At Northwestern Mutual, we believe relationships are built on trust. That our lives and our work matter. These beliefs launched our company nearly 160 years ago. Today, they're just a few of the reasons why people choose to build careers at Northwestern Mutual.
We're strong and growing. In a company with such a long and storied history, this may be the most exciting and important time to be a part of Northwestern Mutual. We're strong, innovative and growing.
We invest in our people. We provide opportunities for employees to grow themselves, their career and in turn, our business.
We care. We make a positive difference in our communities. Nationally, thousands have benefitted from our support of research and programs to fight childhood cancer. Each year, our Foundation, employees and financial representatives donate time, talent and financialsupport to causes they're passionate about.
We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.
The Controls Assurance Consultant is responsible for establishing, maturing, and operating a controls assurance capability to evaluate, monitor and report on the coverage and effectiveness of information protection processes and controls. Will partner with control owners and other enterprise stakeholders to assure alignment of control development, management practices and processes. Responsible for identifying, evaluating and reporting on information and technology risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.
PRINCIPAL ACCOUNTABILITIES: (List in order of importance)
- Accountable for managing and maturing the framework and processes for control owners to conduct control assessments, monitor operation of controls, and report results
- Accountable for planning and conducting control assessments for select controls – evaluate effectiveness and coverage, document and report results, and verify results of deficiency remediation.
- Accountable for designing and operating continuous control monitoring for select controls – continuous monitoring and reporting of control effectiveness and coverage.
- Responsible for consulting and advising on the design and evaluation of processes and controls to comply to information protection policies and standards.
- Accountable for providing subject matter expertise for the information risk management program which may include: creation of information protection policies and standards, information protection awareness and training program, evaluating noncompliance issues and appropriate investment decisions.
- Accountable for assessing and evaluating deviations to information protection policies and standards to balance risk and controls.
- Accountable for recommending action plans to support departmental and corporate strategy.
- Responsible for multiplying controls assurance talent by coaching and mentoring other risk management professionals and creating reusable controls assurance programs
- Five or more years experience in an auditing, compliance, technology; or related work experience
- Demonstrated knowledge in technologies and controls
- Proven ability to design and assess IT general controls
- Strong ability to independently identify and resolve critical and complex issues through effective problem-solving skills
- Strong ability to maintain and strengthen relationships; ability to effectively influence and negotiate with internal and external partners, within all levels of the organization
- Proven organizational savvy with demonstrated tact and diplomacy
- Proven ability to manage multiple priorities and the ability to deal with ambiguity
- Proven business and technical communication skills; ability to communicate in both business and technical terminology based on the situation and the audience.
- Experience monitoring systems and controls
- Strong understanding of information and technology risks
- Strong understanding of risk management frameworks
- Experience working in a highly regulated industry
- Experience with Lean-Agile methodologies such as Scaled Agile Framework
- Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), or Certified Information Security Manager (CISM)
Req ID: 24937
Position Type: Regular Full Time
Education Experience: Bachelor's Desired
Employment Experience: 6-8 years
Licenses/Certifications: Not Applicable
FLSA Status: Exempt
Posting Date: 03/25/2019