Director – Cyber Third Party Risk Management; CTPRM

About Northern Trust Northern Trust is a Fortune 500 company and a globally recognized financial institution with over 130 years of experience. We provide innovative financial services to highly successful individuals, families, and institutions.

We are seeking an experienced Director of Cyber Third‑Party Risk Management (CTPRM) to lead and mature the enterprise third‑party cyber risk program across North America, with a strong focus on cloud, SaaS, AI, and emerging technology risks. This role is responsible for defining strategy, governance, and execution of CTPRM activities aligned with enterprise risk appetite, regulatory expectations, and business objectives.

• Define and execute the CTPRM strategy and roadmap for North America, aligned with global cybersecurity and enterprise risk objectives.
• Own third‑party cyber risk frameworks, methodologies, service categorization, and risk reporting.
• Lead cyber risk assessments, oversight, and remediation for critical and high‑risk third parties.
• Drive continuous improvement in third‑party risk processes, automation, and tooling.
• Provide cyber risk leadership for cloud migration, SaaS, outsourcing, and AI‑enabled third‑party engagements.
• Partner with business, technology, procurement, legal, compliance, and privacy teams to embed security requirements into vendor lifecycle processes.
• Lead internal and external audits related to third‑party cyber risk and ensure timely remediation of findings.
• Develop and report KPIs and KRIs to measure program effectiveness and third‑party risk posture.
• Act as the senior point of contact for third‑party cyber risk with executive stakeholders and regulators as required.

• Lead, mentor, and develop a high‑performing CTPRM team in North America, with global collaboration.
• Set goals, manage performance, and build future‑ready cyber and technology risk capabilities.
• Oversee a hybrid delivery model, including onshore leadership and offshore execution.

• 15+ years of experience in Cyber Risk, Technology Risk, Third‑Party Risk, Cloud Risk, or related disciplines.
• Proven experience designing and leading enterprise‑wide risk and control frameworks.
• Strong knowledge of cloud security, SaaS risk, AI systems, and complex digital architectures.
• Solid understanding of North America regulatory and compliance expectations related to third‑party and technology risk.
• Excellent stakeholder management, communication, and consultative skills.
• Bachelor’s degree or equivalent experience required.
• Certifications such as CISSP, CRISC, CCSK, CISM, or CISA preferred.

Salary Range $137,400 – 240,400 USD

Benefits Northern Trust provides a comprehensive benefits package, including retirement benefits, health and welfare benefits, paid time off, parental and caregiver leave, life & accident insurance, and a discretionary bonus program.

Work Authorization Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future. Northern Trust will not sponsor for work visas.

Reasonable Accommodation Northern Trust is committed to providing reasonable accommodations. Contact the HR Service Center at