At Northwestern Mutual, we are strong, innovative and growing. We invest in our people. We care and make a positive difference.
The Risk Engineer role is designed to be a liaison with the various risk partners at Northwestern Mutual. In addition to performing their standard duties, this role helps ensure the business is aware of risk encountered by their area, the impact it has on their area or the organization and who is responsible for driving the necessary work within their areas to appropriately address the risk (avoidance, acceptance, remediation). Overall, this role is entrusted to drive risk-aware design and behaviors.
This opportunity is an excellent way to support the technology teams that are passionate about delivering data and decision-making solutions to the investment professionals who manage Northwestern Mutual’s $282 billion general account. The general account is invested across various public and private fixed income and equity asset classes with the goal of generating superior risk-adjusted returns while preserving the company's exceptional financial strength. This time-tested strategy fundamentally supports Northwestern Mutual's best-in-class product value and ability to deliver lifelong financial security to its policyowners and clients.
You will be a part of a key transformational initiative aiming to reimagine the investment lifecycle and deliver modern solutions to enhance the investment decision making process. You will participate in realizing the technology for both operational and analytical use cases and will have a visible impact on building a brand-new digital platform for Managed Investments. If you are looking for an opportunity to build the future and play an active role in a strategic area of our company, this is an opportunity for you!
Primary Duties & Responsibilities
- Accountable for consulting and advising on large and complex effort on the appropriate design of information protection controls and control monitoring to comply with information protection policies and standards and demonstrate ongoing compliance with information protection policies and standards.
- Accountable for operating processes to document, report, and manage findings, exceptions to standards, and identified risks to ensure that appropriate action plans are created and executed to remediate gaps, deficiencies, and risks.
- Accountable for assessing and evaluating complex processes and controls to determine compliance with information protection policies and standards and ensure effective management of risk.
- Accountable for providing subject matter expertise for the information risk management which may include evaluating vendor security and risk posture, advising on purchase and investment decisions, establishing appropriate monitoring of information protection controls, evaluating operational effectiveness of information protection controls, and evaluating noncompliance issues.
- Act as liaison for all risk partners to assure compliance with company standards
- Coordinate activities between product team(s) and risk and security partners
- Educate team on risks that need to be addressed as part of product design
- Work closely with risk partners to implement appropriate processes and controls to align with documented policies
- Document decisions during design and implementation of processes and controls
- Facilitate risk profile creation, gather information, and act as a central point of contact to assure that requirements have been implemented properly
- Manage findings for product team(s) in their area, according to the finding’s workflow process
- Facilitate risk escalations
- Review and monitor risk profiles and implemented controls after Production deployment to assure control effectiveness
- Work with a program lead to facilitate the “Authorization to Operate” process
- Provide feedback on the risk policies and processes
- Identify and document changes to products, services, roles, and architecture in their area
- Maintain current asset inventory and product risk profile for products in their area
- Appropriately tag code in repositories
- Bachelor's degree with an emphasis in MIS, Business, or related field; or related work experience beyond the minimum required
- Three or more years of experience in information systems or systems audit with a demonstrated knowledge in technologies and processes
- Risk Certifications a plus (CISSP, CRISC, other Risk Management certifications)
- Ability to assess and implement IT general controls desired
- Passion to assure risk decisions are disciplined and transparently made
- Acts with integrity and trustworthiness
- Readiness to learn
- Demonstrated flexibility to adjust to changing business needs by effectively managing and prioritizing concurrent assignments
- Demonstrated ability to independently identify and resolve critical issues through effective problem-solving skills
- Strong ability to develop and leverage relationships.
- Ability to effectively influence and negotiate with internal and external partners
- Excellent communication skills focused on facilitation of meetings.
- Ability to deliver informative, well-organized documentation and ability to effectively communicate in difficult and/or sensitive situations
This job is not covered by the existing Collective Bargaining Agreement.
Grow your career with a best-in-class company that puts our client’s interests at the center of all we do. Get started now!
We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.
FIND YOUR FUTURE
We’re excited about the potential people bring to Northwestern Mutual. You can grow your career here while enjoying first-class perks, benefits, and commitment to diversity and inclusion.
Flexible work schedules
Employee resource groups