About Northern Trust:
Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.
Northern Trust is proud to provide innovative financial services and guidance to the world's most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world's most sophisticated clients using leading technology and exceptional service.
The Cloud Cyber Risk, Lead role has responsibility for supporting the Cybersecurity Risk teams Cloud Risk program within the 2nd line of defense and plays a key role in the enterprise technology, security and cybersecurity risk management program. The role requires collaboration across the three lines of defense, including in particular provision of effective challenge to the 1st line of defense Cloud program.
- Assist managing Cloud Risk governance activities including coordinating maintenance of governance documents, risk committee meetings with senior management from IT, Risk and Business Units.
- Ensure established risk assessment and control validation frameworks are implemented for Cloud Assessments
- Engage with the first line of defense to ensure independent review of IT, security and cybersecurity risk items including risk acceptance and exceptions, internal policy, framework and standards associated with the Cloud Program
- Review and challenge effective independent validation of IT/Security/Cybersecurity controls alignment to various industry best practices and internal standards, framework and requirements (e.g., NIST, COBIT, PCI)
- Perform second line of defense gap assessments and testing of controls against internal applicable standards for compliance
- Assist in identifying process improvement opportunities for automation
- Support monitoring of current and emerging risks and changes to Cloud applicable laws and regulations
- Review documentation prepared by other team members for accuracy and completeness
- Be a Cloud SME while liaising with other members of Risk to ensure Cloud coverage on activities under their scope of responsibility, including but not limited to Risk Assessments, Cybersecurity control testing, Red Team testing, Metrics, Risk Aggregation.
- Act as a liaison for Cloud Cybersecurity Risk on internal audit activities, track audit issues and aggregate findings against the IT control framework
- Create workbooks with metrics related to best practices and compliance of Cloud resources
Working with Us:
- Driven, energetic, team player with superior oral and written communication skills
- Strong business acumen and security technology skills for well-rounded proficiency, as well as proven ability to align with security practices and compliance responsibilities.
- Ability to effectively collaborate and work across the three lines of defense
- Solid knowledge of Cloud Security, Information Security, and Cybersecurity Governance, Risk and Compliance
- Working experience with Azure and/or AWS
- Knowledge of Kusto Query Language
- Exposure and understanding of industry best practices and framework such as NIST, CRI Profile, FFIEC, ISO, CSA
- Understanding of security concepts of threat categories (such as malware, phishing attacks, Defense-in Depth, MITRE ATT&CK framework).
- Exposure and understating of various financial industry regulations such as EBA, SOX, PSD2, EBA, GDPR, CCPA
- Experience in developing and maintaining policies, programs and frameworks including standards and guidelines.
- Capacity to understand legacy and progressive technology and security controls along with respective risk. Working knowledge of technologies and practices such as cloud computing, DevOps and application security.
- Experience and exposure in working with regulators and auditors
- CCSP, AWS Certified Security - Specialty Certification, Azure Security Engineer (AZ-500) OR Equivalent certification a plus
As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas.
Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to assisting the communities we serve! Join a workplace with a greater purpose.
We'd love to learn more about how your interests and experience could be a fit with one of the world's most admired and sustainable companies! Build your career with us and apply today. #MadeForGreater Reasonable accommodation
Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at MyHRHelp@ntrs.com .
We hope you're excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different things to different people.
Apply today and talk to us about your flexible working requirements and together we can achieve greater.