Cybersecurity GRC Associate at Northern Trust

Pune, Maharashtra, India

Apply Now

Not SpecifiedCompensation

Mid-level (3 to 4 years), Senior (5 to 8 years)Experience Level

Full TimeJob Type

UnknownVisa

Financial ServicesIndustries

Requirements

Demonstrated technical expertise in Cybersecurity, SSDLC, I&AM, Third Party Risk Management, Vulnerability Management, Cloud Services, Web Application Firewall, Program Management, Developing Metrics and Reporting, Infosec Governance and Risk Management, Access Controls, AppSec, Cryptography, Security Architecture and Compliance
In-depth understanding and experiences of information security, IT regulatory/statutory compliance, IT audit and/or IT risk management principles and infosec
In-depth understanding of IT risk assessments and control testing
Experiences of GRC systems (e.g., ServiceNow) preferred
Experience in automation and data analytics preferred
Strong collaboration and relationship management skills

Responsibilities

Ensure compliance with Technology related regulatory / statutory requirements
Work closely with IT directors and Control Officers on IPTs, Controls automation and monitoring
Coordinate both internal and external audit engagements, facilitate evidence gathering requirements, ongoing vetting of issues identified by Internal Audit with Control Owners including appropriate action plans and remediation / milestone dates
Advise on how to apply and interpret standards and controls, considering threats, risks, trends across the organization, and compensating controls
Support risk assessment activities serving as a subject matter expert on understanding the risk and providing support in elevating the risk treatment for approval
Support the Issue Management process – Audit | Regulatory | Self-identified. Review the management action plan proposed by the accountable/responsible technology owner. Challenge and provide advice on audit remediation plans. Facilitate discussion of Technology accountable audit issues at the Issue Remediation Council
Leverage automation and analytics to build state of the art control testing and continuous control monitoring platform
Manage execution of risk and control self-assessments, identification and evaluation of inherent risks, control strength and residual risks of key IT controls, and success execution of risk-based control testing program
Work with other leaders within Northern Trust’s technology management and three lines of defenses to assist in timely addressing control gaps, identifying potential opportunities for improvement, and advising on info security control designs for large complex programs (e.g., cloud, API, third-party vendor oversight, data governance)
Influence behaviors to reduce risk and foster a strong technology risk management culture throughout the enterprise
Support the day-to-day operations of the APAC Infosec and Governance Oversight team and working with risk and control teams in other global sites to establish and maintain a highly effective IT control environment
Coordinate Cybersecurity program efforts across all the business units and countries in the region, and education on cybersecurity awareness including audit engagement