Lead, Control Testing Risk (Cyber, Technology and Non-Technology)

Position Overview

Northern Trust is a globally recognized, award-winning Fortune 500 financial institution with over 130 years of experience and more than 22,000 partners. The Second Line of Defense (2LOD) Controls Testing partner will execute complex testing engagements, refine methodologies, mentor team members, and provide strategic insights that influence the cyber, technology, and non-technology risk posture. As a Northern Trust partner, you will join a flexible and collaborative work culture with opportunities for internal movement and growth. Northern Trust is also committed to providing reasonable accommodations throughout the employment process.

Key Responsibilities

• Test, validate, and enhance control testing methodologies and procedures amid evolving cyber and technology threats.
• Perform 2LOD validation on complex engagements including advanced testing plans, detailed workpapers, comprehensive findings, and high-quality reporting to risk committees.
• Oversee the resolution of complex risk issues by collaborating across teams to design, implement, and improve controls in line with industry standards and regulatory expectations.
• Conduct in-depth examinations of cyber and non-cyber risk controls, evaluate their design and operational effectiveness, and recommend remediation strategies to leadership.
• Support second-line governance activities by participating in risk identification and change initiative risk assessments.
• Communicate complex operational and technical risk findings to stakeholders clearly to build consensus and drive remediation efforts.
• Apply advanced risk assessment techniques to identify critical risks and controls to inform testing priorities and enhance risk management strategies.
• Manage multiple testing initiatives simultaneously, utilizing strong project management and organizational skills.
• Monitor evolving regulatory requirements to ensure testing activities remain aligned with current industry best practices.

Required Qualifications

• 6+ years of experience in IT Audit, Cybersecurity, IT Risk & Control, or related fields.
• CISSP, CISM, CISA, CRISC, or equivalent certifications strongly preferred.
• In-depth understanding of cyber and technology risks within the financial services sector.
• Experience with cloud security, MFA solutions, password management tools, and Secure SDLC practices.
• Strong analytical, communication, and negotiation skills to handle complex issues and build consensus among stakeholders.
• Demonstrated ability to mentor less experienced team members and effectively manage projects.
• Proficiency in Microsoft Office 365 and familiarity with risk management/GRC tools (e.g., ServiceNow, Fusion).

Benefits & Perks

• Salary Range: $83,100 - 141,300 USD
• Comprehensive benefits package including retirement benefits (401k and pension), health and welfare benefits (medical, dental, vision, spending accounts, and disability), paid time off, parental and caregiver leave, and life & accident insurance.
• Discretionary bonus program that may include an equity component.
• A flexible, collaborative work culture with opportunities for internal movement, ensuring a supportive workplace environment.