Cybersecurity GRC Associate

About Northern Trust:

Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889. Northern Trust is proud to provide innovative financial services and guidance to the worlds most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the worlds most sophisticated clients using leading technology and exceptional service.

The Sr Associate, Cybersecurity IT Risk Mgmt. is responsible for supporting the day-to-day operations of the APAC Infosec and Governance Oversight team and working with risk and control teams in other global sites to establish and maintain a highly effective IT control environment. The role will report to the Senior Manager, Cybersecurity IT Risk Mgmt. and will be part of a dedicated and outstanding team that focuses on promoting control awareness and appropriately manage risks within the global information technology organization. The individual will also support in coordinating Cybersecurity program efforts across all the business units and countries in the region, and education on cybersecurity awareness including audit engagement.

• Responsible to ensure compliance with Technology related regulatory/statutory requirements.
• The individual should have demonstrated technical expertise in the broad skills of Cybersecurity, SSDLC, I&AM, Third Party Risk Management, Vulnerability Management, Cloud Services, Web Application Firewall, Program Management, Developing Metrics and Reporting, Infosec Governance and Risk Management, Access Controls, AppSec, Cryptography, Security Architecture and Compliance. Work closely with IT directors and Control Officers on IPTs, Controls automation and monitoring.
• Coordinate both internal and external audit engagements, facilitate evidence gathering requirements, ongoing vetting of issues identified by Internal Audit with Control Owners including appropriate action plans and remediation/milestone dates.
• Advise on how to apply and interpret standards and controls, considering threats, risks, trends across the organization, and compensating controls.
• Support risk assessment activities serving as a subject matter expert on understanding the risk and providing support in elevating the risk treatment for approval.
• Support the Issue Management process Audit | Regulatory | Self-identified. Review the management action plan proposed by the accountable/responsible technology owner. Challenge and provide advice on audit remediation plans. Facilitate discussion of Technology accountable audit issues at the Issue Remediation Council.
• Leverage automation and analytics to build state of the art control testing and continuous control monitoring platform.
• Manage execution of risk and control self-assessments, identification and evaluation of inherent risks, control strength and residual risks of key IT controls, and success execution of risk-based control testing program.
• Work with other leaders within Northern Trusts technology management and three lines of defenses to assist in timely addressing control gaps, identifying potential opportunities for improvement, and advising on info security control designs for large complex programs (e.g., cloud, API, third-party vendor oversight, data governance). Influence behaviors to reduce risk and foster a strong technology risk management culture throughout the enterprise.

• In-depth understanding and experiences of information security, IT regulatory/statutory compliance, IT audit and/or IT risk management principles and infosec.
• In-depth understanding of IT risk assessments and control testing. Experiences of GRC systems (e.g., ServiceNow) preferred.
• Experience in automation and data analytics preferred.
• Strong collaboration and relationship management skills.
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.
• Highly flexible and adaptable to change, technology forward thinking.
• A bachelors degree in engineering, Accounting, Finance, Information Technology, Management Information Systems, Computer Science or a related discipline.
• At least 6-8 or more years of technology risk management, Info security and control functions, audit services experience, or similar experience with transferable skills. Financial Services industry experience is a plus. Certification in IT Security viz CEH / CISA / CISSP / CISM preferred.

As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas. Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to assisting the communities we serve Join a workplace with a greater purpose. Wed love to learn more about how your interests and experience could be a fit with one of the worlds most admired and sustainable companies Build your career with us and apply today. #MadeForGreater

Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at We hope youre excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different things to different people. Apply today and talk to us about your flexible working requirements and together we can achieve greater.

The Northern Trust Pune office, established in 2016, is now home to over 3,000 employees. The office handles various functions, including Operations for Asset Servicing and Wealth Management, as well as delivering critical technology solutions that support business operations across the globe. Our Pune team takes our commitment to service to heart. In 2024, they volunteered more than 10,000 hours into the communities where they live and work. Learn more.

Pune, India