Cybersecurity GRC Compliance Principal

Cybersecurity Governance, Risk and Compliance Principal

We are looking for an experienced Cybersecurity GRC Compliance Principal to drive the operation and enhancement of our Cybersecurity Governance, Risk and Compliance team within our Technology function. The role involves monitoring and adherence to cyber rules and regulations, controls oversight and assurance, and coordinating cyber controls information and evidence to regulators, auditors, and clients.

• Lead the technical direction and development of cyber compliance and assurance initiatives, providing expert guidance and support.
• Act as a central point of coordination and subject matter expert for cyber controls information and evidence requests, including SOC2 and SOX testing and reporting for all cyber controls.
• Support Cybersecurity audits, providing expertise, consolidation, and coordination.
• Facilitate the production of information and evidence on cyber controls for regulatory requests.
• Facilitate the production of information and evidence on cyber controls for client requests, supporting new client revenue generation and existing client retention.
• Oversee adherence to all cyber‑related regulatory requirements in all jurisdictions globally in which Northern Trust operates, leading action to address new requirements.
• Provide oversight, tracking, analysis, and reporting of all cybersecurity issues and findings to ensure timely, complete and compliant remediation.
• Proactively work with the broader Cybersecurity team to ensure new products, services, and processes are built and operated in a controlled and compliant manner.
• Engage with a range of senior stakeholders across Lines of Defense to ensure cybersecurity regulations and internal control requirements are well understood and embedded in business and technology practices.

• Bachelor’s or Master’s degree in Information Security, Computer Science, or a related field.
• Minimum of 10 years of experience in cybersecurity, with a focus on assurance or audit.
• Extensive knowledge of cyber regulations, risk management frameworks, and methodologies.
• Proven experience in technical leadership roles, influencing executive stakeholders.
• Strategic thinker with a strong understanding of cyber threats, vulnerabilities, and risk mitigation options.
• Innovative thinker and adaptable to change.
• Exceptional communication and presentation skills, capable of translating technical risk into business terms.
• Excellent analytical, problem‑solving, and decision‑making skills.
• Relevant certifications such as CISSP, CISM, CRISC, or similar.

Applicants must be authorized to work in the United States without the need for employment‑based visa sponsorship now or in the future. Northern Trust will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H‑1B, L‑1, TN, O‑1, E‑3, H‑1B1, F‑1, J‑1, OPT, CPT or any other employment‑based visa).

Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at