Associate, Cyber Sec Eng

**About Northern Trust**:
Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.

Northern Trust is proud to provide innovative financial services and guidance to the world’s most successful individuals, families and institutions by remaining true to our enduring principles of service, expertise and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service.

**Working with Us**:
As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas. Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to assisting the communities we serve Join a workplace with a greater purpose.

**Reasonable accommodation**

We hope you’re excited about the role and the opportunity to work with us.

We value an inclusive workplace and understand flexibility means different things to different people.

**Role/ Department**:
crucial role in executing Northern Trust’s security monitoring model, contributing to a resilient and unified team that improves NT’s ability to protect and defend its networks and information.

**Responsibilities**

Under general supervision responsible for detection, eradication, and prevention of security threats in the NT environment and work with consultants and management for additional analytics on security threats.

**Major Duties**
- Serve as a security ambassador, raising data protection awareness across the organization, evangelizing data protection best practices, and helping make Northern Trust a security forward organization
- Provides reports on the effectiveness of the business unit’s internal control structure along with recommendations to improve the effectiveness, efficiency and economic value of a control or a process
- Assessing audit findings/gaps including control weaknesses with an appropriate degree of professional

skepticism, seeking to fully understand risks to Northern Trust, and assist technology partners with the

development of remediation plans to mitigate weaknesses, providing thought leadership on the appropriateness of the plan
- Assessing baseline configurations of system/infrastructure components and their technical controls, work with security engineers to recommend security controls to system owners to mitigate identified security weaknesses, establish remediation plans, and monitor for effective implementation
- Assessing vulnerabilities using a risk based approach, working with system owners to establish remediation plans, and monitoring for effective implementation
- Analyzing trends and changes in the threat environment with respect to organizational risk; developing and executing plans to address identified risks

**Knowledge/Skills**
- Bachelor’s Degree, ideally in technology related field, or equivalent work experience
- Certified Information Security Systems Professional (CISSP), Global Information Assurance Certification (GIAC) Security Essentials (GSEC), Offensive Security Certified Professional (OSCP), or equivalent information security certification
- Demonstrable knowledge of information security control frameworks, i.e. National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), International Organization of Standardization (ISO)/International Electrotechnical Commission (IEC) 27001Information Security Management
- Demonstrable knowledge of information security best practices
- High attention to detail and excellent analytical skills
- Excellent oral and written communication skills; ability to interact with internal and external stakeholders at all levels of the organization

**Experience Required**
- Minimum of 5+ years of experience working in an information security monitoring & response role in a large, complex

environment.