at Northern Trust Company in Chicago, Illinois, United States
Job Description
About Northern Trust:
Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.
Northern Trust is proud to provide innovative financial services and guidance to the world's most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world's most sophisticated clients using leading technology and exceptional service.
SUMMARY
Reporting into the Head of Insider Threat Risk Management, the Insider Threat Risk Lead will play an essential role in maturing Northern Trust's ability to deter, prevent, detect, and remediate insider threat activity. The Lead will conduct technical analysis of security event data and investigations into violations of company policy utilizing a broad suite of security operations tools. The Lead will utilize subject matter expertise to support Insider Risk program stakeholders, business representatives, and program initiatives.
The key responsibilities of the role include:
- Develop detection rules aimed at detecting or preventing insider threat activities, within security tools such as Security Information & Event Management (SIEM), User Entity & Behavior Analytics (UEBA), Data Loss Prevention (DLP), and cloud security technologies.
- Lead investigations into violations of Northern Trust's Acceptable Use Policy and ensure all investigations comply with corporate policies and applicable regulatory frameworks.
- Utilize technical skillset to conduct incident response and investigations (e.g., digital forensics, OSINT, data analysis)
- Lead program initiatives including development of program documentation, tabletop exercises, threat intelligence briefs, crown jewels assessments, and standard operating procedures.
- Develop and present meaningful metrics, KRIs, and KPIs to measure risks, trends, and control effectiveness.
- Conduct risk assessments and controls validation testing to identify opportunities to strengthen the control environment.
- Lead formal interviews pertaining to sensitive investigations.
- Establish and manage close relationships with program stakeholders and business representatives.
Knowledge and Skills
- Direct experience performing monitoring, tuning, and/or writing detection rules in tools such as Security Information & Event Management (SIEM), User Entity & Behavior Analytics (UEBA), Data Loss Prevention (DLP), and cloud security technologies.
- Experience performing digital forensics, incident response, Open-Source Intelligence (OSINT), data analysis, and/or threat hunting.
- Familiarity with script/query languages such as KQL, PowerShell, and/or Python.
- Experience conducting risk assessments and/or controls validation testing.
- Project or program management experience.
- Formal investigative interviewing and/or report writing experience.
- Familiarity with cybersecurity frameworks (e.g., NIST) and data privacy concepts.
- Strong understanding of computer operating systems, networking protocols, and IT infrastructure/cloud technologies
- Demonstrated ability to work well in both an individual contributor and team capacity, with multi-national teams.
Experience
- Any combination of equivalent education, experience, or training that allows you to meet the qualifications of this job.
- A minimum of 5-8 years of professional experience performing in-depth security...
Equal Opportunity Employer - minorities/females/veterans/individuals with disabilities/sexual orientation/gender identity
