Infrastructure Vulnerability Management Governance – Lead
Job Summary
About Northern Trust
As a global leader in innovative wealth management asset servicing asset management and banking services Northern Trust (Nasdaq: NTRS) is proud to guide the worlds most successful individuals families corporations and institutions.
Since 1889 we have aligned our efforts with our three guiding Principles That Endure: Service Expertise and Integrity. Together they reflect the three cornerstones of business conduct which we strive to instill in our employees whom we call partners and to provide to our clients and the communities we serve worldwide.
With more than 135 years of financial experience and over 24000 partners we serve the worlds most sophisticated clients using leading technology and exceptional service.
Job Description - Infrastructure Vulnerability Management Governance and Oversight Support Lead
Location
Pune
About Role
The Infrastructure Vulnerability Management Governance and Oversight Support Lead is a key position within the Global Infrastructure Risk and Control team. The role focuses on providing governance risk oversight and remediation support across Infrastructure Vulnerability Management domains. This position partners closely with Vulnerability Operations Infrastructure Platform teams Application teams Technology owners and Risk partners to ensure effective vulnerability remediation governance control effectiveness timely closure of identified risks and strong audit and regulatory readiness. The role provides risk-minded guidance supports escalation management and enables consistent executive-ready reporting of the organizations vulnerability risk posture.
Major Duties
- Support the Principal in managing Vulnerability Management governance activities across regions including oversight of remediation plans risk exceptions SLA breaches escalations and closure tracking.
- Support the Principal in strengthening Vulnerability Management processes and improving control sustainability across Infrastructure and Platform teams.
- Drive weekly and monthly vulnerability risk and remediation reporting including current state aging due and overdue vulnerabilities SLA adherence exception status and executive escalations.
- Support Infrastructure and Application owners in identifying vulnerability-related risks and assessing the design and operating effectiveness of vulnerability management controls.
- Lead governance activities related to Infrastructure Vulnerabilities (VITs) Container Vulnerabilities (CVITs) Application Security findings Secure Configuration findings (CTRs) deferrals and false-positive validations.
- Monitor and challenge remediation progress to ensure accountability and timely closure of high-risk and aging vulnerabilities.
- Establish and maintain strong working relationships with Vulnerability Operations Infrastructure teams Technology owners Risk Management and Cyber Security stakeholders globally.
- Facilitate governance forums and oversight meetings ensuring actions risks decisions and commitments are accurately documented tracked and reported.
- Coordinate with Global and Regional stakeholders to plan and execute vulnerability oversight coverage aligned with audit requirements regulatory expectations and emerging risk priorities.
- Analyze vulnerability trends recurring remediation delays and systemic risk themes to identify opportunities for control improvement and process enhancement.
- Support audit and assessment activities by ensuring audit-ready documentation evidence metrics and response coordination related to Vulnerability Management governance.
- Provide executive-level visibility on remediation performance risk concentrations and emerging cyber risk themes through dashboards scorecards and leadership reporting.
Must Have
- Strong experience in Vulnerability Management governance risk and control oversight with 8 years in Information Security Technology Risk Cyber Risk or related roles.
- 4 years of experience in Financial Services.
- In-depth understanding of Vulnerability Management processes remediation lifecycle management vulnerability prioritization methodologies risk exceptions and regulatory expectations in large enterprise environments.
- Strong understanding of vulnerability severity models including CVSS-based prioritization and risk-based remediation frameworks.
- Proven ability to manage remediation accountability escalations governance forums and closure tracking across multiple technology teams.
- Highly motivated self-starter who handles ambiguity well and drives execution end-to-end.
- Strong critical thinking analytical leadership stakeholder management and organizational skills.
- Proven ability to build relationships influence stakeholders and drive risk-based decisions across functions.
- Ability to challenge and influence stakeholders with differing viewpoints while driving consensus and measurable outcomes.
- Strong verbal and written communication skills with the ability to present executive-ready risk reports and governance updates.
Good to Have
- Certifications in Information Security Cyber Risk Vulnerability Management Risk or Audit (e.g. CISSP CISM CRISC CISA CIA).
- Hands-on exposure to vulnerability management platforms and security tooling such as Tenable Qualys Rapid7 ServiceNow Vulnerability Response Wiz Prisma Cloud or similar technologies.
- Understanding of Infrastructure patch management secure configuration management cloud security and application security practices.
- Experience with Power BI or similar reporting and visualization tools.
- Experience with ServiceNow governance tracking metrics reporting or dashboarding solutions.
- Prior experience supporting technology audits regulatory reviews or cybersecurity assessments in Financial Services.
- Experience in vulnerability risk analytics trend analysis and executive-level cyber risk reporting.
Qualification
- 8 years of experience in Vulnerability Management Cyber Security Technology Risk Infrastructure Risk or Security Governance roles.
- 4 years of experience in Financial Services.
- Bachelors degree in Information Technology Cyber Security Computer Science Risk Management or related field.
- Certifications in Cyber Security Risk Audit or Vulnerability Management are preferred.
- Experience working with global stakeholders and large-scale enterprise Infrastructure environments is preferred.
- Experience supporting vulnerability governance programs remediation oversight and audit readiness activities is highly desirable.
Working with Us
As a Northern Trust partner you will be part of a flexible and collaborative work culture which has a strong history of financial strength and stability. Movement within the organization is encouraged senior leaders are accessible and you can take pride in working for a company committed to an inclusive workplace and assisting the communities we serve.
Philanthropy is deeply rooted in Northern Trusts history and is an essential element of our culture. Employees around the world give their time and talent to work for the greater good of their communities.
Reasonable Accommodation
Northern Trust is committed to working with and providing adjustments to individuals with health conditions and disabilities. If you need a reasonable accommodation for any part of the employment process please email our HR Service Center at or alternatively you can discuss your individual requirements with the recruiter you are working with.
About Our Pune Office
The Northern Trust Pune office established in 2016 is now home to over 3000 employees. The office handles various functions including Operations for Asset Servicing and Wealth Management as well as delivering critical technology solutions that support business operations across the globe.
Our Pune team takes our commitment to service to 2024 they volunteered more than 10000 hours into the communities where they live and work. Learn more.
About Company
Discover Northern Trust’s trusted financial services for individuals, families, and institutions. Guided by service, expertise, and integrity since 1889, we offer wealth management, asset servicing, and investment solutions tailored to your goals.