Lead, Technology Risk and Controls

Northern Trust Technology Risk & Control function is responsible for enabling Global Information Technology to build a strong 1st Line of Defense, foster a control aware culture, deliver compliant and secure technology capabilities, protect customers, and meet regulatory requirements.
This Lead role is part of the Risk and Control Governance Team, responsible for overseeing risk treatment for the global technology and information security department, maintaining and driving the control standards that dictate minimum requirements in line with regulatory and industry expectations, and supporting the broader Technology Risk and Control team in their engagement with these processes.
You will be part of a dedicated, outstanding, and growing team that focuses on promoting control awareness and properly managing risks within the global information technology organization.
Responsibilities, including but not limited to

1. Lead the Technology Risk Treatment process by coordinating with Control Officers and control owners to identify, assess, and manage enterprise risks
2. Author thorough, well-informed, and thoughtful risk assessments to inform senior leadership and assist them in risk treatment decisions
3. Drive the upkeep, ongoing support, and continuous improvement of the Technology Control Standards
4. Partner with relevant teams to increase awareness and adherence to standards in more efficient ways (e.g., automation)
5. Organize and facilitate ongoing risk treatment leadership meetings, ensuring efficiency and clarity
6. Proactively identify opportunities to improve team processes and knowledgebase, and lead efforts to implement
7. Influence behaviors to reduce risk and foster a strong technology risk management culture throughout the enterprise

• Extensive knowledge of and experience with technology and security risks, controls, and related topics
• Advanced knowledge of risk treatment methodologies and approaches (e.g., risk assessment, control effectiveness, etc.), and experience executing and leading associated activities
• Excellent written and verbal communication skills, with high attention to detail
• Strong project management / organizational skills
• Proficiency in preparing documents for review and presentation to management and leadership
• Extensive exposure to various technology regulatory and industry frameworks/standards (NIST, ISO, FFIEC, etc.), and experience using them to guide risk management and control activities
• Knowledge and experience with an enterprise GRC system (e.g., ServiceNow)
• Strong collaboration and relationship management skills, preferably including experience with executive-level management
• Motivated, driven leader, with an eye towards identifying and process enhancements and seeing them through to implementation

Experience

• Bachelor's Degree in Information Systems or related discipline
• 7+ years' experience in Risk Management, Audit, Information Security, or Technology
• "Big Four" consulting experience a plus