Northern Trust

Lead - Infrastructure Vulnerability Management Governance

Northern Trust
Pune
Not disclosed
Work from OfficeWork from Office
Full TimeFull Time
Min. 8 yearsMin. 8 years

Job Description

Infrastructure Vulnerability Management Governance – Lead

About Northern Trust


As a global leader in innovative wealth management, asset servicing, asset management and banking services, Northern Trust (Nasdaq: NTRS) is proud to guide the world’s most successful individuals, families, corporations and institutions.


Since 1889, we have aligned our efforts with our three guiding Principles That Endure: Service, Expertise, and Integrity. Together, they reflect the three cornerstones of business conduct which we strive to instill in our employees, whom we call partners, and to provide to our clients and the communities we serve worldwide.


With more than 135 years of financial experience and over 24,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service.



Job Description - Infrastructure Vulnerability Management Governance and Oversight Support – Lead

Location

Pune

About Role

The Infrastructure Vulnerability Management Governance and Oversight Support – Lead is a key position within the Global Infrastructure Risk and Control team. The role focuses on providing governance, risk oversight, and remediation support across Infrastructure Vulnerability Management domains. This position partners closely with Vulnerability Operations, Infrastructure Platform teams, Application teams, Technology owners, and Risk partners to ensure effective vulnerability remediation governance, control effectiveness, timely closure of identified risks, and strong audit and regulatory readiness. The role provides risk-minded guidance, supports escalation management, and enables consistent, executive-ready reporting of the organization's vulnerability risk posture.

Major Duties

  • Support the Principal in managing Vulnerability Management governance activities across regions, including oversight of remediation plans, risk exceptions, SLA breaches, escalations, and closure tracking.
  • Support the Principal in strengthening Vulnerability Management processes and improving control sustainability across Infrastructure and Platform teams.
  • Drive weekly and monthly vulnerability risk and remediation reporting, including current state, aging, due and overdue vulnerabilities, SLA adherence, exception status, and executive escalations.
  • Support Infrastructure and Application owners in identifying vulnerability-related risks and assessing the design and operating effectiveness of vulnerability management controls.
  • Lead governance activities related to Infrastructure Vulnerabilities (VITs), Container Vulnerabilities (CVITs), Application Security findings, Secure Configuration findings (CTRs), deferrals, and false-positive validations.
  • Monitor and challenge remediation progress to ensure accountability and timely closure of high-risk and aging vulnerabilities.
  • Establish and maintain strong working relationships with Vulnerability Operations, Infrastructure teams, Technology owners, Risk Management, and Cyber Security stakeholders globally.
  • Facilitate governance forums and oversight meetings, ensuring actions, risks, decisions, and commitments are accurately documented, tracked, and reported.
  • Coordinate with Global and Regional stakeholders to plan and execute vulnerability oversight coverage aligned with audit requirements, regulatory expectations, and emerging risk priorities.
  • Analyze vulnerability trends, recurring remediation delays, and systemic risk themes to identify opportunities for control improvement and process enhancement.
  • Support audit and assessment activities by ensuring audit-ready documentation, evidence, metrics, and response coordination related to Vulnerability Management governance.
  • Provide executive-level visibility on remediation performance, risk concentrations, and emerging cyber risk themes through dashboards, scorecards, and leadership reporting.

Must Have

  • Strong experience in Vulnerability Management governance, risk, and control oversight, with 8+ years in Information Security, Technology Risk, Cyber Risk, or related roles.
  • 4+ years of experience in Financial Services.
  • In-depth understanding of Vulnerability Management processes, remediation lifecycle management, vulnerability prioritization methodologies, risk exceptions, and regulatory expectations in large enterprise environments.
  • Strong understanding of vulnerability severity models, including CVSS-based prioritization and risk-based remediation frameworks.
  • Proven ability to manage remediation accountability, escalations, governance forums, and closure tracking across multiple technology teams.
  • Highly motivated, self-starter who handles ambiguity well and drives execution end-to-end.
  • Strong critical thinking, analytical, leadership, stakeholder management, and organizational skills.
  • Proven ability to build relationships, influence stakeholders, and drive risk-based decisions across functions.
  • Ability to challenge and influence stakeholders with differing viewpoints while driving consensus and measurable outcomes.
  • Strong verbal and written communication skills with the ability to present executive-ready risk reports and governance updates.

