Senior Lead - Cybersecurity IT Risk Management for End User Computing

Sr Lead, Cyber Sec IT Risk Management - EUC

About Northern Trust:

Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.

Northern Trust is proud to provide innovative financial services and guidance to the world’s most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service.

Position: Sr. Lead, Cyber Sec IT Risk Management – EUC 
Location: Pune

Job Description
Northern Trust is seeking a new team member to join the Infrastructure Control Governance team as a Control Business Partner aligned to End User Computing (EUC). This role will help strengthen the control environment for EUC governance by supporting risk identification, control assessment, inventory quality, lifecycle governance, and owner accountability for critical EUCs and related manual information produced by the entity. The position will work with business, technology, and control stakeholders to drive adherence to enterprise EUC requirements, improve governance consistency, and reduce the likelihood of errors, operational disruption, compliance gaps, and unmanaged end-user tooling risk.

JOB RESPONSIBILITIES
•    EUC Governance Oversight – Provide embedded advisory support for EUC governance, helping teams identify key EUC risks, classify criticality, and align practices to enterprise standards for critical and non-critical EUCs.
•    Inventory & Repository Quality – Review EUC repository records for completeness, accuracy, ownership, tiering, and lifecycle status; partner with owners to remediate data quality issues and maintain a sustainable inventory posture.
•    Control & Attestation Reviews – Assess adherence to critical EUC control requirements such as role-based access, backup expectations, independent review / testing, annual access reviews, non-production copy retention, and periodic owner attestations. Participate in RCSA exercise for Infrastructure Tower RAU.
•    Alternative Solution Challenge – Work with business and technology stakeholders to validate whether an existing technology-supported solution can replace or reduce EUC risk and document outcomes for governance purposes.
•    Business Continuity & Documentation Alignment – Verify that relevant critical EUCs are appropriately reflected in continuity documentation, support models, backup roles, and recovery guidance where required.
•    Issue, Exception, and Decommissioning Support – Support the tracking and closure of identified EUC control gaps, assist with exception / risk treatment discussions, and ensure decommissioned EUCs are removed from active use and updated in the repository.
•    Metrics, Reporting & Trend Analysis – Prepare governance metrics, trend analysis, and escalation views for management and control forums to highlight recurring issues, overdue actions, emerging risk themes, and compliance health.
•    Training, Awareness & Stakeholder Engagement – Help educate partners, managers, and EUC owners on governance requirements, common control pitfalls, and expected evidence to build stronger and more consistent practices across the organization.
•    Audit & Regulatory Support – Assist with walkthroughs, evidence gathering, and response coordination for internal / external reviews related to EUC governance and control compliance.

REQUIRED SKILLS
As a partner at Northern Trust, you must actively manage and mitigate risk and act with integrity. In accordance with our core values of service, integrity, and expertise, you are expected to:
•    Adhere to all applicable risk management programs, policies, and procedures.
•    Complete all mandatory training by the deadline.
•    Understand how your behavior could expose Northern Trust, its clients, and financial markets to different types of risk.
•    Ensure that Northern Trust or its clients are not exposed to inappropriate or excessive risk.
•    Escalate any risk concerns, including those resulting from mistakes / errors to a manager or business unit risk officer.
•    Exercise diligence regarding cyber-security.
•    Cooperate with internal control functions (including first-line Control, Risk, Compliance, Audit, self-assigned, etc.) and applicable regulatory bodies.
•    Avoid conflicts of interest or behaviors that might produce unfair outcomes for Northern Trust or its clients or damage the integrity of financial markets.

Must Haves
•    Proven experience in Infrastructure Control, IT Risk Management, operational risk, end-user computing governance, data quality governance, or control testing.
•    Working knowledge of EUC lifecycle management, repository governance, owner attestation, access reviews, independent testing, backup / continuity expectations, and decommissioning controls.
•    Strong analytical skills to interpret control requirements, review records and evidence, identify gaps, and prepare concise risk summaries and remediation actions.
•    Hands-on experience with SharePoint, Excel, Power BI, ServiceNow, Teams, and documentation / evidence management practices.
•    Excellent communication and stakeholder management skills, including the ability to engage business users, control owners, and technology partners constructively.
•    Ability to work with precision, maintain audit-ready records, and drive action to closure in a fast-moving governance environment.

