Skip to content

Senior Risk Management Consultant

At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.

The Sr. Risk Management Consultant serves as the key third-party information and technology risk advisor, working to optimize and balance risks and controls.

You will: handle information risk outcomes; develop and maintain relationships with business leaders and risk partners; ensure processes and controls are aligned with established information risk strategy, accountable for calling out information risk issues and balancing business needs with information risk implications, to foster a business environment that effectively runs information risk; resolve raised information risk issues related to information protection policies, standards, processes and controls; handle overall results of multiple projects within the information risk program (including accountability for defining and managing scope, schedule, cost, and quality); communicate project status to partners; ensure compliance with Company-approved risk management methodology.

Lead, coach, and mentor NM staff on EIRC's information risk management approach to ensure consistency and quality. You hold yourself to a high standard, proactively working to improve industry knowledge.

  • Responsible for the advancement of the information risk strategy to foster a business environment that effectively manages information risk. Communicates the information risk strategy with business clients, Tech function, vendors, field, and senior management to ensure common understanding and acceptance.
  • Manages overall results of multiple projects within the information risk program including accountability for defining and managing scope, schedule, cost, and quality. Communicates' project status to appropriate partners. Ensures compliance with company approved methodology and required work you're doing and applies lessons learned throughout subsequent project phases.
  • Maintains relationships with business clients and gains broad knowledge of their business. Ensures expectations are managed and that clients gain a full grasp of information risks and controls, and the impact on their business.
  • Maintains deep understanding of information technology risks associated with third parties that provide technologies, processes, capabilities, and services to NM.
  • Leads execution of IT risk assessments of third-party IT control environments, IT products, and IT services to identify and evaluate potential risks to NM, and collaborate with business partners to drive remediation of identified risks or issues.
  • Conducts regular monitoring of third-party IT risks, coordinates periodic IT risk reviews with business partners including NM subsidiaries, and establishes IT risk appetite and tolerances for third party IT risks across the enterprise.
  • Responsible for educating, mentor, and guiding leaders across the company on information risk. Understands both the business and technical implications of information risk and advises on appropriate investment decisions.
  • Accountable for the resolution of brought up information risk issues related to information protection policies, standards, processes and controls; information protection awareness and training program; noncompliance issues and security incidents in order to effectively balance the needs of the business with the associated risks.

Bring your best! What this role needs:

  • Minimum of two years of experience leading sophisticated projects or developing, influencing, and recommending business strategies.
  • Identify and resolve critical and sophisticated issues through effective problem solving skills.
  • Ability to deal with ambiguity.
  • Demonstrable ability to maintain and strengthen relationships; ability to effectively influence and negotiate with internal and external partners; and proven organizational savvy with demonstrated tact and diplomacy.
  • Ability to communicate in both business and technical terminology based on the situation and the audience.
  • Solid experience applying industry-standard frameworks (e.g., NIST Cyber Security Framework, ISO 27002, COBIT)
  • Solid experience in one of the following: third-party IT risk assessment, IT governance, IT risk management, IT compliance, or internal audit, and IT general controls.
  • Solid ability to lead teams and build consensus around sophisticated technical and business decisions.

Desired Skills

Certified in Risk and Information Systems Control (CRISC), Certified Third Party Risk Assessor (CTPRA), Certified Third Party Risk Professional (CTPRP), Certified Information Systems Auditor (CISA), or Certified Information Systems Security Professional (CISSP)

Our Benefits!

  • Highly competitive compensation, including annual bonus opportunities
  • Medical/Dental/Vision plans, pension program
  • Tuition reimbursement, commuter plans, and paid time off
  • Extensive Professional Training Opportunities
  • Excellent Work/Life Balance
  • Hackathons/Dedication to Innovation

If you feel comfortable carrying out the job responsibilities, even if your qualifications don’t exactly match our list here, we encourage you to apply!


Grow your career with a best-in-class company that puts our client’s interests at the center of all we do. Get started now!

W e are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.

If you work or would be working in Colorado or outside of a Corporate location, please click here for information pertaining to compensation and benefits.


We’re excited about the potential people bring to Northwestern Mutual. You can grow your career here while enjoying first-class perks, benefits, and commitment to diversity and inclusion.