Security Assessment Consultant
At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.
What's the role?
Northwestern Mutual is looking for Security Assessment Consultant to join the Security Assessments Team to focus on security engineering assessments and threat modeling work.
Responsibilities:
- Accountable for defining and operating processes to provide ongoing monitoring and assessment of control coverage and effectiveness in order to ensure compliance with information protection policies and standards.
- Developing Threat Models that enumerate cybersecurity threats, documenting and verifying the existing controls and identifying if additional mitigating controls are required.
- Assessing and evaluating complex processes and controls in order to determine compliance with information protection policies and standards, and ensure effective management of risk.
- Consulting and advising on large, complex and ambiguous efforts on the appropriate design of information protection controls and control monitoring in order to align with information protection policies and standards, and demonstrate ongoing compliance with information protection policies and standards.
- Providing domain expertise for the information risk management program which may include: evaluating vendor security and risk posture, advising on purchase and investment decisions, establishing appropriate monitoring, and evaluating operational effectiveness of information protection controls, and noncompliance issues.
- Defining and operating processes to document, report, and manage findings, exceptions to standards, and identified risks to ensure that appropriate action plans are created and executed to remediate gaps, deficiencies, and risks.
- Leading, coaching, and mentoring the engineering community and other team members on aspects of the information risk management program and specific processes to ensure behaviors and outcomes that support information protection, privacy, and data security, and drive consistency, quality and productivity of deliverables.
- Developing action plans to support departmental and corporate strategy.
Bring your best! What this role needs:
- Bachelor's degree with an emphasis in Computer Science, Computer Engineering, Software Engineering, MIS or related field; or related work experience beyond the minimum required.
- One or more advanced risk or security certifications (e.g. CISSP, CRISC, CISA, CISM, CCSP, FAIR).
- Four or more years of experience in information systems or systems audit with a demonstrated knowledge in technologies and processes
- Demonstrated ability to design and implement IT general controls
- Ability to assess designs for risk and control gaps and recommend remediation approaches
- Demonstrated ability to lead, coach and mentor other team members
- Strong ability to independently identify and resolve critical and complex issues through effective problem solving skills
- Solid ability to maintain and strengthen relationships; ability to effectively influence and negotiate with internal and external partners
- Proven track record in dealing with ambiguity
- Assessment experience - Security Assessments, Risk Assessments, Vendor Assessments, Compliance Assessments
- Ability to recommend mitigating controls for various security gaps
- Cloud Security experience - AWS, Azure
- Knowledge of NIST framework
- Experience or working knowledge with threat modeling methodologies visually representing data and process flows in an enterprise environment.
Benefits:
Beyond base salary, NM offers the following benefits; pension, 401k, PTO, tuition reimbursement, comprehensive medical, dental, and vision, FREE lunch, annual bonus opportunity, and much more!
#LI-Post
This job is not covered by the existing Collective Bargaining Agreement.
Required Certifications:
Grow your career with a best-in-class company that puts our client's interests at the center of all we do. Get started now!
We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.
If you work in Colorado or work remotely, please click here for information pertaining to compensation and benefits.