Sr Lead, Cyber Sec IT RiskM

About Northern Trust:

Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.

Northern Trust is proud to provide innovative financial services and guidance to the world's most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world's most sophisticated clients using leading technology and exceptional service.

This is a high-impact individual contributor responsible for modernizing how the firm manages data security risk through improved processes, automation, and standardized frameworks. The role requires strong techno-functional cybersecurity expertise, experience shaping data security strategy, and hands-on execution of enterprise-wide processes.

Within the scope of the Data Protection program, the Senior Lead drives governance and performance strategy, leads KPI/KRI development, optimizes operational processes, and ensures high-quality delivery across policies, controls, reporting, and compliance activities. The role further contributes to issue management, audit and regulatory responses, and creation of enterprise knowledge content to strengthen program maturity. The Senior Lead is expected to evolve the program from reactive, exception-driven operations to a proactive, control-driven model that reduces risk through standardization, automation, and preventative design.

Overall, this role strengthens operating efficiency and removes obstacles so engineers can focus on building controls that protect our Partners and Clients. This role also supports broader Data Protection work as part of a one-team, unified effort.

Success in this role requires strong analytical and communication skills and the ability to bring clarity to ambiguous work in a matrixed organization. The Senior Lead provides non-reporting leadership across the Data Protection team and must have the ability to influence and align multiple stakeholders across Risk, Audit, Engineering, and Business functions where ownership, processes, and expectations may be unclear or misaligned.

This role is based in Chicago and is subject to the firm's hybrid work policies.

The Senior Lead is responsible for driving continuous improvement across the Data Protection program's governance processes, reporting, and measurement capabilities that support the firm's risk-based data security program.

• Lead the design and evolution of the Data Protection operating model, ensuring alignment across risk, control, and compliance frameworks (e.g., RCSA, PRC, control testing).
• Identify and eliminate duplication or fragmentation across governance processes, driving a unified and scalable operating model.
• Maintain governance strategy, reporting frameworks, maturity models, and operating procedures.

• Design and implement frameworks that ensure controls are supported by clear, traceable, and audit-ready evidence.
• Establish linkage between risks, controls, metrics, and evidence to demonstrate control effectiveness.
• Ensure governance outputs support successful control testing, regulatory review, and external assessments.

• Identify process and workflow gaps and implement improvements to increase efficiency, consistency, and alignment.
• Develop and continuously improve governance and monitoring processes to meet internal and regulatory requirements.
• Ensure consistent, high-quality execution across governance activities and outputs.

• Own the KPI/KRI strategy ensuring metrics measure control effectiveness and risk reduction.
• Oversee development of dashboards, reporting packages, and governance artifacts (policies, standards, operating models).
• Review and approve executive reporting, committee materials, and operational dashboards.

• Represent Data Protection Governance as a subject matter expert on control effectiveness, governance maturity, and risk posture in senior leadership, audit, and regulatory forums.
• Provide advisory support on data protection governance, controls, and exception management.
• Drive adoption of data protection practices and improve awareness across the enterprise.
• Oversee PRC analysis, exception management, and support RCSA and related activities.
• Provide functional leadership to analysts, ensuring consistency in execution, documentation, and evidence quality.

• Bachelor's degree in Information Security, Computer Science, Engineering, or equivalent relevant experience.
• Experience partnering across functions (e.g., Cyber Security, Data Governance, business stakeholders) at both enterprise and business-unit levels.

• Working…