Additional Information
About Northern Trust:
Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.
Northern Trust is proud to provide innovative financial services and guidance to the world's most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world's most sophisticated clients using leading technology and exceptional service.
Roles and Responsibilities:
This role will be responsible for assessing and monitoring the risk posture of third-party vendors, driving process improvements, leading automation initiatives and delivering actionable insights through risk metrics and reporting The individual will be required to serve as the subject matter expert (SME) on third parties risks and the individual's primary day to day responsibilities are mentioned below (but are not limited to these):
Conduct security risk assessment on new and existing Northern Trust's third parties business partners. Ensure proper preventative and detective controls are in place and prepare recommendations to strengthen control weaknesses.
Demonstrate some proven knowledge on the following domains: Information Security Governance and Risk Management
Access Control
Vulnerability Management and Penetration Testing
Network Security
Application Security
Cryptography
Security Architecture and Design
Operations Security
Business Continuity and Disaster Recovery Planning
Legal, Regulations, Investigations and Compliance
Physical and Environmental Security
Cloud Security
Strong understanding and proven working experience on Information Security frameworks (e.g., NIST, ISO 27001, SIG, SOC2)
Knowledge of regulatory requirements and guidelines relating to Cyber Security, Information Security, Privacy, Business Resilience and Business Continuity Management.
Define, maintain and refine KPIs, KRIs, and KCIs for third-party risks to measure program effectiveness and vendor risk trends.
Build and present executive level dashboards and reports to senior leadership.
Ensure traceability and accuracy in risk reporting
Ability to utilize Microsoft Copilot and AI-driven tools for automating third-party risk management workflows, generating risk reports, cyber incident response and simplifying documentation tasks.
Responsible for reviewing master services contracts of the third parties to identify information technology and security related clauses.
Knowledge on risk treatment and issues management functions and industry tools to support the program.
Support Issue Owners and/or Issue Identifiers in accurate documentation of root cause analysis, impact analysis, severity ratings and corresponding remediation actions.
Review evidence provided to validate remediation actions were implemented as required and meet all acceptance criteria to close the issue.
Monitor the status of remediation actions and provide periodic updates to applicable stakeholders.
Work across the lines of defense to coordinate changes, provide review and challenge, and respond to audit and regulatory requirements.
Participate in cyber incident responses to provide guidance related to cyber security risks and control assurance
Able to interact in a professional manner and develop relationships with individuals and teams at any level in Northern Trust.
Foster a positive and collaborative environment.
Flexibility, multi-tasking, good business judgment skills are required to meet competing priorities.
Contribute to automation, analytics, and continuous improvements of processes
Demonstrate ability to work well in both an individual contributor and team capacity. Train associates on the incident / issue management process and procedures via mentoring.
Skills Preferred:
Excellent written and verbal communication skills.
Experience working in global, cross-functional, collaborative teams.
Attention to detail.
In-depth understanding of information security, network management, operating systems, software development, database systems and information technology.
Understanding of information security, Cyber Security Framework like NIST, Center for Internet Security (CIS), ISO etc.
Knowledge of technology controls around Cloud Computing reviews.
Advanced experience with MS Office, SharePoint, and Reporting tools
Ntrs · Pune, India