The Business Information Security Consultant (BISC) will help ensure that Enterprise Information Risk and Cyber-security department policies and teams are able to effectively respond to industry regulators. The BISC will also assist Northwestern Mutual subsidiaries respond to regulator's requests for information and examinations. This role provides regulatory support as well as risk management consultation. This includes but is not limited to responding to regulatory inquiries, conducting risk assessments, evaluating regulatory preparedness, assisting with board and committee presentations and facilitating cross department initiatives.
Role Responsibilities:
The key responsibilities of the role are as follows:
*Develops an understanding of business goals and re-frames risk discussions in business terms
*Consults with business partners regarding information security program to drive good risk decisions
*Professionally engages technology leadership in conversations that effectively communicate compliance needs
*Keeps up to date on emerging technology, security and privacy trends and solutions
*Is able to keep department up to date on regulatory changes and how these changes may affect the teams
*Is able to evaluate, understand, and communicate the full risk landscape
*Organizes and creates knowledge base documentation allowing for proactive data collection and faster regulatory responses
*Coordinate and deliver regulatory responses
*Lead regulatory readiness assessments
*Assist with preparation of board level materials as it relates to information protection, information risk and privacy
*Participate in business information protection risk assessments
Evaluation Criteria:
Candidates will be evaluated based on their ability to demonstrate a proven track record of proficiency at the following competencies:
*Ability to develop a full and deep understanding of the business operations and regulatory expectations
*Developed understanding of how business initiatives create value and risk for organizations
*Strong ability to convey complex information risk and security issues in a manner that is easily understood and actionable and constructively challenges prevailing thoughts and processes
*Able to consistently, effectively defend ideas and solutions
*Strong understanding of the information risk management process
*Able to effectively analyze risk within the context of business problems
*Proven ability to influence without authority
*High level of organization and project management skills
Education & Experience:
Candidates will be evaluated primarily upon their ability to demonstrate the competencies required to be successful in the role, as described above. For reference, the typical work experience and educational background of candidates in this role are as follows:
*2-3 years of experience working in either information risk management or a regulated business line
*Strong business acumen with broad understanding of the regulatory environment as it relates to information protection, cyber-security and/or privacy
This job is not covered by the existing Collective Bargaining Agreement.
Grow your career with a best-in-class company that puts our client's interests at the center of all we do. Get started now!We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.