Lead– High Risk Issue Validation and Issue Governance & Oversight

About Northern Trust

As a global leader in innovative wealth management, asset servicing, asset management and banking services, Northern Trust (Nasdaq: NTRS) is proud to guide the world’s most successful individuals, families, corporations and institutions.

Since 1889, we have aligned our efforts with our three guiding Principles That Endure: Service, Expertise, and Integrity. Together, they reflect the three cornerstones of business conduct which we strive to instill in our employees, whom we call partners, and to provide to our clients and the communities we serve worldwide.

With more than 135 years of financial experience and over 24,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service.

Risk‑Based Issue Validation Execution
Own and execute risk‑based validation for high‑risk issues, including defining validation scope, test strategy, sample approach, and acceptance criteria. Perform walkthroughs, inquiries, evidence inspection, and, where needed, re‑performance testing to confirm remediation effectiveness.

Validation Readiness and Artifact Review
Drive validation readiness by confirming required remediation artifacts exist, including updated control design, procedures, monitoring, operational evidence, and sustainability mechanisms.

Validation Outcomes and Feedback
Where validation fails, return the issue to the appropriate stage and provide clear feedback on identified gaps and documentation expectations.

Issue Quality and Risk Assessment
Assess issue statements, root cause, risk impacts, control objectives, and linkage to applicable requirements. Challenge issue quality to ensure completeness, consistency, and audit defensibility.

Remediation Sustainability Assessment
Ensure remediation plans are risk‑aligned and sustainable, including compensating controls and interim risk reduction steps where applicable.

Issue Oversight & Governance
Manage and oversee the Technology Issue Management program, including end‑to‑end issue lifecycle execution, governance, and stakeholder engagement. This includes coordinating issue review forums, validating high‑risk issues, overseeing risk acceptance decisions, tracking actions to closure, and delivering clear, consistent status reporting to leadership.

Continuously assess the effectiveness and maturity of issue management processes, using metrics and risk insights to identify improvement opportunities and drive sustainable process enhancements.

Serve as the primary point of accountability and representation for the Technology Issue Management program, partnering with stakeholders to support integration, adoption, and potential expansion of program scope and tooling.

Provide trusted risk and control advisory support by facilitating governance committees, working groups, and stakeholder forums, ensuring appropriate oversight, challenge, and escalation of material risk issues.

Collaborate closely with Second Line of Defense partners to align on issue management expectations, aggregated risk measurement, and thematic risk analysis, and take action to address identified control gaps or emerging risk trends.

Influence behaviors across the enterprise to strengthen technology risk ownership, reduce residual risk, and reinforce a strong, sustainable risk management culture.

Stakeholder Partnership and Escalation
Partner with Issue Owners, SMEs, and Audit, Compliance, and Risk stakeholders to align on closure criteria, resolve disputes on evidence sufficiency, and ensure timely decisions and escalations.

Reporting and Thematic Analysis
Provide regular reporting on the validation pipeline, issue aging, bottlenecks, and recurring failure modes. Identify themes and systemic control weaknesses and recommend improvements.

Knowledge and Experience

8–12 years of experience in one or more of the following: Technology Risk Management, Cybersecurity Risk & Controls, IT Audit,  Technology Control Testing or Assurance, or Issue Management and Remediation Oversight

Demonstrated experience leading validation and testing of remediation outcomes, including designing test approaches and documenting results in an audit‑defensible manner

Strong knowledge of control and risk frameworks and security domains (e.g., vulnerability and threat management, IAM, data protection, application security, network and system security)

Experience working in a regulated environment and engaging with audit and regulatory stakeholders on issue closure and supporting evidence

Preferred industry certifications: CISA, CISSP, or CRISC

Working with Us

As a Northern Trust partner, you will be part of a flexible and collaborative work culture, which has a strong history of financial strength and stability. Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to an inclusive workplace and assisting the communities we serve.

Philanthropy is deeply rooted in Northern Trust’s history and is an essential element of our culture. Employees around the world give their time and talent to work for the greater good of their communities.

Reasonable Accommodation

Northern Trust is committed to working with and providing adjustments to individuals with health conditions and disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at MyHRHelp@ntrs.com, or alternatively you can discuss your individual requirements with the recruiter you are working with.

About Our Pune Office

The Northern Trust Pune office, established in 2016, is now home to over 3,000 employees. The office handles various functions, including Operations for Asset Servicing and Wealth Management, as well as delivering critical technology solutions that support business operations across the globe.

Our Pune team takes our commitment to service to heart. In 2024, they volunteered more than 10,000+ hours into the communities where they live and work. Learn more.