Principal, GRC Cyber Risk Management

Northern TrustTempe, AZ
$108,965 - $185,155

About The Position

This role sits within Northern Trust’s Cybersecurity Governance, Risk and Compliance (GRC) organization, an integral part of the strategic evolution of cyber risk management capabilities across the enterprise. The Cyber Risk Principal will partner with peers to drive the modernization of cyber risk identification, intelligence integration, assessment methodologies, and executive risk reporting. The role requires a forward-looking team player who understands how cybersecurity, cyber threat intelligence, data analytics, automation, and artificial intelligence are reshaping enterprise risk management within global financial institutions. The ideal candidate combines strong cyber risk management expertise with the ability to leverage data-driven insights, threat intelligence, emerging technologies, and AI-enabled capabilities to improve risk visibility, prioritization, and decision-making.

Requirements

  • Bachelor’s degree in Information Security, Computer Science, or a related field; Master’s degree preferred
  • Minimum of 10 years of experience in cybersecurity, with a focus on risk management
  • Extensive knowledge of cyber risk management frameworks and methodologies including NIST CSF, FAIR, MITRE ATT&CK, CRI, ISO 27001, and related industry practice
  • Strong understanding of modern cyber threat landscapes, attack methodologies, adversary behaviors, and emerging technology risks
  • Experience leveraging AI, analytics, automation, or data engineering capabilities to improve cyber risk management processes
  • Understanding of cyber intelligence concepts including threat actor analysis, attack trends, external intelligence sources, and operational risk correlation
  • Demonstrated ability to design and mature cyber risk reporting capabilities for executive leadership and regulators
  • Exceptional communication and presentation skills, capable of translating technical risk into business terms
  • Excellent analytical, problem-solving, and decision-making skills
  • Relevant certifications such as CISSP, CISM, CRISC or similar

Responsibilities

  • Lead the identification, assessment, prioritization, and reporting of cyber risks across the enterprise
  • Drive the evolution of cyber risk management toward data driven decision making by integrating cyber threat intelligence, attack surface insights, vulnerability trends, and control effectiveness metrics into enterprise cyber risk reporting
  • Conduct cyber risk assessments, thematic reviews, and cyber maturity assessments aligned to industry frameworks and regulatory expectations
  • Develop forward-looking cyber risk reporting that provides actionable insights to executive leadership, risk committees, and regulators
  • Partner with cyber domain experts (e.g., security operations, architecture) to improve risk reduction outcomes
  • Enhance cyber risk intelligence capabilities through analytics, automation, and AI-enabled processes
  • Drive continuous improvement in cyber risk methodologies, governance processes, and reporting capabilities
  • Translate highly technical cyber risks into clear business impact narratives and strategic recommendations
  • Evaluate emerging threats, including e.g., AI capabilities to determine enterprise cyber risk implications
  • Contribute to the development of risk metrics, KRIs, KCIs, maturity indicators, and predictive cyber risk analytics
  • Collaborate across Lines of Defense to strengthen enterprise cyber resilience and operational risk visibility

Benefits

  • retirement benefits (401k and pension)
  • health and welfare benefits (medical, dental, vision, spending accounts and disability)
  • paid time off
  • parental and caregiver leave
  • life & accident insurance
  • other voluntary and well-being benefits
  • discretionary bonus program that may include an equity component
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service