Search Our Career Opportunities

IT Risk Engineer

Date: Jan 11, 2019

Location: New York, NY, 10003

At Northwestern Mutual, we believe relationships are built on trust. That our lives and our work matter. These beliefs launched our company nearly 160 years ago. Today, they're just a few of the reasons why people choose to build careers at Northwestern Mutual.

We're strong and growing. In a company with such a long and storied history, this may be the most exciting and important time to be a part of Northwestern Mutual. We're strong, innovative and growing.

We invest in our people. We provide opportunities for employees to grow themselves, their career and in turn, our business.

We care.  We make a positive difference in our communities. Nationally, thousands have benefitted from our support of research and programs to fight childhood cancer. Each year, our Foundation, employees and financial representatives donate time, talent and financial support to causes they're passionate about.


We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.


What's the role?

As Risk Engineer, you establish and optimize risks and controls, accountable for consulting and advising on large, complex and, often, ambiguous issues related to information security. As subject matter expert for the information risk management program, you will: create information protection policies/standards; design/evaluate processes/controls to enable compliance with information protection policies; evaluate and approve deviations to information protection policies; promote information protection awareness through training activities; evaluate and make decisions on noncompliance issues; lead, coach, and mentor NM staff on the information risk management program, including specific processes intended to ensure consistency and quality. Further, you will develop action plans to support departmental and corporate strategy. Above all, you demand excellence of yourself; you handle tasks with the highest possible degree of accuracy and discretion.


Bring Your Best! What this role needs:

  • Reviewing current system architecture and configurations for security measures and recommending and implementing enhancements
  • Engineering, implementing and monitoring security measures for the protection of computer systems, networks and information assets
  • Identify, develop, and document security issues and recommendations concerning areas being reviewed. Responsible for communicating information, suggestions, and/or problems regarding critical findings
  • Five or more years of experience in information systems or systems audit with a demonstrated knowledge in technologies and processes
  • Proven ability to design and implement IT general controls
  • Knowledge of information security control practices and frameworks (e.g. OWASP, NIST, etc.) is strongly preferred
  • Serve as the security expert and communicate information security-related concepts to technical and non-technical team members
  • Architect and design secure solutions based on best-practice control frameworks such as NIST
  • Demonstrated ability to lead, coach and mentor other staff members
  • Strong ability to independently identify and resolve critical and complex issues through effective problem-solving skills
  • Strong ability to maintain and strengthen relationships; ability to effectively influence and negotiate with internal and external partners
  • Proven organizational savvy with demonstrated tact and diplomacy
  • Proven ability in dealing with ambiguity
  • Bachelor’s degree with an emphasis in MIS, Business or related field; or related work experience beyond the minimum required


Req ID: 24475
Position Type: Regular Full Time
Education Experience: Bachelor's Desired
Employment Experience: 6-8 years
FLSA Status: Exempt
Posting Date: 01/04/2019