Role Summary:

This is a high‑impact individual contributor responsible for modernizing how the firm manages data security risk through improved processes, automation, and standardized frameworks. The role requires strong techno‑functional cybersecurity expertise, experience shaping data security strategy, and hands‑on execution of enterprise‑wide processes.

Within the scope of the Data Protection program, he Senior Lead drives governance and performance strategy, leads KPI/KRI development, optimizes operational processes, and ensures high‑quality delivery across policies, controls, reporting, and compliance activities. The role further contributes to issue management, audit and regulatory responses, and creation of enterprise knowledge content to strengthen program maturity. The Senior Lead is expected to evolve the program from reactive, exception‑driven operations to a proactive, control‑driven model that reduces risk through standardization, automation, and preventative design.  Overall, this role strengthens operating efficiency and removes obstacles so engineers can focus on building controls that protect our Partners and Clients. This role also supports broader Data Protection work as part of a one‑team, unified effort.

Success in this role requires strong analytical and communication skills and the ability to bring clarity to ambiguous work in a matrixed organization. The Senior Lead provides non‑reporting leadership across the Data Protection team and must have the aability to influence and align multiple stakeholders across Risk, Audit, Engineering, and Business functions where ownership, processes, and expectations may be unclear or misaligned. 

This role is based in Chicago and is subject to the firm’s hybrid work policies.

Primary Responsibilities:

The Senor Lead is responsible for driving continuous improvement across the Data Protection program’s governance processes, reporting, and measurement capabilities that support the firm’s risk‑based data security program.

Governance Strategy & Operating Model

• Lead the design and evolution of the Data Protection operating model, ensuring alignment across risk, control, and compliance frameworks (e.g., RCSA, PRC, control testing).
• Identify and eliminate duplication or fragmentation across governance processes, driving a unified and scalable operating model.
• Maintain governance strategy, reporting frameworks, maturity models, and operating procedures.

Operating Effectiveness & Evidence

• Design and implement frameworks that ensure controls are supported by clear, traceable, and audit‑ready evidence.
• Establish linkage between risks, controls, metrics, and evidence to demonstrate control effectiveness.
• Ensure governance outputs support successful control testing, regulatory review, and external assessments.

Process Optimization & Execution

• Identify process and workflow gaps and implement improvements to increase efficiency, consistency, and alignment.
• Develop and continuously improve governance and monitoring processes to meet internal and regulatory requirements.
• Ensure consistent, high‑quality execution across governance activities and outputs.

Metrics, Monitoring, & Risk Insights

• Own the KPI/KRI strategy ensuring metrics measure control effectiveness and risk reduction.
• Oversee development of dashboards, reporting packages, and governance artifacts (policies, standards, operating models).
• Review and approve executive reporting, committee materials, and operational dashboards.

Program Support & Stakeholder Engagement Data Governance

• Represent Data Protection Governance as a subject matter expert on control effectiveness, governance maturity, and risk posture in senior leadership, audit, and regulatory forums.
• Provide advisory support on data protection governance, controls, and exception management.
• Drive adoption of data protection practices and improve awareness across the enterprise.
• Oversee PRC analysis, exception management, and support RCSA and related activities.
• Provide functional leadership to analysts, ensuring consistency in execution, documentation, and evidence quality.

Skills and Experiences:

Education & Foundational

• Bachelor’s degree in Information Security, Computer Science, Engineering, or equivalent relevant experience.
• Experience partnering across functions (e.g., Cyber Security, Data Governance, business stakeholders) at both enterprise and business-unit levels.

Security & Governance Competency

• Working knowledge of security frameworks (e.g., ISO, NIST).
• Experience supporting or responding to audits, including regulatory engagements (e.g., FFIEC).
• Familiarity with enterprise grade GRC platform (e.g., ServiceNow GRC, MetricStream, IBM OpenPages, etc.)
• Demonstrated ability to design and operationalize evidence frameworks that validate control effectiveness and reduce audit rework.

Process Engineering & Optimization

• Experience in process design, workflow optimization, and governance standardization.
• Ability to design scalable operating models aligning risk, control, and compliance processes.
• Experience implementing control monitoring frameworks tied to measurable outcomes.

Metrics, Reporting, & Analytics

• Strong analytical skills with experience developing KPIs/KRIs and governance reporting.
• Proficiency with reporting and visualization tools (e.g., Excel, Power BI, Tableau).
• Familiarity with log analytics or monitoring platforms (e.g., KQL, SIEMs).

Knowledge Management & Collaboration

• Experience with enterprise content management tools (e.g., Confluence, SharePoint).
• Ability to influence stakeholders and drive alignment across functions without direct authority.
• Strong communication skills with the ability to translate complex concepts into clear, actionable outputs.
• Ability to operate autonomously and prioritize effectively in ambiguous environments.

Preferred Requirements

• Certifications
  • CISSP, CISM, CISA, CRISC or equivalent certifications

• Cloud, IaC, and Engineering
  • Experience with cloud platforms (e.g., Azure) and infrastructure concepts
  • Working knowledge of infrastructure as code (e.g., Terraform) and CI/CD pipelines
  • Experience with scripting or data languages (e.g., Python, SQL)
  • Exposure to automation and cloud‑native tools supporting scalable governance and monitoring

Salary Range:

Salary range is a good faith estimate of base pay. Northern Trust provides a comprehensive benefits package including retirement benefits (401k and pension), health and welfare benefits (medical, dental, vision, spending accounts and disability), paid time off, parental and caregiver leave, life & accident insurance, and other voluntary and well-being benefits. Northern Trust also provides a discretionary bonus program that may include an equity component.

Working with Us:

As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas.

Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to assisting the communities we serve! Join a workplace with a greater purpose.

We’d love to learn more about how your interests and experience could be a fit with one of the world’s most admired and sustainable companies! Build your career with us and apply today. #MadeForGreater