Principal, Cyber and IT Risk Management – Phishing & Cyber Awareness

Northern Trust•Chicago, IL

About The Position

About Northern Trust: Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889. Northern Trust is proud to provide innovative financial services and guidance to the world’s most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service. Principal, Cyber and IT Risk Management – Phishing & Cyber Awareness This role leads enterprise-wide internal phishing simulations and supports the cyber awareness training program. The position is responsible for operating a scalable, defensible program aligned to financial services regulatory expectations and Northern Trust’s risk management and control‑aware culture. The Principal partners across cybersecurity, technology risk, and business teams to ensure phishing simulations and awareness content reflect current threat patterns, reinforce policy and secure behaviors, and provide clear, decision‑useful metrics to senior leadership.

Requirements

Bachelor’s degree and/or equivalent military experience.
5+ years of experience in cybersecurity, technology risk management, IT audit, or cyber governance roles.
Demonstrated hands‑on experience supporting enterprise phishing simulations, including campaign design, execution, and measurement.
Strong knowledge of cyber risk management concepts and frameworks supporting awareness and training programs.
Exceptional written and verbal communication skills.
Ability to clearly communicate complex technical information to non‑technical audiences and develop executive‑level presentations.
Strong interpersonal skills, including collaboration, diplomacy, and conflict resolution.
Strong attention to detail with the ability to manage multiple projects and competing deadlines effectively.

Nice To Haves

Prior experience in the financial services sector; experience within a large financial institution strongly preferred.
Continuing education demonstrating a commitment to information security (e.g., certifications, coursework, advanced degrees).

Responsibilities

Own and execute the enterprise-wide phishing simulation program, including scenario design, testing cadence, and execution governance, coordinating and supervising contract providers as needed.
Lead the development and execution of the annual employee cybersecurity training program, ensuring compliance with relevant regulatory requirements, alignment to current cyber risks, and targeted training for high‑risk roles (e.g., privileged users, developers).
Partner with cybersecurity leaders to identify team‑specific training needs and develop and deliver appropriate role‑based training.
Develop and manage program metrics and reporting, including phishing susceptibility, reporting rates, repeat behavior, and trend analysis for leadership.
Coordinate with the Northern Trust threat intelligence team to integrate lessons learned from incidents, intelligence insights, and emerging attack techniques into simulations and training content.
Maintain audit‑ready documentation and evidence supporting program design, effectiveness, and continuous improvement.

Benefits

Northern Trust provides a comprehensive benefits package including retirement benefits (401k and pension), health and welfare benefits (medical, dental, vision, spending accounts and disability), paid time off, parental and caregiver leave, life & accident insurance, and other voluntary and well-being benefits.
Northern Trust also provides a discretionary bonus program that may include an equity component.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume