Cybersecurity GRC Compliance Principal

Northern Trust•Tempe, AZ

About The Position

This role will sit in the Cybersecurity GRC team within Northern Trust’s Technology function (1st Line of Defense). The Cybersecurity GRC Compliance Principal will act as an experienced subject matter expert driving the operation and enhancement of the functions of the team, which include monitoring and adherence to cyber rules and regulations, controls oversight and assurance, and co-ordination of cyber controls information and evidence to regulators, auditors and clients. The ideal candidate will combine deep subject matter expertise in both cybersecurity and assurance (audit or compliance) disciplines, and have exceptional communication and stakeholder management skills. You’ll join a growing Cybersecurity GRC team working closely with engineering, risk, and business leaders across the firm. The key responsibilities of the role include: This role plays a critical part in protecting client trust, enabling business growth, and ensuring Northern Trust can confidently operate in an increasingly complex regulatory environment.

Requirements

Bachelor’s or Master’s degree in Information Security, Computer Science, or a related field.
Minimum of 10 years of experience in cybersecurity, with a focus on assurance or audit.
Extensive knowledge of cyber regulations, risk management frameworks, and methodologies.
Proven experience in technical leadership roles, influencing executive stakeholders.
Strategic thinker with a strong understanding of cyber threats, vulnerabilities, and risk mitigation options.
Innovative thinker and adaptable to change.
Exceptional communication and presentation skills, capable of translating technical risk into business terms.
Excellent analytical, problem-solving, and decision-making skills.
Relevant certifications such as CISSP, CISM, CRISC, or similar.
Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future. Northern Trust will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B, L-1, TN, O-1, E-3, H-1B1, F-1, J-1, OPT, CPT or any other employment-based visa)

Responsibilities

Lead the technical direction and development of cyber compliance and assurance initiatives, providing expert guidance and support.
Act as a central point of coordination and subject matter expert for cyber controls information and evidence requests, including SOC2 and SOX testing and reporting for all cyber controls.
Support Cybersecurity audits, providing expertise, consolidation, and coordination.
Facilitate the production of information and evidence on cyber controls for regulatory requests.
Facilitate the production of information and evidence on cyber controls for client requests, supporting new client revenue generation and existing client retention.
Oversee adherence to all cyber-related regulatory requirements in all jurisdictions globally in which Northern Trust operates, leading action to address new requirements.
Provide oversight, tracking, analysis, and reporting of all cybersecurity issues and findings to ensure timely, complete, and compliant remediation.
Proactively work with the broader Cybersecurity team to ensure new products, services, and processes are built and operated in a controlled and compliant manner.
Engage with a range of senior stakeholders across Lines of Defense to ensure cybersecurity regulations and internal control requirements are well understood and embedded in business and technology practices.