Manager, Cybersecurity and Technology Risk Reporting

This role is for the Head of the Cybersecurity and Technology Risk Reporting for the 2nd Line of Defense. This includes leading the measurement and reporting of technology and cybersecurity risk to include aggregate risk, concentration risk, risk escalation and attack surface risk reporting for senior management, the Board, and regulators. It also is leading the governance and challenge for reporting in the 1st line of defense Cybersecurity and Risk teams. We are looking for a transformational leader who can move us from static metric reporting to automated on demand reporting for our business leadership to understand the risk in their business and across our global enterprise.

Major Duties

• Drive a comprehensive cybersecurity and tech risk metrics reporting program to include governance of reporting for 1st and 2nd line of defense. This includes oversight and challenge to quality of metrics, data lineage, change management, and escalation criteria
• Mature our current risk reporting dashboards to include developing transition plans for metrics to be owned and reported by 1st line of defense. Also requires working closely with metric and data owners to identify areas of opportunity for improvements and driving those changes through the governance processes on a quarterly basis.
• Develop automated reporting mechanisms to move from powerpoint reporting to an on demand dashboard capability for different levels of leadership and risk reporting. Build the infrastructure required for optimal extraction, transformation, and loading of data from a wide variety of data sources
• Responsible for assessing Information Security and Cyber Risk theme appetite and profile reporting on a quarterly basis and reporting though our current dashboard quantitative and qualitative measures for the risk inventory and control objectives for the theme. This reporting informs executive leadership and the Board of cyber and technology risks impacting or having the potential to impact our business
• On an annual basis, lead the assessment of our theme risk appetite and risk profile to include the risk inventory and control objectives aligned with our theme. This will include evaluation of all data points, trends, and identification of areas of risk exposure for the company
• Responsible for monitoring, testing, reviewing, and challenging 1st line cyber and tech risk metrics including implementation of a feedback loop concerning risk treatment
• Develop operational processes for implementation of the 2nd line of defense reporting program
• Develop the standard for governing cyber and tech risk reporting to include work with individuals to determine action plans to remediate identified risks
• Leader of 2nd line team who also has to be able to influence leadership across all lines of defense

Qualifications - External

Knowledge/Skills

• Combined experience in cybersecurity and technology risk domains with a focus on risk reporting
• Demonstrated leadership experience both as a people leader but also ability to influence without authority
• Experience working across lines of defense, particularly as it relates to cyber and tech risk reporting
• Experience developing and maturing cyber and tech risk metrics to meet global regulatory requirements to include data lineage and change management governance
• Experience working with Microsoft Office products: Extensive skills within PowerPoint, Excel, and Word are a must. Experience with PowerBI and Tableau is a plus
• An understanding of Data Analytic processes or principles in order to aggregate and analyze trends within the metrics
• Understanding of cybersecurity and or technology risk management principles
• Understanding of Financial Services industry regulations across US, EMEA, and APAC regions, specifically those set forth in the Federal Financial Institutional Examination Council (FFIEC) handbooks and other country specific regulatory authorities
• Awareness of industry accepted IT risk management and control frameworks such as COBIT 5, ISO 27001/27002 and NIST 800-55
• Able to effectively participate in projects and complete multiple tasks simultaneously and efficiently while maintaining a sense of urgency and attention to detail
• Strong written and verbal communication skills. Able to prepare clearly written, organized documents, reports and communications that demonstrate proper justification and support for any conclusions and assessment results and contain correct grammar, punctuation and spelling

#LI-Hybrid

• 5-7 years experience in cybersecurity, technology, or risk management

• 3 years experience in developing Cybersecurity and or Technology Risk Management Dashboards and corresponding metrics program to include Board level reporting
• Preferred current CISSP, CISA, CRISC, or similar IT certifications
• Experience with assessing IT related processes such as system and information security, system development and change management, computer operations and data protection.
• Bachelor's degree in Management Information Systems, Computer Science, Data Science, or a related discipline or equivalent work experience is a plus

About Northern Trust:

Northern Trust provides innovative financial services and guidance to corporations, institutions and affluent families and individuals globally. With more than 130 years of financial experience and over 20,000 partners, we serve the world's most sophisticated clients using leading technology and exceptional service.

Working with Us:

As a Northern Trust partner, you will be part of a flexible and collaborative work culture, which has a strong history of financial strength and stability. Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company that is committed to strengthening the communities we serve!

We'd love to learn more about how your interests and experience could be a fit with one of America's best banks and most sustainable companies! Build your career with us and apply today.