Cybersecurity Grc Associate

About Northern Trust:
Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.

Northern Trust is proud to provide innovative financial services and guidance to the world’s most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service.

The Sr Associate, Cybersecurity IT Risk Mgmt. is responsible for supporting the day-to-day operations of the APAC Infosec and Governance Oversight team and working with risk and control teams in other global sites to establish and maintain a highly effective IT control environment.

The role will report to the Senior Manager, Cybersecurity IT Risk Mgmt. and will be part of a dedicated and outstanding team that focuses on promoting control awareness and appropriately manage risks within the global information technology organization. The individual will also support in coordinating Cybersecurity program efforts across all the business units and countries in the region, and education on cybersecurity awareness including audit engagement.

Responsibilities
- Responsible to ensure compliance with Technology related regulatory / statutory requirements
- The individual should have demonstrated technical expertise in the broad skills of Cybersecurity, SSDLC, I&AM, Third Party Risk Management, Vulnerability Management, Cloud Services, Web Application Firewall, Program Management, Developing Metrics and Reporting, Infosec Governance and Risk Management, Access Controls, AppSec, Cryptography, Security Architecture and Compliance. Work closely with IT directors and Control Officers on IPTs, Controls automation and monitoring
- Coordinate both internal and external audit engagements, facilitate evidence gathering requirements, ongoing vetting of issues identified by Internal Audit with Control Owners including appropriate action plans and remediation / milestone dates
- Support the Issue Management process - Audit | Regulatory | Self-identified. Review the management action plan proposed by the accountable/responsible technology owner. Challenge and provide advice on audit remediation plans. Facilitate discussion of Technology accountable audit issues at the Issue Remediation Council.
- Leverage automation and analytics to build state of the art control testing and continuous control monitoring platform.
- Manage execution of risk and control self-assessments, identification and evaluation of inherent risks, control strength and residual risks of key IT controls, and success execution of risk-based control testing program.
- Work with other leaders within Norther Trust’s technology management and three lines of defenses to assist in timely addressing control gaps, identifying potential opportunities for improvement, and advising on info security control designs for large complex programs (e.g., cloud, API, third-party vendor oversight, data governance). Influence behaviors to reduce risk and foster a strong technology risk management culture throughout the enterprise.

Knowledge and Skills
- In-depth understanding and experiences of information security, IT regulatory/ statutory compliance, IT audit and/or IT risk management principles and infosec.
- In-depth understanding of IT risk assessments and control testing. Experiences of GRC systems (e.g., ServiceNow) preferred
- Experience in automation and data analytics preferred.
- Strong collaboration and relationship management skills.
- Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.
- Highly flexible and adaptable to change, technology forward thinking.
- A bachelor’s degree in engineering, Accounting, Finance, Information Technology, Management Information Systems, Computer Science or a related discipline.
- At least 6 - 8 or more years of technology risk management, Info security and control functions, audit services experience, or similar experience with transferable skills. Financial Services industry experience is a plus. Certification in IT Security viz CEH / CISA / CISSP / CISM preferred.

Working with Us:
As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas.

Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to assisting the communities we serve Join a workplace with a greater purpose.

Reasonable accommodation


We hope you’re excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different thing