This individual’s primary day to day responsibility will assist with tasks to be used in support of monitoring risks associated with Technology Availability and IT Resiliency initiatives including management reporting and trend analysis.
In particular, this individual will have a role in the identification, assessment and reporting of Information Technologyrisk and shared responsibility for execution of tasks associated with one or more key practice areas defined in the TechnologyRisk Management Program.
Position is an independent contributor and will work closely with peers and manager on assisting with strategic Information TechnologyRisk projects as assigned.
1. Define and identify risks associated with the use of or dependence on technology for internal systems and hosted external systems.
2. Provides feedback on Information TechnologyRisk programs to ensure relevant industry regulations, standards and compliance requirements are met.
3. Produce meaningful, measured metrics for the purposes of monitoring IT Risk.
4. Review and assess controls through established frameworks.
5. Actively participate in Post Incident Assessment reviews relating to Information Technology incidents.
6. Work with individuals to determine root cause for incidents and associated action plans to remediate identified risks.
7. Complete peer reviews of risk assessment or other test results and findings within the team as assigned
8. Document and report findings and remediation plans to management.
9. Collaborate with Information Security, Privacy, and Enterprise Risk Management teams to provide continuous improvement to Information Security and TechnologyRisk Policies and frameworks.
10. Provide consulting to the business on IT Risk.
11. Provide support and sponsorship for strategically important projects related to information technologyrisk management. Assist with plans for these project deliverables, goals and milestones.
12. Remain informed on trends and issues in the technology industry, including current and emerging technologies. Advise, counsel, and educate team members and other peers on their relative importance.
Minimum of 5years of level 2 application or infrastructuresupport duties within an IT department or organization. ITIL certification is preferred.
Minimum of 3years audit or IT risk management experience. Preferred: Current CISA, CRISC, or similar IT certifications. Bachelor’s degree in Accounting, Finance, Information Technology, Management Information Systems, Computer Science or a related discipline.
Understanding of information security, IT audit and IT risk management principles. Moderate experience with assessing IT related processes such as system development, Change & Incident Management, and Problem Management.
Awareness of Financial Services industry regulations, specifically those set forth in the Federal Financial Institutional Examination Council (FFIEC) handbooks and other country specific regulatory authorities.
Awareness of industry accepted IT risk management and control frameworks such as COBIT 5, ISO27001/27002 and NIST 800-53.
Demonstrated ability to work well in both an individual contributor and team capacity, in particular multi-national teams.
Able to effectively participate in projects and complete multiple tasks simultaneously and efficiently while maintaining a sense of urgency and attention to detail.
Strong written and verbal communication skills. Able to prepare clearly written, organized documents, reports and communications that demonstrate proper justification and support for any conclusions and assessment results and contain correct grammar, punctuation and spelling.
Proficient with generating management reports using Excel.
Able to interact in a professional manner and develop relationships with individuals and teams at any level in Northern Trust or third party service provider.