At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.
The Lead Risk Management Consultant serves as the key information risk strategy and integration advisor, working to deliver an optimized and coordinated information risk management approach. You will: manage information risk outcomes; develop and manage relationships with business leaders and risk partners; ensure processes and controls are aligned with established information risk strategy, accountable for escalating information risk issues and balancing business needs with information risk implications, to foster a business environment that effectively manages information risk; resolve escalated information risk issues related to information protection policies, standards, processes and controls; manage delivery of strategy and integration projects within the information risk program (including accountability for defining and managing scope, schedule, cost, and quality); communicate project status to stakeholders; ensure compliance with Company-approved risk management methodology.
Lead, coach, and mentor NM staff on EIRC's information risk management approach to ensure consistency and quality. You hold yourself to a high standard, proactively working to enhance industry knowledge.

• Responsible for the advancement of the information risk strategy to foster a business environment that effectively manages information risk. Communicates the information risk strategy with business clients, Tech function, vendors, field and senior management to ensure common understanding and acceptance.
• Manages overall results of multiple projects within the information risk program including accountability for defining and managing scope, schedule, cost, and quality. Communicates project status to appropriate stakeholders. Ensures compliance with company approved methodology and required deliverables and applies lessons learned throughout subsequent project phases.
• Manages relationships with business clients and gains broad knowledge of their business. Ensures expectations are managed and that clients gain a full understanding of information risks and controls, and the impact on their business.
• Lead execution of periodic cyber maturity assessments to provide insights into NM's cybersecurity program. Activities will include evaluating processes and practices, making tactical and strategic recommendations to address identified gaps, and developing roadmaps to achieve maturity targets.
• Lead execution of periodic IT risk assessments using a repeatable, data-driven approach to identify and evaluate technology risks most impactful NM, and recommend actions for managing identified risks.
• Responsible for educating, coaching, and guiding leaders across the company on information risk. Understands both the business and technical implications of information risk and advises on appropriate investment decisions.
• Accountable for the resolution of escalated information risk issues related to information protection policies, standards, processes and controls; information protection awareness and training program; noncompliance issues and security incidents in order to effectively balance the needs of the business with the associated risks.
• Other responsibilities may be assigned as necessary.

Bring your best! What this role needs:

• Bachelor's degree with an emphasis in MIS, Business or related field; or related work experience beyond the minimum required.
• Ten years of professional experience in information systems or systems audit.
• Minimum of two years of experience leading complex projects or developing, influencing, and recommending business strategies.
• Demonstrable ability to independently identify and resolve critical and complex issues through effective problem-solving skills.
• Ability to deal with ambiguity.
• Demonstrable ability to maintain and strengthen relationships; ability to effectively influence and negotiate with internal and external partners; and proven organizational savvy with demonstrated tact and diplomacy.
• Proven business and technical communication skills; ability to communicate in both business and technical terminology based on the situation and the audience.
• Solid understanding of information risks and IT general controls.
• Solid experience applying IT risk management frameworks, implementing risk taxonomy, and developing IT risk appetite and tolerance statements.
• Solid ability to lead teams and build consensus around complex technical and business decisions.

Desired Skills
Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or Certified Information Systems Security Professional (CISSP)
#li-post
Grow your career with a best-in-class company that puts our client's interests at the center of all we do. Get started now!
W e are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.
If you work or would be working in Colorado or outside of a Corporate location, please click here for information pertaining to compensation and benefits.