Cyber Exercise Program Manager

About Northern Trust:

Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.  

Northern Trust is proud to provide innovative financial services and guidance to the world’s most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service.

The Cyber Exercise Program Manager is a high visibility position responsible for the planning, design, and execution of strategic and operational cyber exercises (e.g., simulations, workshops, tabletops, functional exercises). The exercises test NT’s incident response plan and the resiliency of our people, policies, and processes against realistic simulated cybersecurity events. Partners across functions (e.g., technology, business, legal, compliance) and from all levels, including executive leadership, participate in exercises.

The person in this role will coordinate internal subject matter experts to develop plausible attack scenarios informed by internally and externally researched risks and trends, turn those scenarios into well-documented plans, and lead the exercises by playing out the scenarios in real-time.

To be successful in this role, a candidate must be organized and able to create schedules and materials; meet target deadlines; build relationships across the organization; maintain program documentation; and coordinate persons from multiple areas in preparation of the exercises. The Manager in this role is expected to have working knowledge of enterprise technologies (e.g., networks, databases) and deep interest in cybersecurity topics and industry trends.

The person in this role will present to all levels of management before, during, and after exercises. The Manager must be a strong communicator and comfortable presenting to technical and non-technical stakeholders. Additionally, the person in this role must be comfortable interviewing a range of partners, workshopping ideas for new scenarios, and gaining stakeholder buy-in. During exercises, this person is responsible for directing the exercise and capturing key takeaways to later create recommendations for improvement and findings.

This position reports to the Head of the Office of the CISO and is responsible for managing third-party consultants in support of the exercise function.

Primary Responsibilities
Coordinate subject matter experts to develop cyber exercises and create business-level scenario storylines, technical-level attack chains, exercise inject timelines, delivery structures, and logistics plans.

• Develop pre-exercise, exercise, and post-exercise materials – including presentations, scenario injects, and after-action reports
• Lead cyber exercise engagements multiple times per year
• Manage relationships with third-party consultants to assist in the creation, documentation, and execution of the exercises
• Document risks and findings discovered during exercises and drive improvement
• Assist in the maintenance and testing of internal policies and procedures

Personal Attributes

• Strong organizational skills and ability to work to meet deadlines
• Effective verbal and written communication skills, and comfort presenting to large groups and senior executive leadership
• Excellent listening and interpersonal skills, and ability to run large meetings
• Highly self-motivated and directed with keen attention to detail
• Ability to deal diplomatically and effectively at all levels of the organization in both technical and non-technical areas

Professional Experience
5+ years of relevant experience developing or supporting tabletop exercises and simulations, or relevant business continuity / disaster recovery / incident response/threat modeling experience

• 5+ years working in a cybersecurity or technology operations support role in an enterprise environment
• Ability to communicate complex technical concepts to a non-technical audience
• Relevant experience in financial or other highly-regulated industries
• Successful candidates should be able to demonstrate a passion for information security through course work, degrees, self-study, or certifications that have been completed

Formal Education & Certifications

• BA/BS in Business, English, Information Technology, Cybersecurity (or related work experience)
• Preferred Certifications include: Homeland Security Exercise and Evaluation Program (HSEEP) Certificate, Master Exercise Practitioner (MEP) certification, Certified Cyber Resilience Professional (CCRP), Certified Business Continuity Professional (CBCP), SSCP, CISSP, GCPM, PMP, CISM, CISA

Salary Range:

Salary range is a good faith estimate of base pay. Northern Trust provides a comprehensive benefits package including retirement benefits (401k and pension), health and welfare benefits (medical, dental, vision, spending accounts and disability), paid time off, parental and caregiver leave, life & accident insurance, and other voluntary and well-being benefits. Northern Trust also provides a discretionary bonus program that may include an equity component.

Working with Us: 

As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas.

Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to assisting the communities we serve! Join a workplace with a greater purpose.

We’d love to learn more about how your interests and experience could be a fit with one of the world’s most admired and sustainable companies! Build your career with us and apply today. #MadeForGreater 

Reasonable accommodation

Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at MyHRHelp@ntrs.com.

 
We hope you’re excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different things to different people.

Apply today and talk to us about your flexible working requirements and together we can achieve greater.