Profiles search

Selamawit (Sally) Lulu, CISA, CISSP

Senior Vice President- Director, GRC, Risk Treatment & Cybersecurity Education and Awareness at Northern Trust Corporation

Chicago, IL, United States

Details

Education: MS-Transfered

Technology Management

University of St. Thomas

2008 : 2010

BS

Accounting/MIS

Metro State University

2000 : 2004

Experience: 2023 : Present

Northern Trust Corporation

Senior Vice President - Director - GRC, Risk Treatment, Education & Awareness

Manage the GRC and cybersecurity education and awareness function within the 2nd LoD.

2022 :

Northern Trust Corporation

VP - Director, GRC & Cybersecurity Education & Awarness

Advise and consult on cybersecurity and technology risks and controls to Wealth and Asset management functions.

2021 : 2022

Northern Trust Corporation

VP- Cyber Security and Technology Risk & Control Officer

Responsible for providing governance and oversight of IT risks by establishing and maintaining the necessary Technology Control Standards.

2016 : 2021

Northern Trust Corporation

Vice President - Information Security & Technology Risk Management

• Manage the coordination and planning of the annual risk assessment process including identification of IT audit universe, mapping of key IT processes by functional areas, interviewing key IT leaders, assessing risks and develop the annual IT plan.

• Schedule, staff and oversee the planning, execution and reporting of IT audits on the annual audit plan including proper reporting of KPIs.

• Manage a team and outsourced staff, provide on-going coaching, evaluate performance, and develop individual development plans.

2014 : 2016

Exelon

Manager, IT Audit

Company: Northern Trust Corporation

Years of Experience: 20

Spoken Language: Amharic, English

Skills

Auditing, Business Process, COBIT, Enterprise Risk Management, Finance, Governance, Information Technology, Internal Audit, Internal Controls, IT Audit, Leadership, Operational Risk Management, Process Improvement, Project Planning, Risk Assessment, Risk Management, SAP, Sarbanes-Oxley, SAS70, SDLC, Vendor Management, Operational Risk, Enterprise Risk

About

Result driven Information Security & Technology Governance, Risk and Control professional with over 15+ years of exprience in IT, Operational, Advisory and Compliance audits, Operational Risk Management and development and maintenance of Information Security and Technology policy, program, standards and guidelines.

Self-starter, highly motivated and passionate team leader who collaborates and engages diverse and talented team members.

Diverse industry experience in retail, financial services, telecommunication and energy/utilities.