Sr Lead, Cyber Sec IT RiskM

About Northern Trust Northern Trust is a Fortune 500 company, globally recognized and award‑winning, that has been in continuous operation since 1889. The organization offers innovative financial services and guidance to the world’s most successful individuals, families, and institutions through its enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 associates, Northern Trust serves sophisticated clients using leading technology and exceptional service. Role Summary A high‑impact individual contributor who modernises how the firm manages data security risk through improved processes, automation, and standardized frameworks. Responsible for shaping data security strategy and executing enterprise‑wide processes within the Data Protection program. Drives governance and performance strategy, KPI/KRI development, operational process optimisation, compliance activities, audit and regulatory responses, and knowledge creation to strengthen program maturity. Primary Responsibilities Governance Strategy & Operating Model Design and evolve the Data Protection operating model, ensuring alignment across risk, control and compliance frameworks (e.g., RCSA, PRC, control testing). Identify and eliminate duplication or fragmentation across governance processes to create a unified and scalable model. Maintain governance strategy, reporting frameworks, maturity models and operating procedures. Operating Effectiveness & Evidence Design and implement evidence frameworks that support clear, traceable, audit‑ready controls. Link risks, controls, metrics and evidence to demonstrate control effectiveness and ensure successful control testing, regulatory review and external assessments. Process Optimization & Execution Identify process and workflow gaps and implement improvements to increase efficiency and consistency. Continuously improve governance and monitoring processes to meet internal and regulatory requirements. Ensure high‑quality execution across governance activities and outputs. Metrics, Monitoring & Risk Insights Own the KPI/KRI strategy and oversee development of dashboards and reporting packages. Review and approve executive reporting, committee materials and operational dashboards. Program Support & Stakeholder Engagement Represent Data Protection Governance as subject matter expert in senior leadership, audit and regulatory forums. Provide advisory support on governance, controls and exception management, drive adoption of practices and improve awareness across the enterprise. Oversee PRC analysis, exception management and support RCSA and related activities. Lead functional team of analysts ensuring consistency in execution, documentation and evidence quality. Skills and Experiences Education & Foundational Bachelor’s degree in Information Security, Computer Science, Engineering or equivalent relevant experience. Security & Governance Working knowledge of security frameworks (e.g., ISO, NIST). Experience supporting or responding to audits and regulatory engagements (e.g., FFIEC). Familiarity with enterprise‑grade GRC platforms (e.g., ServiceNow GRC, MetricStream, IBM OpenPages). Ability to design and operationalise evidence frameworks that validate control effectiveness. Process Engineering & Optimization Experience in process design, workflow optimisation and governance standardisation. Ability to design scalable operating models aligning risk, control and compliance processes. Experience implementing control monitoring frameworks tied to measurable outcomes. Metrics, Reporting & Analytics Strong analytical skills and experience developing KPIs/KRIs and governance reporting. Proficiency with reporting and visualisation tools (e.g., Excel, Power BI, Tableau). Familiarity with log analytics or monitoring platforms (e.g., KQL, SIEMs). Knowledge Management & Collaboration Experience with enterprise content management tools (e.g., Confluence, SharePoint). Ability to influence stakeholders and drive alignment across functions without direct authority. Excellent communication skills and ability to translate complex concepts into clear, actionable outputs. Ability to operate autonomously and prioritise effectively in ambiguous environments. Preferred Requirements Certifications: CISSP, CISM, CISA, CRISC or equivalent. Cloud, IaC and Engineering – experience with Azure, Terraform, CI/CD pipelines, scripting or data languages (Python, SQL). Exposure to automation and cloud‑native tools supporting scalable governance and monitoring. Salary Range $114,500 - $194,700 USD – This is a good faith estimate of base pay. The company also offers a discretionary bonus program that may include an equity component. Benefits Retirement benefits (401k and pension). Health and welfare benefits: medical, dental, vision, spending accounts and disability. Paid time off, parental and caregiver leave. Life & accident insurance. Other voluntary and well‑being benefits. Work Location & Policies Chicago, Illinois. The role is subject to the firm’s hybrid work policies. Legal & Compliance Applicants must be authorized to work in the U.S. without the need for employment‑based visa sponsorship now or in the future. Northern Trust will not sponsor applicants for U.S. work visa status for this opportunity. EEO statement (U.S.): The policy of The Northern Trust Company is to afford equal opportunity in all phases of employment without regard to an individual’s age, race, color, religion, creed, gender, national origin, citizenship status, marital status, pregnancy, sexual orientation, gender identity, gender expression, genetic tests and information, physical or mental disability, protected veteran status or any other legally protected status. EEO statement (Canada): Northern Trust is an Equal Opportunity Employer. Hiring and other employment decisions are made without regard to race, colour, religion, sex, ancestry, national origin, ethnic origin, age, disability, citizenship, veteran status, sexual orientation, record of offences, marital status, family status, or any other characteristic protected by federal, provincial, or local law. EEO statement (Europe, Middle East and Africa, APAC, and California) – The Northern Trust Company provides equal employment opportunities to all employees and applicants and does not discriminate on any protected characteristic. Application Process Applicants who meet the qualifications may apply through the company's career portal. The role is currently open and not closed. #J-18808-Ljbffr 001 The Northern Trust Company