Skip to content

Risk Engineering Specialist

At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.

What’s the role?

As a Risk Engineering Specialist, your job is to partner with the both the business and engineering organizations to assist them with information protection, cyber-security, and privacy related risks. This includes helping them navigate through the various risk and cyber security assessment processes, prioritization and establishment of plans to address findings, generating threat models, mitigating security vulnerabilities and participating in risk treatment conversations in various stages of the development lifecycle.    

As a Risk Engineering Specialist, you will report into the Risk Engineering function and act as a liaison for the centralized Information Protection and Cyber Security department.  Your role will be that of an embedded team member for a set portfolio of applications.  You will be under the guidance of a Risk Engineering Leader, in a team with experienced Risk Engineers to help you learn and navigate the processes and tools that Northwestern Mutual leverages as well as support you in career growth.

Must Haves:

Candidate will have a strong appreciation and skill in partnering with leaders as well as developers, ability to understand, follow risk management processes, practices and documentation needs, ability to balance risk issues with business priorities to drive mutually agreeable timelines for remediation, a basic technical understanding of cloud, application security tools and application vulnerabilities. Desire and commitment to achieve risk and security certifications within the first two years of hire that may include (CRISC, CCSP, CISSP, CEH, or equivalent). 1-3 years of experience preferred.

Under the direction of a Risk Engineering Lead, your general milestones are the following:

  • Within the first one (1) month, be able to jump head-first into getting to know the business and engineering teams with the goal of understanding what their business priorities are, how they work and function as a team to best integrate security tasks and what applications / systems they manage and support.

  • Within two (2) months, be able to understand the highest risk applications in their space, status of the application’s Authorization to Operate, when the last penetration testing assessment was completed, and have a comprehensive list of outstanding findings, security vulnerabilities and other risk management concerns.

  • Within four (4) months, have a foundational understanding of the various risk management processes, how to engage in them and what documentation is required to complete them. At this time, the individual will have a plan for learning and development to be fully engaged in those processes and helping teams complete all necessary activities. 

  • Within six (6) months obtain a high-level understanding the entire space from an information protection and cyber security perspective and be a point person if the area has questions or concerns, is engaged early in the process when new efforts (large development changes or vendor evaluations) are underway, participate in information protection and cyber security efforts through completion working with a mentor or lead.  

  • Within twelve (12) months, demonstrate sustainability of assessments, findings, vulnerabilities through various dashboards and metrics. Be familiar with and how to leverage control patterns to help other areas manage risks in a consistent and repeatable manner.  Review additional application security learning needs, such as code reviews, application and infrastructure vulnerabilities and securing CI/CD pipelines. Develop a plan to achieve desired risk and security certifications.  

Technical skills:

  • Amazon Web Services (AWS) Cloud

  • Microservice / Micro-architectures

  • Experience with automation tools or coding/scripting (i.e. Ansible, Terraform, Python, Java/JavaScript, PowerShell)

  • Architecture Diagrams / Data Flow Diagrams / Threat Models

  • Application Security – SAST, DAST, Continuous Delivery / Continuous Integrations

  • Risk Management (Identity and Access, Data Encryption, Incident Response, Logging and Monitoring, Vulnerability Management)

  • Familiarity with NIST, OWASP, security maturity frameworks (i.e. OpenSAMM, BSIMM), secure software development lifecycle, cyber security regulations, GRC tools

Bring Your Best! What this role needs:

  • Proven results of completing assigned tasks on-time with a high-level of quality

  • Continuously improve by collecting and responding to feedback and metrics

  • Proactively learn emerging platforms and related technology

  • Ability to partner and solve routine technical and security issues

  • Can move quickly. Everyone here is incredibly kind and extremely willing to share knowledge and a helping hand, but you have to be willing to take ownership of the outlined goals and make things happen


  • Whip-smart team that is very friendly and always willing to lend a hand

  • Tons of room for career growth, learning and development

  • Highly competitive salary

  • Amazing Benefits


This job is not covered by the existing Collective Bargaining Agreement.

Required Certifications:

Grow your career with a best-in-class company that puts our client’s interests at the center of all we do. Get started now! 

We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.


We’re excited about the potential people bring to Northwestern Mutual. You can grow your career here while enjoying first-class perks, benefits, and commitment to diversity and inclusion.