About Northern Trust
As a global leader in innovative wealth management, asset servicing, asset management and banking services, Northern Trust (Nasdaq: NTRS) is proud to guide the world’s most successful individuals, families, corporations and institutions.
Since 1889, we have aligned our efforts with our three guiding Principles That Endure: Service, Expertise, and Integrity. Together, they reflect the three cornerstones of business conduct which we strive to instill in our employees, whom we call partners, and to provide to our clients and the communities we serve worldwide.
With more than 135 years of financial experience and over 24,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service.
Pune
The Infrastructure Vulnerability Management Governance and Oversight Support – Lead is a key position within the Global Infrastructure Risk and Control team. The role focuses on providing governance, risk oversight, and remediation support across Infrastructure Vulnerability Management domains. This position partners closely with Vulnerability Operations, Infrastructure Platform teams, Application teams, Technology owners, and Risk partners to ensure effective vulnerability remediation governance, control effectiveness, timely closure of identified risks, and strong audit and regulatory readiness. The role provides risk-minded guidance, supports escalation management, and enables consistent, executive-ready reporting of the organization's vulnerability risk posture.
-
Support the Principal in managing Vulnerability Management governance activities across regions, including oversight of remediation plans, risk exceptions, SLA breaches, escalations, and closure tracking.
-
Support the Principal in strengthening Vulnerability Management processes and improving control sustainability across Infrastructure and Platform teams.
-
Drive weekly and monthly vulnerability risk and remediation reporting, including current state, aging, due and overdue vulnerabilities, SLA adherence, exception status, and executive escalations.
-
Support Infrastructure and Application owners in identifying vulnerability-related risks and assessing the design and operating effectiveness of vulnerability management controls.
-
Lead governance activities related to Infrastructure Vulnerabilities (VITs), Container Vulnerabilities (CVITs), Application Security findings, Secure Configuration findings (CTRs), deferrals, and false-positive validations.
-
Monitor and challenge remediation progress to ensure accountability and timely closure of high-risk and aging vulnerabilities.
-
Establish and maintain strong working relationships with Vulnerability Operations, Infrastructure teams, Technology owners, Risk Management, and Cyber Security stakeholders globally.
-
Facilitate governance forums and oversight meetings, ensuring actions, risks, decisions, and commitments are accurately documented, tracked, and reported.
-
Coordinate with Global and Regional stakeholders to plan and execute vulnerability oversight coverage aligned with audit requirements, regulatory expectations, and emerging risk priorities.
-
Analyze vulnerability trends, recurring remediation delays, and systemic risk themes to identify opportunities for control improvement and process enhancement.
-
Support audit and assessment activities by ensuring audit-ready documentation, evidence, metrics, and response coordination related to Vulnerability Management governance.
-
Provide executive-level visibility on remediation performance, risk concentrations, and emerging cyber risk themes through dashboards, scorecards, and leadership reporting.
-
Strong experience in Vulnerability Management governance, risk, and control oversight, with 8+ years in Information Security, Technology Risk, Cyber Risk, or related roles.
-
4+ years of experience in Financial Services.
-
In-depth understanding of Vulnerability Management processes, remediation lifecycle management, vulnerability prioritization methodologies, risk exceptions, and regulatory expectations in large enterprise environments.
-
Strong understanding of vulnerability severity models, including CVSS-based prioritization and risk-based remediation frameworks.
-
Proven ability to manage remediation accountability, escalations, governance forums, and closure tracking across multiple technology teams.
-
Highly motivated, self-starter who handles ambiguity well and drives execution end-to-end.
-
Strong critical thinking, analytical, leadership, stakeholder management, and organizational skills.
-
Proven ability to build relationships, influence stakeholders, and drive risk-based decisions across functions.
-
Ability to challenge and influence stakeholders with differing viewpoints while driving consensus and measurable outcomes.
-
Strong verbal and written communication skills with the ability to present executive-ready risk reports and governance updates.
-
Certifications in Information Security, Cyber Risk, Vulnerability Management, Risk, or Audit (e.g., CISSP, CISM, CRISC, CISA, CIA).
-
Hands-on exposure to vulnerability management platforms and security tooling such as Tenable, Qualys, Rapid7, ServiceNow Vulnerability Response, Wiz, Prisma Cloud, or similar technologies.
-
Understanding of Infrastructure patch management, secure configuration management, cloud security, and application security practices.
-
Experience with Power BI or similar reporting and visualization tools.
-
Experience with ServiceNow, governance tracking, metrics reporting, or dashboarding solutions.
-
Prior experience supporting technology audits, regulatory reviews, or cybersecurity assessments in Financial Services.
-
Experience in vulnerability risk analytics, trend analysis, and executive-level cyber risk reporting.
-
8+ years of experience in Vulnerability Management, Cyber Security, Technology Risk, Infrastructure Risk, or Security Governance roles.
-
4+ years of experience in Financial Services.
-
Bachelor's degree in Information Technology, Cyber Security, Computer Science, Risk Management, or related field.
-
Certifications in Cyber Security, Risk, Audit, or Vulnerability Management are preferred.
-
Experience working with global stakeholders and large-scale enterprise Infrastructure environments is preferred.
-
Experience supporting vulnerability governance programs, remediation oversight, and audit readiness activities is highly desirable.
Working with Us
As a Northern Trust partner, you will be part of a flexible and collaborative work culture, which has a strong history of financial strength and stability. Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to an inclusive workplace and assisting the communities we serve.
Philanthropy is deeply rooted in Northern Trust’s history and is an essential element of our culture. Employees around the world give their time and talent to work for the greater good of their communities.
Reasonable Accommodation
Northern Trust is committed to working with and providing adjustments to individuals with health conditions and disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at [email protected], or alternatively you can discuss your individual requirements with the recruiter you are working with.
About Our Pune Office
The Northern Trust Pune office, established in 2016, is now home to over 3,000 employees. The office handles various functions, including Operations for Asset Servicing and Wealth Management, as well as delivering critical technology solutions that support business operations across the globe.
Our Pune team takes our commitment to service to heart. In 2024, they volunteered more than 10,000+ hours into the communities where they live and work. Learn more.