Global Director – Vulnerability Management & Security Configuration
About The Position
Northern Trust is seeking a Global Director of Vulnerability Management & Security Configuration to define and execute the enterprise strategy for reducing technology risk across infrastructure, cloud, and AI-driven environments. This leader will drive the evolution from traditional vulnerability management to a modern, AI-enabled, risk-based capability, leveraging automation, contextual prioritization, and advanced analytics to reduce attack surface at scale. This is a hands-on, engineering-led leadership role requiring strong presence at both the executive and deep technical levels.
Requirements
- 12+ years in cybersecurity with deep experience in vulnerability management and security engineering
- Proven success building and scaling enterprise programs
- Strong background in: Infrastructure / cloud security, Configuration management and hardening, DevSecOps integration (platform-focused)
- Track record leading large-scale transformation initiatives
- Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future. Northern Trust will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B, L-1, TN, O-1, E-3, H-1B1, F-1, J-1, OPT, CPT or any other employment-based visa)
Responsibilities
- Define and lead the global strategy for vulnerability management and security configuration across: Infrastructure (on-prem & cloud), endpoints, and platform environments
- Transition capabilities from pre-AI to AI-enabled, including: Risk-based prioritization, Automation-led remediation, Threat-informed decisioning
- Align to CTEM principles and enterprise risk objectives
- Operate and scale a global vulnerability management program, including: Discovery, prioritization, remediation, and governance, Security configuration and continuous compliance
- Implement risk-based models incorporating: Threat intelligence and exploitability, Asset criticality and external exposure
- Enforce enterprise-wide policy and remediation standards
- Lead automation-first, API-driven capabilities across vulnerability lifecycle
- Integrate with enterprise platforms: Asset inventory, CI/CD, and change management systems
- Embed shift-left and continuous control practices across infrastructure lifecycles
- Define and enforce enterprise hardening baselines
- Implement continuous monitoring and drift detection
- Ensure alignment with regulatory and industry standards
- Lead a lean, high-performing team (~4 FTE, ~10 contractors)
- Foster a hands-on, engineering-led culture
- Deliver clear executive reporting on risk, exposure, and remediation performance
- Drive governance including exception management and SLA enforcement
Benefits
- retirement benefits (401k and pension)
- health and welfare benefits (medical, dental, vision, spending accounts and disability)
- paid time off
- parental and caregiver leave
- life & accident insurance
- other voluntary and well-being benefits
- discretionary bonus program that may include an equity component
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Director
Education Level
No Education Listed
