Sr Lead, Cyber Sec IT RiskM

Northern Trust•Chicago, IL

2d•$114,500 - $194,700•Hybrid

About The Position

This is a high‑impact individual contributor responsible for modernizing how the firm manages data security risk through improved processes, automation, and standardized frameworks. The role requires strong techno‑functional cybersecurity expertise, experience shaping data security strategy, and hands‑on execution of enterprise‑wide processes. Within the scope of the Data Protection program, he Senior Lead drives governance and performance strategy, leads KPI/KRI development, optimizes operational processes, and ensures high‑quality delivery across policies, controls, reporting, and compliance activities. The role further contributes to issue management, audit and regulatory responses, and creation of enterprise knowledge content to strengthen program maturity. The Senior Lead is expected to evolve the program from reactive, exception‑driven operations to a proactive, control‑driven model that reduces risk through standardization, automation, and preventative design. Overall, this role strengthens operating efficiency and removes obstacles so engineers can focus on building controls that protect our Partners and Clients. This role also supports broader Data Protection work as part of a one‑team, unified effort. Success in this role requires strong analytical and communication skills and the ability to bring clarity to ambiguous work in a matrixed organization. The Senior Lead provides non‑reporting leadership across the Data Protection team and must have the ability to influence and align multiple stakeholders across Risk, Audit, Engineering, and Business functions where ownership, processes, and expectations may be unclear or misaligned. This role is based in Chicago and is subject to the firm’s hybrid work policies.

Requirements

Bachelor’s degree in Information Security, Computer Science, Engineering, or equivalent relevant experience.
Experience partnering across functions (e.g., Cyber Security, Data Governance, business stakeholders) at both enterprise and business-unit levels.
Working knowledge of security frameworks (e.g., ISO, NIST).
Experience supporting or responding to audits, including regulatory engagements (e.g., FFIEC).
Familiarity with enterprise grade GRC platform (e.g., ServiceNow GRC, MetricStream, IBM OpenPages, etc.)
Demonstrated ability to design and operationalize evidence frameworks that validate control effectiveness and reduce audit rework.
Experience in process design, workflow optimization, and governance standardization.
Ability to design scalable operating models aligning risk, control, and compliance processes.
Experience implementing control monitoring frameworks tied to measurable outcomes.
Strong analytical skills with experience developing KPIs/KRIs and governance reporting.
Proficiency with reporting and visualization tools (e.g., Excel, Power BI, Tableau).
Familiarity with log analytics or monitoring platforms (e.g., KQL, SIEMs).
Experience with enterprise content management tools (e.g., Confluence, SharePoint).
Ability to influence stakeholders and drive alignment across functions without direct authority.
Strong communication skills with the ability to translate complex concepts into clear, actionable outputs.
Ability to operate autonomously and prioritize effectively in ambiguous environments.

Nice To Haves

CISSP, CISM, CISA, CRISC or equivalent certifications
Experience with cloud platforms (e.g., Azure) and infrastructure concepts
Working knowledge of infrastructure as code (e.g., Terraform) and CI/CD pipelines
Experience with scripting or data languages (e.g., Python, SQL)
Exposure to automation and cloud‑native tools supporting scalable governance and monitoring

Responsibilities

Lead the design and evolution of the Data Protection operating model, ensuring alignment across risk, control, and compliance frameworks (e.g., RCSA, PRC, control testing).
Identify and eliminate duplication or fragmentation across governance processes, driving a unified and scalable operating model.
Maintain governance strategy, reporting frameworks, maturity models, and operating procedures.
Design and implement frameworks that ensure controls are supported by clear, traceable, and audit‑ready evidence.
Establish linkage between risks, controls, metrics, and evidence to demonstrate control effectiveness.
Ensure governance outputs support successful control testing, regulatory review, and external assessments.
Identify process and workflow gaps and implement improvements to increase efficiency, consistency, and alignment.
Develop and continuously improve governance and monitoring processes to meet internal and regulatory requirements.
Ensure consistent, high‑quality execution across governance activities and outputs.
Own the KPI/KRI strategy ensuring metrics measure control effectiveness and risk reduction.
Oversee development of dashboards, reporting packages, and governance artifacts (policies, standards, operating models).
Review and approve executive reporting, committee materials, and operational dashboards.
Represent Data Protection Governance as a subject matter expert on control effectiveness, governance maturity, and risk posture in senior leadership, audit, and regulatory forums.
Provide advisory support on data protection governance, controls, and exception management.
Drive adoption of data protection practices and improve awareness across the enterprise.
Oversee PRC analysis, exception management, and support RCSA and related activities.
Provide functional leadership to analysts, ensuring consistency in execution, documentation, and evidence quality.

Benefits

retirement benefits (401k and pension)
health and welfare benefits (medical, dental, vision, spending accounts and disability)
paid time off
parental and caregiver leave
life & accident insurance
other voluntary and well-being benefits
discretionary bonus program that may include an equity component

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume