at Northern Trust Company in Chicago, Illinois, United States
Job Description
About Northern Trust:
Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.
Northern Trust is proud to provide innovative financial services and guidance to the world's most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world's most sophisticated clients using leading technology and exceptional service.
Description:
Reporting to the Head of Attack Surface Management you will play a vital role within Northern Trust's Information Security program. This leader will design and improve key Attack Surface Management processes (Vulnerability Management, Hardening, Application Security) along with driving adoption and understanding throughout the organization.
Attributes we are seeking:
- Proven track record of Application Delivery and in-depth knowledge of DevSecOps pipelines
- Broad understanding of security capabilities at mid to large sized institutions
- Experience and comfort briefing senior leadership and different business units on relevant threats and appropriate recommendations
- Thinks independently. Understanding how the industry performs cyber security is crucial. But it still needs to make sense for Northern Trust.
- Builds trusted relationships with Sr. Stakeholders including the ability to influence perspectives, and a track record of listening and actioning feedback.
- Proven track record of managing people, shaping careers and growing talent.
Responsibilities:
- Proposes, socializes and changes security processes based in industry best practice and local observations to continuously improve Northern Trust's security effectiveness.
- Lead Security Champion communities of practice to ensure the various cybersecurity requirements and processes are understood, efficient, and that we are gathering feedback for improvement.
- Collaborate with Attack Surface Management engineering team (peer) to ensure process requirements or areas of improvements are understood and implemented. ("voice of the customer")
- Collaborate with Attack Surface Management governance team (peer) to communicate and set areas of focus or security concern in the organization.
- Collaborate with DevOps pipeline organization (matrixed) to set security requirements and to deliver them via continuous CI/CD integration and optimization
- Lead and evolve Application Security Training capability.
Qualifications:
- Deep expertise in DevSecOps and application development.
- Senior Technologist with a proven track record of cyber leadership in a large organization.
- Demonstrated ability to lead large-scale operational cybersecurity programs.
- Strong aptitude to develop and maintain internal and external business relationships and to leverage those relationships in pursuit of day-to-day goals and responsibilities
- Experience partnering and responding to regulatory and audit exams and findings.
- Proven ability to influence and mentor others in in a technology-focused environment.
- Communicates difficult concepts and negotiates with others to adopt a different point of view.
- In-depth Functional / Industry knowledge is required.
- Highly flexible and adaptable to change.
- A College or University degree and/or relevant proven work experience is required.
- CISSP or equivalent cyber security certification...
Equal Opportunity Employer - minorities/females/veterans/individuals with disabilities/sexual orientation/gender identity
