Risk Management Analyst

  • Milwaukee, WI
  • Full-time

Company Description

You and Northwestern Mutual. We believe relationships are built on trust. That our lives and our work matter. And we’re much stronger together than we are apart. These beliefs launched our company nearly 160 years ago. Today, they’re just a few of the reasons why people choose to build careers at Northwestern Mutual.

Our business is about helping people secure their financial futures, and that starts with putting people first – our clients, our employees and our field representatives. Northwestern Mutual is known for financial strength. We’re strong, innovative and growing. Come grow with us.

Job Description

At Northwestern Mutual, we believe relationships are built on trust. That our lives and our work matter. These beliefs launched our company nearly 160 years ago. Today, they're just a few of the reasons why people choose to build careers at Northwestern Mutual.

We're strong and growing. In a company with such a long and storied history, this may be the most exciting and important time to be a part of Northwestern Mutual. We're strong, innovative and growing.

We invest in our people. We provide opportunities for employees to grow themselves, their career and in turn, our business.

We care.  We make a positive difference in our communities. Nationally, thousands have benefitted from our support of research and programs to fight childhood cancer. Each year, our Foundation, employees and financial representatives donate time, talent and financial support to causes they're passionate about.


We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.



We are looking for a Risk Management Analyst to join our Identity and Access Management Team within the Information Risk Management Department.  The role requires a dynamic agile controls and analytical mindset, patience and persistence to solve complex problems, ability to get things done quickly but thoughtfully, and strong relationship skills.  The preferred candidate will have a control’s mindset, separation of duties experience and IT audit experience.


Principle Accountabilities:

  • Conduct risk assessments on large, complex and ambiguous efforts to identify, rank, prioritize and report security and information protection risks associated with processes and technology. 
  • Partner with individuals throughout the organization (horizontally and vertically) to develop corrective action plans with mutually agreeable milestones to effectively mitigate identified risks.
  • Develop security specifications and requirements for information system and processes to ensure compliance with applicable industry standards, laws and regulations.  
  • Evaluate information system architecture, network and processes to ensure controls effectively mitigate information risks and meet security baselines.  
  • Provide security and information protection control options that are holistic, strategic, and visionary to ensure proper implementation and sustainability for the organization.
  • Monitor and document the implementation of security and information protection controls for compliance with industry standards, laws and regulations and as input for continuous control monitoring.
  • Work with Information System Owners to approve and document deviations to information protection standards in order to balance business and controls. 
  • Educate and raise awareness on security and information protection to encourage a culture that is risk aware in all activities.
  • Lead, coach, and mentor other staff members on aspects of the information risk management program and specific processes in order to ensure consistency, quality and productivity of deliverables.
  • Assist with the creation of security and information protection standards, information protection awareness and training program, evaluating noncompliance issues and appropriate investment decisions.


Bring Your Best! What this role needs:

  • Bachelor’s degree with an emphasis in MIS, Accounting Information System from an accredited college or university Or equivalent experience; 5-years of experience in security audit, information risk assessment and information security audits.
  • CISSP, CRISC, CISA, CEH/CPT or other applicable security and information risk management certifications strongly desired.
  • Knowledge of information risk management, security controls, and process design with proven ability to balance desired security with the needs of the business. .
  • Strong up to date knowledge in the on-going and ever evolving security industry.
  • Demonstrated ability to lead, coach and mentor other staff members
  • Strong ability to independently identify and resolve critical and complex issues through effective problem solving skills   
  • Strong ability to maintain and strengthen relationships; ability to effectively influence and negotiate with internal and external partners
  • Proven organizational savvy with demonstrated tact and diplomacy
  • Proven ability in dealing with ambiguity
  • Demonstrates excellent written and verbal skills.



  • Separation of Duty
  • Audit issue analysis, evaluation, management access plan, etc.
  • Policy, control standards, guidance
  • IT audit experience


Our Benefits:

  • Tuition reimbursement, commuter plans, and paid time off
  • Highly competitive compensation that include base salary plus bonus
  • Medical/Dental/Vision plans, matching 401(k), pension program
  • Hackathons/Commitment to Innovation
  • Life Balance
  • Extensive Training Opportunities
  • Free lunch


Req ID: 14741
Position Type: Regular Full Time
Education Experience: Bachelor's Desired
Employment Experience: 3-5 years
FLSA Status: Exempt
Posting Date: 06/02/2017