Sr Director - Infrastructure Security Engineering

At Northwestern Mutual, we believe relationships are built on trust. That our lives and our work matter. These beliefs launched our company nearly 160 years ago. Today, they're just a few of the reasons why people choose to build careers at Northwestern Mutual!

We're strong and growing. In a company with such a long and storied history, this may be the most exciting and important time to be a part of Northwestern Mutual. We're strong, innovative, and growing.

We invest in our people. We provide opportunities for employees to grow themselves, their career, and in turn, our business.

We care. We make a positive difference in our communities. Nationally, thousands have benefitted from our support of research and programs to fight childhood cancer. Each year, our Foundation, employees, and financial representatives donate time, talent and financial support to causes they're passionate about.

This is a hybrid position at either our Milwaukee office or our New York City office. (The Milwaukee office requires onsite M, T, and W or in our NYC office on Thursday plus 1 other day.)

What's the Role?

Northwestern Mutual is seeking a passionate and experienced leader to join our Product Security organization as a Senior Director of Infrastructure Security Engineering. In this role, you will be part of an organization whose vision is to maintain our client's trust by enabling "Secure by Default" products that support our financial advisors and critical day-to-day business operations. You will be responsible for leading teams focused on proactively identifying, assessing, and mitigating cyber risks related to the organization's attack surface and security posture. You will take an "automated first" approach to develop a shared strategy and vision, in collaboration with cross-functional leaders, aligned with the organization's goals and risk tolerance.

Key Responsibilities:

• Manage the teams and programs for Vulnerability Management, Endpoint Security, Email Security, Infrastructure Hardening, SaaS, and Product Security Operations.
• Develop and maintain reporting mechanisms to provide transparency into the organization's security posture, including key metrics and trends for senior leadership.
• Instill a DevSecOps mindset to mentor and guide teams on streamlining manual and repetitive tasks.
• Manage the day-to-day operational support of Product Security capabilities integrated into our enterprise workflows.
• Respond to service and escalation tickets within defined service-level agreements.
• Develop and maintain procedures, aligned to our enterprise risk framework, that support Product Security capabilities.
• Stay informed about new and emerging threats, recommending tactical and strategic initiatives to mitigate risks.
• Keep up-to-date with security changes impacting regulatory, privacy, and industry best practices.
• Lead all aspects of remediation efforts following security assessments or audits to address findings.
• Mentor and guide staff members to ensure consistency, quality, and productivity of deliverables.

Bring Your Best! What this role needs:

• Bachelor's degree or equivalent experience in computer science, computer engineering, software engineering, or a related field.
• 10+ years of experience in development, infrastructure, or cybersecurity.
• 5+ years of proven experience leading and developing teams, including hiring, training, and performance management.
• Experience with security tools such as vulnerability scanners, endpoint detection and response (EDR), email security.
• Solid understanding of cybersecurity principles, frameworks (e.g. NIST CSF), industry hardening baselines (e.g. CIS), and attack vectors.
• Knowledge of vulnerability management catalogs and scoring systems like CVE, CISA Known Exploited Vulnerabilities, and CVSS.
• Excellent analytical and problem-solving skills, with the ability to prioritize and manage multiple projects simultaneously in a fast-paced environment.
• Excellent communication skills (both written and verbal) with the ability to communicate sophisticated topics clearly and concisely with stakeholders at all levels of the organization.
• Knowledge of CI/CD pipelines to automate application and infrastructure code deployments.
• Knowledge of workload orchestration platforms like Kubernetes.
• Experience with development and scripting languages, preferably Python and JavaScript.
• Continuous improvement mindset, actively seeking opportunities to improve processes and capabilities.
• Relevant certifications from reputable cybersecurity industry organizations, including GIAC, ISC(2), etc.

Our Benefits

• Tons of room for career growth.
• We offer highly competitive compensation, including annual bonus opportunities
• Medical/Dental/Vision plans, 401(k), pension program
• We provide tuition reimbursement, PTO, and Holiday Pay
• We provide extensive Professional Training Opportunities
• We offer an excellent Work/Life Balance

#LI-Hybrid

Northwestern Mutual pays on a geographic-specific salary structure and placement in the salary range for this position will be determined by a number of factors including the skills, education, training, credentials and experience of the candidate; the scope, complexity as well as the cost of labor in the market; and other conditions of employment. At Northwestern Mutual, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. Please note that the salary range listed in the posting is the standard pay structure. Positions in certain locations (such as California) may provide an increase on the standard pay structure based on the location. Please click here for additional information relating to location-based pay structures.

We are an equal opportunity/affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age or status as a protected veteran, or any other characteristic protected by law.

If you work or would be working in California, Colorado, New York City, Washington or outside of a Corporate location, please click here for information pertaining to compensation and benefits.