Senior Lead Tech PM (Vulnerability Patching)

About Northern Trust:

Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.

Northern Trust is proud to provide innovative financial services and guidance to the world’s most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service.

Summary

Northern Trust is seeking an Infrastructure Patching and Vulnerability Control Engineer that will work with the Infrastructure Engineering and Operations partners across the towers to help assess, advise, test, and guide remediation of various infrastructure internal control findings from first-line Control, IT Risk, Compliance, Audit, self-assessments, and applicable regulatory bodies  

This diverse position will require the individual to work with infrastructure owners and their management, Northern Trust Patching and Vulnerability Control Engineers, Disaster Recovery (DR) program managers, automation engineers, internal IT risk and control teams (ITOC), and business function testers.  
 

A successful candidate will help to interpret the vulnerability findings as related to the infrastructures engineered and supported. Furthermore, the candidate will understand the underlying infrastructure mechanisms to a degree wherein they are able to aid in suggesting a remediation needed and judge the provided remediation and testing as adequately satisfying the finding. This person will have hands-on experience across multiple platforms including Control-M, database, ETL, mainframe, messaging, middleware, platforms, operating systems, networking, storage, virtualization, and the related disaster recovery. 

Responsibilities 

• Serve as the POC for everyday Patching and Vulnerability Functions in the Infrastructure Engineering and Operations organization across the Infrastructure towers 

• Serve as key liaison and spokesperson during any risk and control meetings for any Infrastructure tower as per patching and vulnerability remediation, as soon as a threat has been identified and facilitating communications between Northern Trust groups 

• Have or acquire an in depth understanding of the different moving parts and functions involved in the vulnerability remediation process especially as involves Infrastructure components 

• Represent the Infrastructure towers in Risk Control with IT Leadership and operational committees to communicate the status, capabilities, and issues of the infrastructure organization 

• Apply broad technical knowledge to provide remediation guidance across several of the technology areas 

• Integrate technical control expertise and business understanding to coordinate / envision superior solutions for the infrastructure components   

• Maintain an effective technical network across the Control community, ITOC, technical SMEs and architects for multiple service areas 

• Analyze high volumes of vulnerabilities across individual towers requiring special attention  

• Ingest and communicate vulnerability metrics with the greater Infrastructure team and Executive Management to allow for data-driven risk management  

• Issue Management - Validate accuracy of vulnerability records to be uploaded to ServiceNow  

• Ensure responsible vulnerability owners provide regular status updates in ServiceNow and escalate to accountable owner(s), as needed  

• Support Management in providing timely information on status to key stakeholders (CIO, CTO etc.) and obtain necessary approvals  

• Support Management in monitoring issues with upcoming due dates (30 - 60 - 90 days), communicating and validating on progress to ensure transparency on status and vulnerability resolution  

• Escalate any vulnerability downgraded to at risk within 90 days of due date to Management 

• Facilitate deferral and extension process with formal notification and approvals (where needed) to appropriate accountable owners  

• Review and validate evidence for closure of issues to ensure conditions for closure are met; document validation conclusion in vulnerability tickets  

• Share key insights and learnings from participation in Infrastructure meetings to share with management 
   

As a partner at Northern Trust, you must actively manage and mitigate risk and act with integrity. In accordance with our core values of service, integrity, and expertise, you are expected to: 

• Adhere to all applicable risk management programs, policies, and procedures 

• Complete all mandatory training by the deadline 

• Understand how your behavior could expose Northern Trust, its clients, and financial markets to different types of risk  

• Ensure that Northern Trust or its clients are not exposed to inappropriate or excessive risk 

• Escalate any risk concerns, including those resulting from mistakes / errors to a manager or business unit risk officer 

• Exercise diligence regarding cyber-security  

• Cooperate with internal control functions (including first-line Control, Risk, Compliance, Audit, self-assigned, etc.) and applicable regulatory bodies  

• Avoid conflicts of interest or behaviors that might produce unfair outcomes for Northern Trust or its clients or damage the integrity of financial markets  

Qualifications 

• Bachelor's degree in information technology, Management Information Systems, Computer Science or a related discipline 

• 10+ years as Infrastructure vulnerability and patching operating at enterprise scale 

• Advanced technical problem-solving skills 

• Practical experience in both technology infrastructure and application development architectures 

• Strong system analysis and service development experience 

• Financial or Regulatory domain experience  

• Service Now experience  

• Familiarity with Fusion a plus 

Knowledge/Skills 

• Well-versed in patching and security industry best practices, tools and regulatory and compliance frameworks 

• Highly motivated, energetic self-starter who takes ownership of issues and drives them to resolution 

• Good organizational skills - manages and prioritizes multiple tasks across different time horizons within deadlines 

• Cooperative, and collegial manner to be able to flex to wide range of stakeholders and in high-stakes situations 

• Strong decision-making skills 

• Strong analytical, problem solving and process re-engineering skills 

• Excellent project management skills; oral and written communication 

• Skills in translating broad strategic intent into tactical plans and directions are essential 

• Applies broad industry knowledge and awareness 

• Negotiates with senior leaders across the business 

Working with Us:

As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas.

Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to assisting the communities we serve! Join a workplace with a greater purpose.

We’d love to learn more about how your interests and experience could be a fit with one of the world’s most admired and sustainable companies! Build your career with us and apply today. #MadeForGreater

Reasonable accommodation

Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at MyHRHelp@ntrs.com.

We hope you’re excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different things to different people.

Apply today and talk to us about your flexible working requirements and together we can achieve greater.