Apac Vulnerability Patching

About Northern Trust:
Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.

Northern Trust is proud to provide innovative financial services and guidance to the world’s most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service.
- Summary
- Northern Trust is seeking an Infrastructure Patching and Vulnerability Control Engineer that will work with the Infrastructure Engineering and Operations partners across the towers to help assess, advise, test, and guide remediation of various infrastructure internal control findings from first-line Control, IT Risk, Compliance, Audit, self-assessments, and applicable regulatory bodies
- This diverse position will require the individual to work with infrastructure owners and their management, Northern Trust Patching and Vulnerability Control Engineers, Disaster Recovery (DR) program managers, automation engineers, internal IT risk and control teams (ITOC), and business function testers.

**Responsibilities**:
- Serve as the POC for everyday Patching and Vulnerability Functions in the Infrastructure Engineering and Operations organization across the Infrastructure towers- Serve as key liaison and spokesperson during any risk and control meetings for any Infrastructure tower as per patching and vulnerability remediation, as soon as a threat has been identified and facilitating communications between Northern Trust groups- Have or acquire an in depth understanding of the different moving parts and functions involved in the vulnerability remediation process especially as involves Infrastructure components- Represent the Infrastructure towers in Risk Control with IT Leadership and operational committees to communicate the status, capabilities, and issues of the infrastructure organization-
- Integrate technical control expertise and business understanding to coordinate / envision superior solutions for the infrastructure components- Maintain an effective technical network across the Control community, ITOC, technical SMEs and architects for multiple service areas- Analyze high volumes of vulnerabilities across individual towers requiring special attention- Ingest and communicate vulnerability metrics with the greater Infrastructure team and Executive Management to allow for data-driven risk management- Issue Management - Validate accuracy of vulnerability records to be uploaded to ServiceNow- Ensure responsible vulnerability owners provide regular status updates in ServiceNow and escalate to accountable owner(s), as needed- Support Management in providing timely information on status to key stakeholders (CIO, CTO etc.) and obtain necessary approvals- Support Management in monitoring issues with upcoming due dates (30 - 60 - 90 days), communicating and validating on progress to ensure transparency on status and vulnerability resolution- Escalate any vulnerability downgraded to at risk within 90 days of due date to Management- Facilitate deferral and extension process with formal notification and approvals (where needed) to appropriate accountable owners- Review and validate evidence for closure of issues to ensure conditions for closure are met; document validation conclusion in vulnerability tickets- Share key insights and learnings from participation in Infrastructure meetings to share with management

As a partner at Northern Trust, you must actively manage and mitigate risk and act with integrity. In accordance with our core values of service, integrity, and expertise, you are expected to:
- Adhere to all applicable risk management programs, policies, and procedures- Complete all mandatory training by the deadline- Understand how your behavior could expose Northern Trust, its clients, and financial markets to different types of risk- Ensure that Northern Trust or its clients are not exposed to inappropriate or excessive risk- Escalate any risk concerns, including those resulting from mistakes / errors to a manager or business unit risk officer- Exercise diligence regarding cyber-security- Cooperate with internal control functions (including first-line Control, Risk, Compliance, Audit, self-assigned, etc.) and applicable regulatory bodies- Avoid conflicts of interest or behaviors that might produce unfair outcomes for Northern Trust or its clients or damage the integrity of financial markets

**Qualifications**:
- Bachelor's degree in information technology, Management Information Systems, Computer Science or a related discipline- 10+ years as Infrastructure vulnerability and patching operating at enterprise scale- Advanced technical problem-solving skills-
- Strong system analysis and service development experience- Financial or