Good to Have

  • Certifications in Information Security, Cyber Risk, Vulnerability Management, Risk, or Audit (e.g., CISSP, CISM, CRISC, CISA, CIA).
  • Hands-on exposure to vulnerability management platforms and security tooling such as Tenable, Qualys, Rapid7, ServiceNow Vulnerability Response, Wiz, Prisma Cloud, or similar technologies.
  • Understanding of Infrastructure patch management, secure configuration management, cloud security, and application security practices.
  • Experience with Power BI or similar reporting and visualization tools.
  • Experience with ServiceNow, governance tracking, metrics reporting, or dashboarding solutions.
  • Prior experience supporting technology audits, regulatory reviews, or cybersecurity assessments in Financial Services.
  • Experience in vulnerability risk analytics, trend analysis, and executive-level cyber risk reporting.

Qualification

  • 8+ years of experience in Vulnerability Management, Cyber Security, Technology Risk, Infrastructure Risk, or Security Governance roles.
  • 4+ years of experience in Financial Services.
  • Bachelor's degree in Information Technology, Cyber Security, Computer Science, Risk Management, or related field.
  • Certifications in Cyber Security, Risk, Audit, or Vulnerability Management are preferred.
  • Experience working with global stakeholders and large-scale enterprise Infrastructure environments is preferred.
  • Experience supporting vulnerability governance programs, remediation oversight, and audit readiness activities is highly desirable.

Working with Us


As a Northern Trust partner, you will be part of a flexible and collaborative work culture, which has a strong history of financial strength and stability. Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to an inclusive workplace and assisting the communities we serve.


Philanthropy is deeply rooted in Northern Trust’s history and is an essential element of our culture. Employees around the world give their time and talent to work for the greater good of their communities.


Reasonable Accommodation


Northern Trust is committed to working with and providing adjustments to individuals with health conditions and disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at MyHRHelp@ntrs.com, or alternatively you can discuss your individual requirements with the recruiter you are working with.


About Our Pune Office


The Northern Trust Pune office, established in 2016, is now home to over 3,000 employees. The office handles various functions, including Operations for Asset Servicing and Wealth Management, as well as delivering critical technology solutions that support business operations across the globe.


Our Pune team takes our commitment to service to heart. In 2024, they volunteered more than 10,000+ hours into the communities where they live and work. Learn more.



Experience Level

Senior Level

Job role

Work location
Work locationPune, India
Department
DepartmentRisk Management & Compliance
Role / Category
Role / CategoryRisk Management - Security / Fraud
Employment type
Employment typeFull Time
Shift
ShiftDay Shift

Job requirements

Experience
ExperienceMin. 8 years

About company

Name
NameNorthern Trust
Job posted by Northern Trust

Similar jobs you can apply for

IT Security
TIAA Global Business Services

Network Security Engineer

TIAA Global Business Services
Pune
Work from Office
Full Time
Min. 3 years
Baker Hughes Oilfield Services India Private Limited

Network Security Engineer

Baker Hughes Oilfield Services India Private Limited
Pune
Work from Office
Full Time
Min. 8 years
Microsoft Corporation India Pvt Ltd.

Senior Network Engineer

Microsoft Corporation India Pvt Ltd.
Pune
Work from Office
Full Time
Min. 2 years
Northern Trust

Network Security Engineer

Northern Trust
Pune
Work from Office
Full Time
Min. 6 years
NTT DATA Global Delivery Services Ltd

Senior Systems Engineer

NTT DATA Global Delivery Services Ltd
Pune
Work from Office
Full Time
Min. 5 years
Valeo India Private Limited

Junior Test Engineer

Valeo India Private Limited
Pune
Work from Office
Full Time
Any experience

You can expect a minimum salary of 0 INR. The salary offered will depend on your skills, experience and performance in the interview.

The candidate should have completed the required education and people who have 8 to 31 years are eligible to apply for this job. You can apply for more jobs in Pune to get hired quickly.

The candidate should have sound communication skills and sound communication skills for this job.

Both Male and Female candidates can apply for this job.

No, it's not a work from home job and can't be done online. You can explore and apply for other work from home jobs in Pune at apna.

No work-related deposit needs to be made during your employment with the company.

Go to the apna app and apply for this job. Click on the apply button and call HR directly to schedule your interview.

The last date to apply for this job is . For more details, download apna app and find Full Time jobs in Pune . Through apna, you can find jobs in 64 cities across India. Join NOW!