Director - Cyber Third Party Risk Management; CTPRM

About Northern Trust

Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889. Northern Trust is proud to provide innovative financial services and guidance to the world's most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world's most sophisticated clients using leading technology and exceptional service.

We are seeking an experienced Director of Cyber Third-Party Risk Management to lead and mature the enterprise third-party cyber risk program across North America, with a strong focus on cloud, SaaS, AI, and emerging technology risks. This role is responsible for defining strategy, governance, and execution of CTPRM activities aligned with enterprise risk appetite, regulatory expectations, and business objectives.

• Define and execute the CTPRM strategy and roadmap for North America, aligned with global cybersecurity and enterprise risk objectives.
• Own third-party cyber risk frameworks, methodologies, service categorization, and risk reporting.
• Lead cyber risk assessments, oversight, and remediation for critical and high-risk third parties.
• Drive continuous improvement in third-party risk processes, automation, and tooling.
• Provide cyber risk leadership for cloud migration, SaaS, outsourcing, and AI-enabled third-party engagements.
• Partner with business, technology, procurement, legal, compliance, and privacy teams to embed security requirements into vendor lifecycle processes.
• Lead internal and external audits related to third-party cyber risk and ensure timely remediation of findings.
• Develop and report KPIs and KRIs to measure program effectiveness and third-party risk posture.
• Act as the senior point of contact for third-party cyber risk with executive stakeholders and regulators as required.

• Lead, mentor, and develop a high-performing CTPRM team in North America, with global collaboration.
• Set goals, manage performance, and build future-ready cyber and technology risk capabilities.
• Oversee a hybrid delivery model, including onshore leadership and offshore execution.

• 15+ years of experience in Cyber Risk, Technology Risk, Third-Party Risk, Cloud Risk, or related disciplines.
• Proven experience designing and leading enterprise-wide risk and control frameworks
  .
• Strong knowledge of cloud security, SaaS risk, AI systems, and complex digital architectures
  .
• Solid understanding of North America regulatory and compliance expectations related to third-party and technology risk.
• Excellent stakeholder management, communication, and consultative skills.
• Bachelor's degree or equivalent experience required.
• Certifications such as CISSP, CRISC, CCSK, CISM, or CISA preferred.

Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future. Northern Trust will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B, L-1, TN, O-1, E-3, H-1B1, F-1, J-1, OPT, CPT or any other employment-based visa).

Salary Range: $137, USD

Salary range is a good faith estimate of base pay. Northern Trust provides a comprehensive benefits package including retirement benefits (401k and pension), health and welfare benefits (medical, dental, vision, spending accounts and disability), paid time off, parental and caregiver leave, life & accident insurance, and other voluntary and well-being benefits. Northern Trust also provides a discretionary bonus program that may include an equity component.

Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at