Risk Consultant (Security Training and Awareness)

Location
Chicago, Illinois, United States
Salary
Unspecified
Posted
16 Sep 2021
Closes
11 Oct 2021
Ref
91444
Contract type
Permanent
Hours
Full time

This individual’s primary day-to-day responsibility will be in the execution of tasks to be used in support of the Information Security Training and Awareness Program, Information Security initiatives, and management reporting. In particular, the individual will have a key role in performing gap assessments and training needs assessments as it relates to targeted training and will be responsible for the creation, deployment, and reporting of success metrics for targeting training modules. The chosen candidate may also have responsibility for both execution and supervision of tasks associated with Information Security Training and Awareness, including presentations and communications, and for providing backup to other defined key practice areas as outlined in the Information Security and Technology Risk Management Program.   

This role is viewed as a player/coach role with 90% being an individual contributors and 10% supervisory/mentoring. The individual will develop, lead, execute and/or supervise tasks associated with the following responsibilities: 

Define requirements and plan for various information security and technology risk management programs, including but not limited to:

  • establish, track and continually evolve program success metrics;
  • select and manage relevant vendors;
  • process invoices and assist in budget planning and reconciliation; 
  • deliver monthly and quarterly metrics;
  • create project plans for training programs and projects;
  • act as backup for communications and provide responses to internal customer queries on a regular basis; 
  • create, maintain and update relevant team & company-facing websites; and
  • manage requests for metrics and reporting.

Support training and awareness activities for assigned disciplines, including but not limited to:

  1. solicit feedback and approval from Subject Matter Experts (SMEs) on targeting training content;
  2. deliver training edits to vendors as applicable;
  3. manage external vendors with the delivery of Phishing & Vishing simulations;
  4. maintain and deliver department and manager level reporting on simulation results;
  5. assist with committee operations and development of Adobe packets; and
  6. compile success metrics and survey data for specified projects.
  7. Ensure that programs meet relevant industry regulations, company standards, and legal and compliance requirements.
  8. Ensure that risk management programs communicate security policies and requirements so people know, properly understand, and can appropriately follow the standards and policies.
  9. Produce meaningful, measured metrics.
  10. Plan, schedule, and monitor project/program deliverables, goals, and milestones.
  11. Support training and awareness activities for assigned disciplines.
  12. Work with individuals to determine action plans to remediate identified risks.
  13. Collaborate with Information Security, Privacy, and Risk Management teams to provide continuous improvement to Information Security and Technology

Risk Policies and frameworks.

  1. Support Regional Information Security Officers in Information Security activities as needed.
  2. Evaluate and opine on project risk for strategic company initiatives.
  3. Provide consulting to the business on IT Risk.
  4. Participate in cyber security incident response as required.

Knowledge/Skills    

  • Strong understanding of information security, IT audit, and IT risk management principles.
  • Knowledge of Financial Services industry regulations.
  • Able to effectively manage projects and complete multiple tasks simultaneously and efficiently while maintaining a sense of urgency and attention to detail.
  • Excellent written and verbal communication skills. Able to prepare clearly written, organized documents, reports, and communications that demonstrate proper justification and support for any conclusions and assessment results and contain correct grammar, punctuation, and spelling.
  • Able to interact in a professional manner and develop relationships with individuals and teams at any level in Northern Trust or third-party service providers. 
  • Bachelor’s degree in Accounting, Finance, IT, Computer Science, Communications or English or related discipline preferred. Current CISSA, CISM, CRISC, CISSP, or similar IT certification is preferred.       

About Northern Trust: 

Northern Trust provides innovative financial services and guidance to corporations, institutions and affluent families and individuals globally. With over 130 years of financial experience and nearly 20,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service.

Working with Us: 

As a Northern Trust partner, you will be part of a flexible and collaborative work culture, which has a strong history of financial strength and stability. Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company that is committed to strengthening the communities we serve  We recognize the value of inclusion and diversity in culture, in thought, and inexperience, which is why we are honored to receive the following awards in 2021:

  • Gender Equality Index Member, Bloomberg
  • Top Financial & Banking Company, Black EOE Journal, Hispanic Network Magazine, Professional WOMAN'S Magazine 

We’d love to learn more about how your interests and experience could be a fit with one of America’s best banks and most sustainable companies! Build your career with us and apply today.

For further information, and to apply, please visit our website via the “Apply” button below.

Similar jobs

Similar jobs