Director – Cyber Third Party Risk Management (CTPRM)
About The Position
Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889. Northern Trust is proud to provide innovative financial services and guidance to the world’s most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service. We are seeking an experienced Director of Cyber Third‑Party Risk Management (CTPRM) to lead and mature the enterprise third‑party cyber risk program across North America, with a strong focus on cloud, SaaS, AI, and emerging technology risks. This role is responsible for defining strategy, governance, and execution of CTPRM activities aligned with enterprise risk appetite, regulatory expectations, and business objectives.
Requirements
- 15+ years of experience in Cyber Risk, Technology Risk, Third‑Party Risk, Cloud Risk, or related disciplines.
- Proven experience designing and leading enterprise‑wide risk and control frameworks.
- Strong knowledge of cloud security, SaaS risk, AI systems, and complex digital architectures.
- Solid understanding of North America regulatory and compliance expectations related to third‑party and technology risk.
- Excellent stakeholder management, communication, and consultative skills.
- Bachelor’s degree or equivalent experience required.
- Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future.
- Northern Trust will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B, L-1, TN, O-1, E-3, H-1B1, F-1, J-1, OPT, CPT or any other employment-based visa)
Nice To Haves
- Certifications such as CISSP, CRISC, CCSK, CISM, or CISA preferred.
Responsibilities
- Define and execute the CTPRM strategy and roadmap for North America, aligned with global cybersecurity and enterprise risk objectives.
- Own third‑party cyber risk frameworks, methodologies, service categorization, and risk reporting.
- Lead cyber risk assessments, oversight, and remediation for critical and high‑risk third parties.
- Drive continuous improvement in third‑party risk processes, automation, and tooling.
- Provide cyber risk leadership for cloud migration, SaaS, outsourcing, and AI‑enabled third‑party engagements.
- Partner with business, technology, procurement, legal, compliance, and privacy teams to embed security requirements into vendor lifecycle processes.
- Lead internal and external audits related to third‑party cyber risk and ensure timely remediation of findings.
- Develop and report KPIs and KRIs to measure program effectiveness and third‑party risk posture.
- Act as the senior point of contact for third‑party cyber risk with executive stakeholders and regulators as required.
- Lead, mentor, and develop a high‑performing CTPRM team in North America, with global collaboration.
- Set goals, manage performance, and build future‑ready cyber and technology risk capabilities.
- Oversee a hybrid delivery model, including onshore leadership and offshore execution.
Benefits
- retirement benefits (401k and pension)
- health and welfare benefits (medical, dental, vision, spending accounts and disability)
- paid time off
- parental and caregiver leave
- life & accident insurance
- other voluntary and well-being benefits
- discretionary bonus program that may include an equity component
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Director
Education Level
Associate degree
