At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.
This role is responsible for the timely execution of detailed design, construction and operation of security infrastructure and controls necessary to protect Northwestern Mutual’s information and technology assets, brand and reputation. This position provides direction and guidance to a team of senior directors and technical specialists responsible for the evaluation of data security risks and for the development processes necessary to close any security threats, gaps or vulnerabilities.
- Collaborates with technology organizations and business areas to understand security strategy, privacy implications and associated security requirements and ensures that the necessary capacity is available across appropriate teams to address those requirements rapidly.
- Actively assures appropriate administrative, physical and technical safeguards are in place to protect Northwestern Mutual’s information assets from internal and external threats. Accomplishes this through detailed design, development, configuration and deployment of infrastructure and associated operational management assets (people, process, information, budget, etc.) across the various groups within EIRC.
- Identifies, introduces and implements appropriate procedures, including checks and balances, to test these safeguards on a regular basis
- Evaluates and recommends new information security technologies and counter-measures to protect against threats to information or privacy.
- Leads and drives cyber-attack incident handling, breach activity, investigations and related expectations for the CISO and senior leadership.
- Collaborates with technology, risk management and business organizations to integrate security into existing operational capabilities.
- Participates in strategic planning for major business initiatives and information and technology security strategy and plans
- Drives and participates in the necessary communication, alignment and decision making for security issues within and external to Northwestern Mutual and subsidiaries to achieve strategic security goals
- Oversees, coordinates and drives ongoing security operations and continuous improvements for;
- Security controls and secure configurations
- Continuous systems and controls monitoring and control failure remediation
- Security event management, response and recovery
- Security testing for network and applications (penetration testing)
- Threat identification, classification and evaluation
- Vulnerability and patch management
- Security asset portfolio management
- Security infrastructure and controls support and upgrades
- Management, dissemination and reporting for operational security information and metrics
- Threat hunting, red team, blue team and purple team efforts
- Be a role model for Northwestern Mutual’s organizational culture by creating a positive impact at every touchpoint with people, with every word you say or put in print and everything you do
- Articulate risk and threat based data to non-technical audiences while having the expertise to dive deep enough into the technologies to drive outcomes, support the Cybersecurity team and question/confirm directional efforts toward appropriate, risk based outcomes.
- Effectively partner with other senior leaders in building rapport, establishing credibility, determining dependencies, discussing risk based tradeoffs, etc. while maintaining professional demeanor and decorum
- Provide technical and business leadership, guidance and oversight towards:
- Cybersecurity Engineering
- Detection Engineering
- Data and Network Protection
- PKI, Email & Cryptography
- Cybersecurity Operations
- Penetration Testing/Red Team
- Insider Risk
- Incident Response
- Digital Forensics
- Threat Intelligence
- Vulnerability Management
- Bachelor’s or Master’s degree in MIS, Computer Science or related discipline, or an equivalent combination of education and work experience.
- Security certifications such as CISSP, CISM, CRISC preferred.
- A minimum of 10-12 years of experience in the network/security engineering and/or security areas with at least 8 years of direct people management experience.
- Demonstrated understanding of the operational aspects of information and technology asset protection and infrastructure management
- Understanding of, and experience with IT risk management, privacy, and regulatory domains
- Exceptional ability to recruit, develop, retain and engage talent in partnership with other directors
- Proven ability to build and lead effective teams across multiple organizations
- Demonstrated abilities in analysis and decision making involving complex and ambiguous situations
- Exceptional ability to influence, negotiate and lead at peer level and above across multiple organizations
- Outstanding written and verbal communication skills, including presentation planning and delivery. Highly effective interpersonal skills with the ability to effectively interact and build trust and rapport with all levels within and outside of the organization
Grow your career with a best-in-class company that puts our client’s interests at the center of all we do. Get started now!
We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.
Req ID: 25923
Position Type: Regular Full Time
Education Experience: Master's Desired
Employment Experience: 9+ years
FLSA Status: Exempt
Posting Date: 08/19/2019