Lead - technology Risk and Control APAC

About Northern Trust:

Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.

Northern Trust is proud to provide innovative financial services and guidance to the world’s most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service.

This role provides specialized technology risk advisory support across key IT Service Management (ITSM) processes, including Incident, Change, and Problem Management. The individual acts as a trusted risk partner to ITSM process owners by assessing control design and operating effectiveness, identifying control gaps, and advising on risk treatment strategies aligned to Technology Risk standards.

The role combines control assessment execution, risk analysis, and stakeholder advisory, with a strong focus on practical risk mitigation, consistency in documentation, and readiness for internal audits, RCSA exercises, and regulatory reviews.

Role and Responsibilities

ITSM Control Assessment Execution

Plan and execute ITSM control assessments within an assigned scope of Incident, Change, and Problem Management processes. Perform assessments in alignment with established policies, standards, and control testing methodologies, under the guidance of senior leadership.

Control Design and Operating Effectiveness Evaluation

Evaluate the design and operational effectiveness of ITSM controls to identify gaps, execution weaknesses, and process deviations. Clearly articulate root causes, control impacts, and associated technology risk implications. Validate that controls are:

Appropriately defined and documented

Consistently executed by process owners

Supported by complete, accurate, and reliable evidence.

Risk Advisory and Issue Support

Provide risk-based advisory guidance to control and process owners on identified control weaknesses. Support the documentation, classification, and escalation of issues arising from assessments. Advise on appropriate risk treatment options—including remediation, risk acceptance, or escalation—in accordance with Technology Risk and IT Risk Management standards.

Assessment Documentation and Tooling

Ensure assessment results, evidence, and supporting artifacts are accurately documented and maintained in ServiceNow / Integrated Risk Management (IRM) tools. Adhere to documentation standards to support transparency, auditability, and reuse for future assessments.

Stakeholder Engagement and Communication

Engage with ITSM process owners, technology teams, and risk stakeholders to explain assessment results, control gaps, and risk impacts in a clear and practical manner. Contribute to working sessions, governance forums, and RCSA readiness discussions by providing timely updates and insights relevant to ITSM risk posture.

Trend Analysis and Continuous Improvement

Identify recurring issues, themes, and systemic control weaknesses across assessments. Provide recommendations to enhance control design, process execution, and testing approaches. Contribute to continuous improvement of ITSM control frameworks and readiness for audits and regulatory reviews.

Standards and Industry Awareness

Maintaining working knowledge of ITSM, control, and technology risk best practices, including relevant industry standards. Apply this knowledge to assessments and advisory discussions to ensure alignment with evolving expectations.

Knowledge and Experience

Bachelor’s degree in computer science, Information Technology, or a related discipline, with typically 7–10 years of experience in technology risk, controls, ITSM, or security-related roles

Strong practical knowledge of ITSM processes and control environments, with the ability to assess risk and control effectiveness.

Demonstrated analytical skills, sound judgment, and the ability to communicate complex risk concepts clearly to technical and non-technical stakeholders.

Experience working collaboratively with IT teams, risk partners, auditors, and vendors.

Preferred certifications: ITIL Foundation, CISA, CISSP, or CRISC.

Working with Us:

As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas.

Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to assisting the communities we serve! Join a workplace with a greater purpose.

We’d love to learn more about how your interests and experience could be a fit with one of the world’s most admired and sustainable companies! Build your career with us and apply today. #MadeForGreater

Reasonable accommodation

Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at MyHRHelp@ntrs.com.

We hope you’re excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different things to different people.

Apply today and talk to us about your flexible working requirements and together we can achieve greater.

About Our Pune Office

The Northern Trust Pune office, established in 2016, is now home to over 3,000 employees. The office handles various functions, including Operations for Asset Servicing and Wealth Management, as well as delivering critical technology solutions that support business operations across the globe.

Our Pune team takes our commitment to service to heart. In 2024, they volunteered more than 10,000+ hours into the communities where they live and work. Learn more.