Lead, Cyber Sec IT Risk Management

About Northern Trust:

Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.

Northern Trust is proud to provide innovative financial services and guidance to the world’s most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service.

Roles and Responsibilities:

This role will be responsible for assessing and monitoring the risk posture of third-party vendors, driving process improvements, leading automation initiatives and delivering actionable insights through risk metrics and reporting The individual will be required to serve as the subject matter expert (SME) on third parties risks and the individual’s primary day to day responsibilities are mentioned below (but are not limited to these):

• Conduct security risk assessment on new and existing Northern Trust’s third parties business partners. Ensure proper preventative and detective controls are in place and prepare recommendations to strengthen control weaknesses.

• Demonstrate some proven knowledge on the following domains:
  • Information Security Governance and Risk Management
  • Access Control
  • Vulnerability Management and Penetration Testing
  • Network Security
  • Application Security
  • Cryptography
  • Security Architecture and Design
  • Operations Security
  • Business Continuity and Disaster Recovery Planning
  • Legal, Regulations, Investigations and Compliance
  • Physical and Environmental Security
  • Cloud Security

• Strong understanding and proven working experience on Information Security frameworks (e.g., NIST, ISO 27001, SIG, SOC2)
• Knowledge of regulatory requirements and guidelines relating to Cyber Security, Information Security, Privacy, Business Resilience and Business Continuity Management.
• Define, maintain and refine KPIs, KRIs, and KCIs for third-party risks to measure program effectiveness and vendor risk trends.
• Build and present executive level dashboards and reports to senior leadership.
• Ensure traceability and accuracy in risk reporting
• Ability to utilize Microsoft Copilot and AI-driven tools for automating third-party risk management workflows, generating risk reports, cyber incident response and simplifying documentation tasks.
• Responsible for reviewing master services contracts of the third parties to identify information technology and security related clauses.
• Knowledge on risk treatment and issues management functions and industry tools to support the program.

• Support Issue Owners and/or Issue Identifiers in accurate documentation of root cause analysis, impact analysis, severity ratings and corresponding remediation actions.
• Review evidence provided to validate remediation actions were implemented as required and meet all acceptance criteria to close the issue.
• Monitor the status of remediation actions and provide periodic updates to applicable stakeholders.
• Work across the lines of defense to coordinate changes, provide review and challenge, and respond to audit and regulatory requirements.
• Participate in cyber incident responses to provide guidance related to cyber security risks and control assurance

• Able to interact in a professional manner and develop relationships with individuals and teams at any level in Northern Trust.
• Foster a positive and collaborative environment.
• Flexibility, multi-tasking, good business judgment skills are required to meet competing priorities.
• Contribute to automation, analytics,  and continuous improvements of processes
• Demonstrate ability to work well in both an individual contributor and team capacity.  Train associates on the incident / issue management process and procedures via mentoring.

Skills Preferred:

• Excellent written and verbal communication skills.
• Experience working in global, cross-functional, collaborative teams.
• Attention to detail.
• In-depth understanding of information security, network management, operating systems, software development, database systems and information technology.
• Understanding of information security, Cyber Security  Framework like  NIST, Center for Internet Security (CIS), ISO etc.
• Knowledge of technology controls around Cloud Computing reviews.
• Advanced experience with MS Office, SharePoint, and Reporting tools

Experience:

Bachelor’s degree in computer science or a related discipline and at least ten or more years of experience in the field of Technology Security. Professional certifications (such as CISA, CRISC, CISM, CISSP or similar) is a plus

Working with Us:

As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas.

Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to assisting the communities we serve! Join a workplace with a greater purpose.

We’d love to learn more about how your interests and experience could be a fit with one of the world’s most admired and sustainable companies! Build your career with us and apply today. #MadeForGreater

Reasonable accommodation

Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at [email protected].

We hope you’re excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different things to different people.

Apply today and talk to us about your flexible working requirements and together we can achieve greater.

About Our Pune Office

The Northern Trust Pune office, established in 2016, is now home to over 3,000 employees. The office handles various functions, including Operations for Asset Servicing and Wealth Management, as well as delivering critical technology solutions that support business operations across the globe.

Our Pune team takes our commitment to service to heart. In 2024, they volunteered more than 10,000+ hours into the communities where they live and work. Learn more.