Search Our Career Opportunities

VP Information Risk Management and Privacy

Date: Jan 17, 2019

Location: Milwaukee, WI, 53202

At Northwestern Mutual, we believe relationships are built on trust. That our lives and our work matter. These beliefs launched our company nearly 160 years ago. Today, they're just a few of the reasons why people choose to build careers at Northwestern Mutual.

We're strong and growing. In a company with such a long and storied history, this may be the most exciting and important time to be a part of Northwestern Mutual. We're strong, innovative and growing.

We invest in our people. We provide opportunities for employees to grow themselves, their career and in turn, our business.

We care.  We make a positive difference in our communities. Nationally, thousands have benefitted from our support of research and programs to fight childhood cancer. Each year, our Foundation, employees and financial representatives donate time, talent and financial support to causes they're passionate about.


We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.


What’s the role?

Reporting to the Chief Legal Officer and Secretary to the Board, the CISO is accountable for establishing overall information risk management and security strategy including information technology risk identification, tolerance, acceptance and investment in risk mitigation to sustain Northwestern Mutual’s reputation and brand. Provides oversight and direction for establishing and maintaining enterprise-wide information risk, privacy and security management programs to ensure that information and technology assets are adequately protected. Responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.  Serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization's information security policies. Works with executive management and Board of Trustees to determine acceptable levels of risk for the organization. Together with senior leadership, plays a significant role in instilling an appropriate information risk and security conscious attitude and mindset into the culture.

In addition to the abovementioned have responsibility for the following:


  • Develop, implement and monitor a strategic, comprehensive enterprise information security and technology risk management program to ensure the integrity, confidentiality and availability of information that is owned, controlled or processed by the organization.
  • Set strategy for risk tolerances, risk acceptance and investment in risk mitigation to sustain organizational brand and reputation.
  • Lead, sustain, and develop experienced teams accountable for information policy, standards and controls, policy and risk governance, information and technology risk assessment, client privacy, disaster recovery, cyber-defense, incident response, and identity and access management.
  • Provide information security expertise to the organization by recommending information security initiatives which mitigate risks, strengthen defenses, and reduce vulnerabilities.
  • Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program.
  • Lead programs and processes to monitor the emergence of new threats and vulnerabilities, assessing impacts and driving responses as appropriate.
  • Review third party vendors and contracts to ensure appropriate controls are in place and working effectively.
  • Lead and facilitate information security governance topics, status and advice, including active involvement of and/or leading committees.
  • Cultivate and build collaborative working relationships with a broad range of enterprise stakeholders.
  • Liaison with external agencies, such as regulators, industry groups, and law enforcement and other as necessary.
  • Represent Northwestern Mutual and provide thought leadership in industry and cybersecurity forums.


Bring Your Best! What this role needs:

  • Bachelor’s degree with emphasis MIS, Computer Science or other computer/ business related discipline. An advanced degree is preferable.
  • A minimum of 10-15 years of experience in information security or risk management including CISSP, CISM, and/or CISA certifications.
  • Exceptional leadership, managerial and administrative skills.
  • Ability to work collaboratively across interdisciplinary teams and manage relationships across multiple areas of the business including Audit, Compliance, Trustees and other executive stakeholders
  • Ability to effectively lead change and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
  • Sound judgment and ability to effectively balance information risk controls with business productivity and growth.
  • Ability to communicate technical information to diverse audiences that include senior management including current and emerging digital security trends and directions.
  • Broad knowledge of current and emerging information technology industry trends and directions including common information security management frameworks, such as NIST, ISO/IEC 27001, ITIL, and COBIT
  • Experience in project delivery methodologies and process (e.g. Scrum, agile / SAFE, Lean, et al).


Req ID: 24482
Position Type: Regular Full Time
Education Experience: Bachelor's Required
Employment Experience: 9+ years
Licenses/Certifications: Not Applicable
FLSA Status: Exempt
Posting Date: 12/19/2018