at Northern Trust Company in Chicago, Illinois, United States
About Northern Trust:
Northern Trust provides innovative financial services and guidance to corporations, institutions and affluent families and individuals globally. With 130 years of financial experience and nearly 20,000 partners, we serve the world's most sophisticated clients using leading technology and exceptional service.
As a Northern Trust employee ( Partner), you will be part of a flexible and collaborative work culture, which has a strong history of financial strength and stability. Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company that is committed to strengthening the communities we serve.
Northern Trust is committed to working with and providing adjustments to individuals with health conditions and disabilities. If you would benefit from adjustments for any part of the employment process, please inform the recruiter to discuss your individual requirements.
We recognize the value of inclusion and diversity in culture, in thought, and in experience, which is why Forbes ranked us the top employer for Diversity in 2018.
Primary candidate has techno-functional knowledge and experience in Information Security domain involving undertakings and projects focusing on data security activities. This includes prior contributions to the strategic direction of data security programs, working knowledge of, and experience with the development and enterprise-wide implementation of end-to-end processes, as well as data security best practices.
Develop, socialize, maintain, and interpret complex data security governance elements (e.g., policy, standard, TOM, procedures, and business continuity plans) that define data security requirements.
Develop, implement, and execute governance and monitoring processes as required per internal/external standards and regulations (e.g.: FFIEC, GDPR, etc).
Responsible for execution of Data Protection Risk & Controls Self Assessments (RCSA) and the development of Process Risk & Controls Inventories (PRCI).
Responsible for monitoring KRI/KPI and conducting escalation activities for noncompliance to data protection policies, standards, and procedures to various levels of leadership
Contributes to the optimization, execution, and maintenance of a data security program elements, especially those involving business processes, repeatable methods, automation, and measurements needed for a viable risk-based data security program (e.g.: KRI/KPI metrics).
Works with information security management frameworks (i.e., ISO 2700X, NIST CSF, SANS Top 20 Critical Security Controls, etc.)
Responds both verbally, and in writing, to complex inquiries and new periodic exams from both internal partners (e.g., legal, compliance, audit, risk) and external partners (e.g., regulators, external auditors, third-parties). This also includes prior experience in optimization and execution methods to improve future responses to such inquiries, as well as prior experience providing peer-review of such responses.
Responsible for the management and tracking of internal and external issues or areas of concerns related to the Data Protection program (e.g.: audit responses, etc)
Responsible for managing the content on the Enterprise-wide knowledge and collaboration workspace specifically for the Data Protection program.
Bachelor's degree or equivalent experience
Experience with Data Governance teams at both the Enterprise and various business levels level
Equal Opportunity Employer - minorities/females/veterans/individuals with disabilities/sexual orientation/gender identity