Technology Risk & Information Security Analyst
This individual’s primary day to day responsibility will be in the execution of tasks under the direction of senior team members to be used in support of cybersecurity assessments, penetration testing, information security initiatives, and /or management reporting. In particular, this individual will assist in the identification, assessment and reporting of technology and information security risk. Position is an independent contributor and will work closely with peers and manager on Cybersecurity Assessment and Penetration Testing projects as assigned.
- Coordinate cybersecurity assessments and penetration testing activities between vendors, application teams, the vulnerability management team, and other stakeholders.
- Identify risks associated with the use of technology for internal systems and hosted external systems.
- Support requirements and plans for various information security and technology risk management programs.
- Execute responsibilities associated with programs in a manner that meets relevant industry regulations, standards and compliance requirements.
- As assigned, produce meaningful, measured metrics in regards to authored risk management programs.
- Review and assess controls through established frameworks.
- Work with individuals to determine action plans to remediate identified risks.
- Document and report findings and remediation plans to management.
- Collaborate with Information Security, Privacy, and Risk Management teams to provide continuous improvement to Information Security and Technology Risk Policies and frameworks.
- Support Regional Information Security Officers in Information Security activities as needed.
- Provide limited consulting to the business on IT and Cybersecurity Risk.
- Remain informed on trends and issues in the security industry, including current and emerging technologies and prices.
- Support other testing functions including analyzing threat intelligence, performing reconnaissance activities, system administration, and developing scripts/tools, as needed.
Qualifications/ Experience/ Skills:
- 1 year of Penetration Testing, Cybersecurity Assessment, or IT risk management experience.
- Bachelor’s degree in Accounting, Finance, Information Technology, Management Information Systems, Computer Science or a related discipline.
- Awareness of information security, penetration testing, IT audit and IT risk management principles.
- Basic understanding of assessments of IT related processes such as system and information security, system development and change management, computer operations and data protection.
- Basic understanding of specific information security disciplines such as forensics, secure development, threat intelligence or penetration testing.
- Demonstrated ability to work well in both an individual contributor and team capacity, in particular multi-national teams.
- Strong written and verbal communication skills. Able to prepare clearly written, organized documents, reports and communications that demonstrate proper justification and support for any conclusions and assessment results.
- Able to interact in a professional manner and develop relationships with individuals and teams at any level in Northern Trust or third party service provider.
For further information, and to apply, please visit our website via the “Apply” button below.