Good to Have
•    CISA, CRISC, CIA, or similar risk / audit certification.
•    Knowledge of EUC / IPE governance concepts, operational risk frameworks, and financial services control expectations.
•    Experience working with end-user device management, software asset management, or broader embedded controls teams.

Qualification
•    Bachelor’s degree in Information Technology, Risk Management, Business Information Systems, Data Governance, or a related discipline.
•    Minimum 5 years of experience in risk and controls, EUC governance, infrastructure operations support, or audit / compliance functions.

Key Responsibilities
EUC Security Strategy & Governance
•    Own and drive the endpoint security strategy for EUC across Windows, macOS, iOS, Android, VDI, and virtual workspace platforms.
•    Define and enforce security standards, baselines, and guardrails for endpoints aligned with enterprise security frameworks (CIS, STIG, Zero Trust).
•    Act as the EUC security control owner, ensuring clarity of ownership, accountability, and evidence readiness for audits and risk assessments. 

Endpoint Security Engineering & Controls
•    Oversee security controls implemented via Microsoft Intune, JAMF, SCCM/MECM, and Endpoint Management platforms, including: 
o    Device compliance and conditional access
o    Endpoint hardening and configuration baselines
o    Privileged access, EPM, and least-privilege models
•    Ensure secure integration of EUC services with IAM, MFA, Defender, EDR/XDR, DLP, and vulnerability management platforms. [Lead, Infra EUC | Word], 

Vulnerability, Patch & Risk Management
•    Lead endpoint vulnerability management across EUC platforms: 
o    OS, application, browser, and device-level vulnerabilities
o    Risk-based prioritization and remediation tracking
•    Govern patching, update cadence, waiver handling, and SLA adherence in partnership with EUC Ops and Engineering teams.
•    Drive reduction of repeat audit findings and control gaps related to EUC.

Identity, Access & Data Protection (EUC Lens)
•    Partner with Identity and Security teams to ensure: 
o    Strong authentication and device trust enforcement
o    Secure access to corporate data from managed and unmanaged endpoints
•    Embed data protection controls (DLP, encryption, information protection) into endpoint and productivity workflows.

Incident Response & Security Operations
•    Serve as EUC security lead during major incidents and security events impacting endpoints or end-user services.
•    Coordinate root cause analysis, corrective actions, and preventive control improvements related to endpoint incidents.
•    Improve monitoring, alerting, and threat response for EUC attack surfaces.

Stakeholder, Audit & Risk Engagement
•    Act as the primary EUC cybersecurity interface for: 
o    Enterprise Security
o    Risk Management & Controls
o    Internal / External Audit
•    Support risk assessments (RCSA), control attestations, and regulatory requirements tied to EUC services.
•    Provide executive-ready reporting on EUC security posture, risks, and remediation progress. 

Leadership & Team Enablement
•    Provide technical and security leadership to EUC engineers, leads, and managed service partners.
•    Mentor teams on secure endpoint design, automation, and operational best practices.
•    Drive a culture of security ownership within Digital Workplace teams, not just compliance.

Working with Us:

As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas.

Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to assisting the communities we serve! Join a workplace with a greater purpose.

We’d love to learn more about how your interests and experience could be a fit with one of the world’s most admired and sustainable companies! Build your career with us and apply today. #MadeForGreater

Reasonable accommodation

Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at MyHRHelp@ntrs.com.

We hope you’re excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different things to different people.

Apply today and talk to us about your flexible working requirements and together we can achieve greater.

About Our Pune Office

The Northern Trust Pune office, established in 2016, is now home to over 3,000 employees. The office handles various functions, including Operations for Asset Servicing and Wealth Management, as well as delivering critical technology solutions that support business operations across the globe.

Our Pune team takes our commitment to service to heart. In 2024, they volunteered more than 10,000+ hours into the communities where they live and work. Learn more.

Experience Level

Senior Level