclusions and assessment results and contain correct grammar, punctuation and spelling.
- Able to interact in a professional manner and develop relationships with individuals and teams at any level in the organization.
- Minimum of 5 - 7 years of IT audit or IT risk management experience.
- Preferred: CISA, CISM, CRISC, CISSP or similar IT certifications.
- Excellent interpersonal, communication and presentation skills – verbal and written.
- Excellent analytical and problem solving skills.
- Excellent English language skills
- Banking Business Experience will be an asset
