Own and drive the ongoing evolution of technology and cybersecurity control standards, ensuring they remain effective, current, and aligned with risk, regulatory, and business needs.
Lead the design, maintenance, and quality assurance of comprehensive mappings between control standards and global regulatory and industry frameworks, ensuring consistency, completeness, and audit readiness.
Serve as a primary liaison and influence point with technology, cybersecurity, and risk teams to improve awareness, adoption, and consistent implementation of standards, including leveraging automation and scalable solutions.
Oversee governance and committee engagement, including development and review of senior‑management‑level materials, facilitation of effective meetings, and ownership of follow‑up actions and outcomes tracking.
Provide guidance, coaching, and subject‑matter leadership to team members, setting expectations for quality, consistency, and professional development.
Identify, prioritize, and lead continuous improvement initiatives across team processes, documentation, and knowledge management, ensuring sustained enhancements are embedded.
Actively influence decision‑making and behaviors across technology teams to reduce risk exposure and strengthen the overall technology risk management culture.
Knowledge / Skills
Advanced, broad‑based expertise in technology and cybersecurity risks and controls, with the ability to apply judgment across complex risk areas including resiliency, SDLC, ITSM, operations, governance, SaaS, cloud, AI, and emerging technologies.
Strong working knowledge of global regulatory and industry control frameworks (e.g., CRI, NIST, FFIEC, ISO), with proven experience interpreting requirements and leading the analysis and mapping of frameworks to enterprise processes and controls.
Highly effective written and verbal communication skills, with the ability to articulate complex risk and control concepts clearly and concisely to both technical and non‑technical stakeholders.
Demonstrated capability to develop, review, and deliver management‑level materials, including summaries, analyses, and recommendations for governance forums and senior stakeholders.
Substantial experience designing, maintaining, and governing technology and cybersecurity policies and standards, ensuring consistency, clarity, and practical applicability.
Hands‑on experience with enterprise GRC platforms (e.g., ServiceNow), including control hierarchy design, data quality considerations, workflow integration, and reporting.
Solid understanding of audit and control testing concepts, with the ability to support examinations, respond to findings, and drive sustainable remediation.
Self‑directed and outcome‑oriented, capable of independently driving initiatives, prioritizing competing demands, and proposing well‑reasoned paths forward.
Strong project and program management skills, including planning, coordination, execution tracking, and issue escalation across cross‑functional initiatives.
Proven collaboration and relationship‑management capabilities, including effective engagement with senior managers and leaders across technology, risk, and control functions.
Recognized thought contributor with a track record of identifying process improvements, shaping solutions, and driving enhancements through implementation.
Requirements
Bachelor's degree in technology, cybersecurity, risk management, or a
Additional Information
About Northern Trust:
Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.
Northern Trust is proud to provide innovative financial services and guidance to the world's most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world's most sophisticated clients using leading technology and exceptional service.
The Northern Trust Technology Risk and Control function enables Global Information Technology to operate with a strong and sustainable first line of defense, fostering a deeply embedded control-aware culture, delivering compliant and secure technology capabilities, protecting clients, and meeting global regulatory expectations.
The Senior Lead, Technology Risk and Control role is responsible for driving the technology and cybersecurity control policies and standards program. This role is accountable for ensuring the effectiveness and ongoing maturity of control standards that establish minimum requirements across the organization, aligned to regulatory, supervisory, and industry expectations.
As a member of the Technology Risk & Control team, this role acts as an advisor to technology, risk, and executive stakeholders, drives strategic initiatives, and plays a critical role in shaping the firm's overall technology risk management posture globally.
Ntrs · Pune, India