Northern Trust Corp.
Insider Threat Risk Lead
Northern Trust Corp., Chicago, Illinois, United States, 60290
About Northern Trust:
Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.
Northern Trust is proud to provide innovative financial services and guidance to the world’s most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service.
SUMMARY Reporting into the Head of Insider Threat Risk Management, the Insider Threat Risk Lead will play an essential role in maturing Northern Trust’s ability to deter, prevent, detect, and remediate insider threat activity. The Lead will conduct technical analysis of security event data and investigations into violations of company policy utilizing a broad suite of security operations tools. The Lead will utilize subject matter expertise to support Insider Risk program stakeholders, business representatives, and program initiatives.
Key Responsibilities
Develop detection rules aimed at detecting or preventing insider threat activities, within security tools such as Security Information & Event Management (SIEM), User Entity & Behavior Analytics (UEBA), Data Loss Prevention (DLP), and cloud security technologies.
Lead investigations into violations of Northern Trust’s Acceptable Use Policy and ensure all investigations comply with corporate policies and applicable regulatory frameworks.
Utilize technical skillset to conduct incident response and investigations (e.g., digital forensics, OSINT, data analysis).
Lead program initiatives including development of program documentation, tabletop exercises, threat intelligence briefs, crown jewels assessments, and standard operating procedures.
Develop and present meaningful metrics, KRIs, and KPIs to measure risks, trends, and control effectiveness.
Conduct risk assessments and controls validation testing to identify opportunities to strengthen the control environment.
Lead formal interviews pertaining to sensitive investigations.
Establish and manage close relationships with program stakeholders and business representatives.
Knowledge and Skills
Direct experience performing monitoring, tuning, and/or writing detection rules in tools such as Security Information & Event Management (SIEM), User Entity & Behavior Analytics (UEBA), Data Loss Prevention (DLP), and cloud security technologies.
Experience performing digital forensics, incident response, Open-Source Intelligence (OSINT), data analysis, and/or threat hunting.
Familiarity with script/query languages such as KQL, PowerShell, and/or Python.
Experience conducting risk assessments and/or controls validation testing.
Project or program management experience.
Formal investigative interviewing and/or report writing experience.
Familiarity with cybersecurity frameworks (e.g., NIST) and data privacy concepts.
Strong understanding of computer operating systems, networking protocols, and IT infrastructure/cloud technologies.
Demonstrated ability to work well in both an individual contributor and team capacity, with multi-national teams.
Experience
Any combination of equivalent education, experience, or training that allows you to meet the qualifications of this job.
A minimum of 5-8 years of professional experience performing in-depth security operations analysis of insider or external cyber threat activity, data loss, or related investigations.
Technical or investigative certifications such as EnCE, GCFE, CISSP, GCIH, CEH, CFE, PMP or CRISC are a plus.
Working with Us: As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas.
Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to assisting the communities we serve! Join a workplace with a greater purpose.
We’d love to learn more about how your interests and experience could be a fit with one of the world’s most admired and sustainable companies! Build your career with us and apply today. #MadeForGreater
Reasonable Accommodation Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at MyHRHelp@ntrs.com.
We hope you’re excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different things to different people.
Apply today and talk to us about your flexible working requirements and together we can achieve greater.
#J-18808-Ljbffr
Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.
Northern Trust is proud to provide innovative financial services and guidance to the world’s most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service.
SUMMARY Reporting into the Head of Insider Threat Risk Management, the Insider Threat Risk Lead will play an essential role in maturing Northern Trust’s ability to deter, prevent, detect, and remediate insider threat activity. The Lead will conduct technical analysis of security event data and investigations into violations of company policy utilizing a broad suite of security operations tools. The Lead will utilize subject matter expertise to support Insider Risk program stakeholders, business representatives, and program initiatives.
Key Responsibilities
Develop detection rules aimed at detecting or preventing insider threat activities, within security tools such as Security Information & Event Management (SIEM), User Entity & Behavior Analytics (UEBA), Data Loss Prevention (DLP), and cloud security technologies.
Lead investigations into violations of Northern Trust’s Acceptable Use Policy and ensure all investigations comply with corporate policies and applicable regulatory frameworks.
Utilize technical skillset to conduct incident response and investigations (e.g., digital forensics, OSINT, data analysis).
Lead program initiatives including development of program documentation, tabletop exercises, threat intelligence briefs, crown jewels assessments, and standard operating procedures.
Develop and present meaningful metrics, KRIs, and KPIs to measure risks, trends, and control effectiveness.
Conduct risk assessments and controls validation testing to identify opportunities to strengthen the control environment.
Lead formal interviews pertaining to sensitive investigations.
Establish and manage close relationships with program stakeholders and business representatives.
Knowledge and Skills
Direct experience performing monitoring, tuning, and/or writing detection rules in tools such as Security Information & Event Management (SIEM), User Entity & Behavior Analytics (UEBA), Data Loss Prevention (DLP), and cloud security technologies.
Experience performing digital forensics, incident response, Open-Source Intelligence (OSINT), data analysis, and/or threat hunting.
Familiarity with script/query languages such as KQL, PowerShell, and/or Python.
Experience conducting risk assessments and/or controls validation testing.
Project or program management experience.
Formal investigative interviewing and/or report writing experience.
Familiarity with cybersecurity frameworks (e.g., NIST) and data privacy concepts.
Strong understanding of computer operating systems, networking protocols, and IT infrastructure/cloud technologies.
Demonstrated ability to work well in both an individual contributor and team capacity, with multi-national teams.
Experience
Any combination of equivalent education, experience, or training that allows you to meet the qualifications of this job.
A minimum of 5-8 years of professional experience performing in-depth security operations analysis of insider or external cyber threat activity, data loss, or related investigations.
Technical or investigative certifications such as EnCE, GCFE, CISSP, GCIH, CEH, CFE, PMP or CRISC are a plus.
Working with Us: As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas.
Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to assisting the communities we serve! Join a workplace with a greater purpose.
We’d love to learn more about how your interests and experience could be a fit with one of the world’s most admired and sustainable companies! Build your career with us and apply today. #MadeForGreater
Reasonable Accommodation Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at MyHRHelp@ntrs.com.
We hope you’re excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different things to different people.
Apply today and talk to us about your flexible working requirements and together we can achieve greater.
#J-18808-Ljbffr