Skip to content

Security Assessment Consultant (Remote)

At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.

At Northwestern Mutual, we believe relationships are built on trust. That our lives and our work matter. These beliefs launched our company over 160 years ago. Today, they're just a few of the reasons why people choose to build careers at Northwestern Mutual.

We're strong and growing. In a company with such a long and storied history, this may be the most exciting and meaningful time to be a part of Northwestern Mutual. We're strong, innovative and growing.

We invest in our people. We provide opportunities for employees to grow themselves, their career and in turn, our business.

We care. We make a positive difference in our communities. Nationally, thousands have benefitted from our support of research and programs to fight childhood cancer. Each year, our Foundation, employees and financial representatives donate time, talent and financial support to causes they're passionate about.

We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.

What's the role?

Primary Duties and Responsibilities

  • Define, operate, and improve processes to provide initial and ongoing monitoring assessment control coverage and efficiency to ensure compliance with information protection policies and standards.
  • Analyze, Assess and evaluate sophisticated processes and controls to resolve compliance with information protection policies and standards and ensure effective management of operational processes.
  • Consult and advise on large, sophisticated, and ambiguous efforts on the appropriate design of information protection controls and control monitoring to follow information protection policies and standards and demonstrate ongoing compliance with information protection policies and standards.
  • Coordinate the resolution of inter-connected issues and/or solution work-around with multi-functional teams. Negotiates and communicates with business clients, vendors, field members and leadership to develop positive relationships to ensure business objectives are addressed and expectations are handled.
  • Provide domain expertise for the information security assessment program which may include: evaluating vendor security, advising on purchase and investment decisions, establishing appropriate monitoring of information protection controls, evaluating operational efficiency of information protection controls, system testing and evaluating noncompliance issues.
  • Define and operate processes to document, report, and lead findings\issues, exceptions to standards, and identified gaps to ensure that appropriate action plans are built and implemented to remediate deficiencies.
  • Lead, coach, and mentor embedded Vendor Information team members, risk engineers and other staff members on aspects of the information security assessment program and specific processes in order to ensure behaviors and outcomes that support information protection, privacy, and data security, and drive consistency, quality and efficiency of deliverables.
  • Develop plans to support departmental and corporate strategy.
  • Provide information and analysis relating to key reports and performance indicators to support operational business process and future improvements.

Qualifications

  • Bachelor’s degree with an emphasis in Computer Science, Computer Engineering, Software Engineering, MIS or related field; or related work experience beyond the minimum required.
  • One or more sophisticated risk or security certifications (e.g. CISSP, CRISC, CISA, CISM, CCSP, FAIR).
  • 4+ years of professional experience required focused within information systems or systems audit with a demonstrated knowledge in technologies and processes.
  • Demonstrable ability to craft and implement IT general controls.
  • Ability to assess designs for security & control gaps and recommend remediation approaches.
  • Demonstrated flexibility to adjust to changing business needs by effectively leading and prioritizing large or sophisticated concurrent assignments
  • Demonstrated ability to lead, coach and mentor other staff members.
  • Solid ability to independently identify and resolve critical and sophisticated issues through effective problem-solving skills.
  • Good ability to maintain and strengthen relationships; ability to effectively influence and negotiate with internal and external partners.
  • Demonstrable ability to negotiate strategically in difficult situations with both internal and external groups
  • Shown interpersonal savvy with proven tact and subtlety.
  • Proven track record in taking care of ambiguity.
  • Assessment experience (Security, Risk, Vendor, Compliance, etc.)
  • Ability to recommend mitigating controls for various security gaps.
  • Knowledge of NIST framework
  • Data Privacy (GDPR, CCPA etc.) experience desired
  • Experience with Microsoft Office & “Governance, Risk, Compliance” tools (aka GRC tools such as ServiceNow) desired.

#LI-POST

Grow your career with a best-in-class company that puts our client’s interests at the center of all we do. Get started now!

W e are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.

If you work or would be working in Colorado or outside of a Corporate location, please click here for information pertaining to compensation and benefits.


FIND YOUR FUTURE

We’re excited about the potential people bring to Northwestern Mutual. You can grow your career here while enjoying first-class perks, benefits, and commitment to diversity and inclusion.