Principal Security Engineer – AI & Copilot Data Protection

** About Northern Trust:
** Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.Northern Trust is proud to provide innovative financial services and guidance to the world’s most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service.
** Job Description
** Seeking an individual contributor Sr Lead to drive secure enablement of Microsoft 365 Copilot and enterprise AI capabilities within the Data Protection Control Engineering team. This role is responsible for designing, implementing, and operating AI-related data protection and compliance controls using Microsoft Purview, Defender, and M365 security services. The Sr Lead will act as a hands-on technical expert, partnering across Security, Compliance, Privacy, and M365 teams to reduce AI-driven data risk while enabling productivity at scale.
** Key Responsibilities
** Serve as hands-on technical lead for Copilot and AI security controls across Microsoft Purview, Defender, and M365.Configure, deploy, troubleshoot, and operate controls in ENT and ENTUAT environments; support production changes via approved change windows.

Design and implement Copilot-related controls spanning Information Protection labeling, DLP, Endpoint DLP, Insider Risk, Communication Compliance, Data Lifecycle Management, and DSPM for AI.Review and secure Copilot platform configurations including web grounding, agents, connectors, transcripts, and retention settings.

Develop alerting, monitoring, automation, and operational runbooks to ensure stability and audit readiness.

Act as subject matter expert, providing guidance to engineering, operations, and governance stakeholders.

Track delivery using Azure Dev Ops and contribute to Copilot readiness, Zero Trust alignment, and governance activities.
** Copilot Effort –
** Define and implement Copilot-protected file, group, and site labels and prevent unauthorized content ingestion.

Expand browser and endpoint DLP protections, including copy/paste controls and Copilot prompt security.

Establish AI risk use cases, alerting, and operational workflows within Insider Risk and Communication Compliance.

Operationalize DSPM for AI reporting, oversharing remediation, and continuous reassessment of AI data exposure.

Support AI governance processes including risk assessments, decision logs, and stakeholder reporting.
** Must-Have AI Security Skills
** LLM security fundamentals and threat modeling, including data exposure and indirect prompt injection risks.

Prompt injection and prompt data leakage mitigation techniques.

Agent and connector risk management, including permissions, grounding sources, and least-privilege access.

AI and model governance concepts such as risk assessments, control mapping, and policy alignment.

Monitoring and alerting for abnormal or risky AI usage patterns.
** Qualifications
* * College degree or equivalent experience in cyber security, engineering, or a related field.

Hands-on experience administering Microsoft Purview and Microsoft Defender for Cloud Apps.

Strong knowledge of data governance, DLP technologies, and information security best practices.

Scripting and automation experience (Power Shell, Python, Power Automate).

Experience with Service Now incident and change management processes.
** Preferred Skills & Certifications
** Experience with M365 services (SharePoint Online, Teams, Exchange, Entra ), Sentinel, Zscaler, or Symantec DLP.Relevant certifications such as Microsoft Security/Compliance, CISSP, CISM, CISA, or SANS.Salary Range:
* Salary range is a good faith estimate of base pay. Northern Trust provides a comprehensive benefits package including retirement benefits (401k and pension), health and welfare benefits (medical, dental, vision, spending accounts and disability), paid time off, parental and caregiver leave, life & accident insurance, and other voluntary and well-being…