Technology Risk & Control Self‑Assessment (RCSA) Execution
Support and execute end‑to‑end Technology Risk and Control Self‑Assessments within the defined scope, in alignment with enterprise technology risk policies, control standards, and risk frameworks.
Coordinate with technology and risk stakeholders to support RCSA planning, scheduling, data collection, and completion of assessment deliverables.
Risk Identification and Control Design & Effectiveness Evaluation
Contribute to the assessment of inherent and residual technology risks and evaluate the design and operating effectiveness of key controls.
Identify control gaps, execution issues, and process deviations, and support clear documentation of root causes and risk implications.
Assess whether controls are:
Clearly defined and appropriately documented
Aligned to identified technology risks and control objectives
Consistently executed
Supported by complete, accurate, and timely evidence suitable for audit and regulatory review
Risk Assessment and Assurance Support
Apply technology risk assessment techniques to support effective risk identification, prioritization, and articulation within RCSA activities.
Leverage exposure to SOC 1 / SOC 2 or SOX IT control testing (where applicable) to support control scoping, documentation quality, and evidence standards.
Assist in aligning RCSA outcomes with audit, risk, and regulatory expectations.
RCSA Documentation and Evidence Management
Ensure accurate and high‑quality documentation of RCSA results, including risk statements, control assessments, conclusions, and supporting evidence within designated tools.
Maintain discipline around evidence standards, traceability, and transparency to support internal and external assurance activities.
Issue Identification and Remediation Tracking
Support identification, documentation, and escalation of control deficiencies and risk issues arising from RCSA activities.
Assist with issue risk ratings and monitor remediation progress in alignment with issue management standards and timelines.
Stakeholder Engagement and Governance Support
Partner with technology, risk, and control stakeholders to support completion of RCSA activities and issue remediation actions.
Participate in governance forums, working groups, and readiness activities, providing clear, factual updates on assessment status, risks, and issues.
Continuous Improvement and Risk Awareness
Support identification of recurring risk themes and control weaknesses across RCSAs.
Contribute ideas and recommendations to enhance control design, assessment methodologies, documentation quality, and overall RCSA effectiveness.
Maintain awareness of evolving industry practices, regulatory expectations, and technology risk trends relevant to RCSA activities.
Experience and Education
6-8 years of experience in Technology Risk, Risk & Control Self‑Assessment (RCSA), IT Risk Assessment, or related roles.
Hands‑on experience executing Technology RCSA activities or participation in SOC 1 / SOC 2 and/or SOX IT control testing, including IT General Controls (ITGCs) and application controls.
Practical understanding of technology risks, control design, and control effectiveness evaluation.
Strong analytical, documentation, and stakeholder communication skills.
Preferred Certifications: CISA, CISSP, or CRISCs
Working with Us:
As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength
Benefits
Flexible schedule
Additional Information
About Northern Trust:
Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.
Northern Trust is proud to provide innovative financial services and guidance to the world's most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world's most sophisticated clients using leading technology and exceptional service.
The Technology Risk and Control function at Northern Trust supports Global Information Technology in operating within a strong First Line of Defense, promotes a control‑aware culture, and enables secure, compliant, and resilient technology capabilities.
The Senior Associate, Technology Risk and Control role supports the execution of the Technology Issue Management and Risk & Control Self‑Assessment (RCSA) programs. This role is responsible for planning and executing assigned RCSA activities, supporting issue identification and remediation tracking, and ensuring consistent application of technology risk and control standards.
The Senior Associate works closely with Technology, Risk, Compliance, and Audit stakeholders to assess technology risks, evaluate control effectiveness, and support governance, transparency, and accountability across the technology risk lifecycle.
Ntrs · Pune, India