AD Regulatory Readiness and Response
Vacancy expired!
At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference. We, on Northwestern Mutual's Regulatory Compliance team are searching for an Assistant Director of Regulatory Response and Readiness to join us in a full time employment opportunity!The Regulatory Response and Readiness AD leader functions as the central information security advocate and the experienced advisor for Technology to prepare for all regulatory responses and ensure readiness across Technology. Provide an accurate and consistent information protection message across the company to build alignment and ensure compliance. Responsible for the annual required Information Protection Program report required for NM and subsidiaries.Scale/Scope:
- Serves as an Information Security SME on compliance and regulatory matters and participates in the development, implementation and maintenance of information security for the Info Protection Program across the enterprise.
- Provides guidance and advocacy, to EIRC leadership, regarding the regulatory priorities and strategy that impact information security program.
- Prepare executive/risk oversight Committee Cybersecurity metrics and key risk indicators.
- Advises management on risk issues related to information security and recommends actions in support of the wider risk management and compliance and regulatory programs.
- Monitors information security trends internal and external and keeps leadership advised on all things information security-related.
- Ensures compliance with policies and laws.
- Oversight of findings management activities for findings relating to information security (audit, regulator, self-identified, etc.) focused on compliance and regulatory across the enterprise.
- Serve as main point of contact for all technology and information security regulatory response.
- Assist with ensuring consistency to InfoSec policies, standards and procedures. Advise on alternatives, such as compensating controls, to resolve issues and exceptions.
- Drives annual regulatory readiness and response risk work.
- Collaborates with risk partners on information security critical priorities.
- Participates in senior specific Risk Management & Business Continuity Routines.
- Participates on the IRM leadership team assuring that enterprise priorities are influenced by information security needs.
- Drive EIRC information protection strategy and initiatives through assigned NM and other areas.
- Has a deep understanding of cyber security trends and technology, and how they impact and support operations.
- Builds strong Partner relationships with peer technology groups.
- Drives required risk culture and partnership with technology teams.
- Participates in key operating routines to drive information security risk strategy.
- Drives understanding in the Information Protection Program of strategic needs and strategy.
- Bachelor's and/or Master's degree with an emphasis in Computer Science, Computer Engineering, Software Engineering, MIS or related field; or related work experience beyond the minimum required.
- One or more advanced risk, security, or privacy certifications (e.g. CISSP, CRISC, IAPP, CISM, CCSP, FAIR).
- Information Security & Technology professional with 6+ years' experience.
- 3+ years of risk management experience with validated ability to effectively apply risk principles to challenging business situations.
- Solid grasp of industry security requirements and standards (ISO, NIST, COBIT, COSO, ITIL, GLBA, PCI, FFIEC, etc.).
- Domain expertise across risk management, information security, regulatory compliance, or LOB functionality.
- Experience evaluating cyber security controls and providing guidance for platform or distributed computing platforms.
- Strong executive presentation and interpersonal skills.
- Strong influencing and problem resolution skills.
- Ability to be comfortable delivering messages across a wide spectrum of individuals having varying degrees of technical understanding.
- Ability to run multiple sophisticated priorities and competing agendas without express authority over delivery teams.
- Strong leadership skills and qualities which enable you to work with peers and various levels of management.
- General understanding of technical security solutions and practices.
- Leads projects with notable risk and complexity; develops the strategy for project execution.
- Leads others to tackle complex problems; uses sophisticated analytical thought to exercise judgement and identify innovative solutions.
- Impacts the direction and resource allocation for program, project or services; works within general department policies and industry guidelines.
- Negotiates with senior management, customers, regulators or vendors to influence decisions.
- Tuition reimbursement, commuter plans, and paid time off
- Highly competitive compensation that include base salary plus bonus
- Medical/Dental/Vision plans, 401(k), pension program, and more!
Vacancy expired!