Job Description

At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.

Responsibilities:

* Accountable for defining and operating processes to provide ongoing monitoring and assessment of control coverage and efficiency in order to ensure compliance with information protection policies and standards.

* Accountable for assessing and evaluating complex processes and controls in order to determine compliance with information protection policies and standards, and ensure effective management of risk.

* Accountable for consulting and advising on large, complex and ambiguous efforts on the appropriate design of information protection controls and control monitoring in order to align with information protection policies and standards, and demonstrate ongoing compliance with information protection policies and standards.

* Accountable for providing domain expertise for the information risk management program which may include: evaluating vendor security and risk posture, advising on purchase and investment decisions, establishing appropriate monitoring of information protection controls, evaluating operational efficiency of information protection controls, and evaluating noncompliance issues.

* Accountable for defining and operating processes to document, report, and manage findings, exceptions to standards, and identified risks in order to ensure that appropriate action plans are built and executed to remediate gaps, deficiencies, and risks.

* Accountable for leading, coaching, and mentoring embedded risk engineers and other staff members on aspects of the information risk management program and specific processes in order to ensure behaviors and outcomes that support information protection, privacy, and data security, and drive consistency, quality and efficiency of deliverables.

* Accountable for developing action plans in order to support departmental and corporate strategy.

Requirements:

* Bachelors degree with an emphasis in Computer Science, Computer Engineering, Software Engineering, MIS or related field; or related work experience beyond the minimum required.

* One or more advanced risk or security certifications (e.g. CISSP, CRISC, CISA, CISM, CCSP, FAIR).

* 4-5 years of professional experience required

* Four or more years of experience in information systems or systems audit with a demonstrated knowledge in technologies and processes

* Four or more years of experience in information systems or systems audit with a demonstrated knowledge in technologies and processes

* Proven ability to craft and implement IT general controls

* Ability to assess designs for risk and control gaps and recommend remediation approaches

* Demonstrated ability to lead, coach and mentor other staff members

* Solid ability to independently identify and resolve critical and complex issues through effective problem solving skills

* Solid ability to maintain and strengthen relationships; ability to effectively influence and negotiate with internal and external partners

* Proven interpersonal savvy with demonstrated tact and diplomacy

* Proven track record in taking care of ambiguity

* Assessment experience - Security Assessments, Risk Assessments, Vendor Assessments, Compliance Assessments

* Ability to recommend mitigating controls for various security gaps

* Cloud Security experience - AWS, Azure

* Knowledge of NIST framework

* Data Privacy (GDPR, CCPA etc.) experience - experience with Data tagging, Data flows, etc.

Benefits:

* Tuition reimbursement, commuter plans, and paid time off

* Highly competitive compensation that include base salary plus bonus

* Medical/Dental/Vision plans, 401(k), pension program

Grow your career with an outstanding company that puts our clients interests at the center of all we do. Get started now!

We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.

This job is not covered by the existing Collective Bargaining Agreement.

This job is not covered by the existing Collective Bargaining Agreement.

Required Certifications:

Grow your career with a best-in-class company that puts our clients interests at the center of all we do. Get started now!

We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.