Senior Lead - Third Party Risk Management

This individual’s primary day to day responsibilities are mentioned below (but are not limited to these):

• Conduct security risk assessment on new and existing Northern Trust’s third parties' business partners. Ensure proper preventative and detective controls are in place and prepare recommendations to strengthen control weaknesses.
• Demonstrate some proven knowledge on some of the following domains:
• Information Security Governance and Risk Management
• Access Control
• Vulnerability and Penetration
• Network Security
• Application Security
• Cryptography
• Security Architecture and Design
• Operations Security
• Business Continuity and Disaster Recovery Planning
• Legal, Regulations, Investigations and Compliance
• Physical and Environmental Security
• Cloud Security
• Knowledge of regulatory requirements and guidelines relating to Cyber Security, Information Security, Business Resilience and Business Continuity Management.
• Responsible for reviewing master services contracts of the third parties to identify information technology and security related clauses.
• Knowledge on risk treatment and issues management functions and industry tools to support the program.
• Support Issue Owners and/or Issue Identifiers in accurate documentation of root cause analysis, impact analysis, severity ratings and corresponding remediation actions.
• Review evidence provided to validate remediation actions were implemented as required and meet all acceptance criteria to close the issue.
• Monitor the status of remediation actions and provide periodic updates to applicable stakeholders.
• Work across the lines of defense to coordinate changes, provide review and challenge, and respond to audit and regulatory requirements.
• Participate in cyber incident responses to provide guidance related to cyber security risks and control assurance
• Able to interact in a professional manner and develop relationships with individuals and teams at any level in Northern Trust.
• Foster a positive and collaborative environment.
• Flexibility, multi-tasking, good business judgment skills are required to meet competing priorities.
• Contribute to automation, analytics, and continuous improvements of processes
• Demonstrate ability to work well in both an individual contributor and team capacity. Train associates on the incident / issue management process and procedures via mentoring.

Skills Preferred:

• Excellent written and verbal communication skills.
• Experience working in global, cross-functional, collaborative teams.
• Attention to detail.
• In-depth understanding of information security, network management, operating systems, software development, database systems and information technology.
• Understanding of information security, Cyber Security Framework like NIST, Center for Internet Security (CIS), ISO etc. Technology controls around Cloud Computing reviews.
• Advanced experience with MS Office, SharePoint, and Reporting tools

Experience:

Bachelor’s degree in computer science or a related discipline and at least ten or more years of experience in the field of Technology Security. Professional certifications (such as CISA, CRISC, CISM, CISSP or similar) is a plus