Lead Security Assessment Consultant
At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.
What's the role?
Northwestern Mutual is looking for a Lead Security Assessment Consultant to join the Security Assessments Team to focus on security engineering assessments and threat modeling work.
Responsibilities:
- Accountable for advancement of the strategy to provide ongoing monitoring and assessment of control coverage and efficiency in order to ensure compliance with information protection policies and standards.
- Accountable for advancement of the strategy to document, report, and manage findings, exceptions to standards, and identified risks in order to ensure that appropriate action plans are built and executed to remediate gaps, deficiencies, and risks.
- Leads projects within the information risk program including accountability for defining and managing scope, schedule, cost, and quality. Communicates project status to appropriate stakeholders. Ensures compliance with company approved methodology and required deliverables and applies lessons learned throughout subsequent project phases.
- Manages relationships with business clients and gains broad knowledge of their business. Ensures expectations are managed and that clients gain a full grasp of information risks and the impact on their business.
- Responsible for educating, mentoring, and guiding leaders across the company on information risk. Understands both the business and technical implications of information risk and advises on appropriate investment decisions.
- Accountable for the resolution of escalated information risk issues related to information protection policies, standards, processes and controls; information protection awareness and training program; noncompliance issues and security incidents in order to effectively balance the needs of the business with the associated risks.
- Other responsibilities may be assigned as applicable.
Requirements:
- Bachelor's and/or Master's degree with an emphasis in Computer Science, Computer Engineering, Software Engineering, MIS or related field; or related work experience beyond the minimum required.
- One or more advanced risk or security certifications (e.g. CISSP, CRISC, CISA, CISM, CCSP, FAIR).
- 6-8 years of professional experience required
- Six years of professional experience in information systems or systems audit with a demonstrated knowledge in technologies and processes.
- Demonstrable ability to independently identify and resolve critical and complex issues through effective problem solving skills.
- Proven ability to take care of ambiguity.
- Demonstrable ability to maintain and strengthen relationships;
- Proven ability to effectively influence and negotiate with internal and external partners;
- Proven interpersonal savvy with demonstrated tact and diplomacy.
- Proven business and technical communication skills;
- Demonstrable ability to communicate in both business and technical terminology based on the situation and the audience.
- Understanding of information risks and IT general controls.
- Understanding of information risk, data privacy, and controls assurance
- Understanding of risk management principles and techniques
- Ability to lead teams and build consensus around complex technical and business decisions
- Assessment experience - Security Assessments, Risk Assessments, Vendor Assessments, Compliance Assessments
- Ability to recommend mitigating controls for various security gaps
- Cloud Security experience - AWS, Azure
- Knowledge of NIST framework
- Data Privacy (GDPR, CCPA etc.) experience - experience with Data tagging, Data flows, etc.
Benefits:
- Tuition reimbursement, commuter plans, and paid time off
- Highly competitive compensation that include base salary plus bonus
- Medical/Dental/Vision plans, 401(k), pension program
Grow your career with an outstanding company that puts our client's interests at the center of all we do. Get started now!
This job is not covered by the existing Collective Bargaining Agreement.
#LI-POST
This job is not covered by the existing Collective Bargaining Agreement.
Required Certifications:
Grow your career with a best-in-class company that puts our client's interests at the center of all we do. Get started now!
We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.
If you work or would be working in Colorado or outside of a Corporate location, please click here for information pertaining to compensation and benefits.