Principal Security Engineer – AI & Copilot Data Protection

About Northern Trust:

Northern Trust a Fortune 500 company is a globally recognized award-winning financial institution that has been in continuous operation since 1889.

Northern Trust is proud to provide innovative financial services and guidance to the worlds most successful individuals families and institutions by remaining true to our enduring principles of service expertise and integrity. With more than 130 years of financial experience and over 22000 partners we serve the worlds most sophisticated clients using leading technology and exceptional service.

Role Summary

Seeking a Principallevel individual contributorto lead the secure enablement of Microsoft 365 Copilot and enterprise AI capabilities within Northern Trusts Cyber Team.

This role owns the endtoend technical strategy architecture and operationalization of AIdriven data protection and compliance controlsacross Microsoft Purview Defender and M365 security services.

The Principal serves as the organizations deep technical authority on AI data protection shaping control strategy influencing platform configuration decisions and institutionalizing durable safeguards that reduce AIdriven data risk while enabling productivity at enterprise scale.

This is a handson role with architectlevel accountability: designing systems that will stand up to audit regulatory scrutiny and adversarial pressure as AI usage scales.

Scope of Accountability (Principal Expectations)

This role is expected to:

• Own the technical vision and control strategyfor AI and Copilot data protection not just implement features.
• Define durable repeatable patternsfor securing LLMenabled workflows that other teams can adopt.
• Operate with wide autonomy minimal oversight and direct influence across Security Compliance Privacy M365 and Risk.
• Anticipate risk before incidents occur translating emerging AI threats into preventive controls.
• Serve as escalation point and design authority for complex or ambiguous AI security decisions.

Key Responsibilities

AI & Copilot Security Architecture

• Act as handson technical lead and design authorityfor Copilot and enterprise AI security controls across Microsoft Purview Defender and M365.
• Define and evolve the AI data protection reference architecture mapping controls to AI threat models and regulatory expectations.
• Review and harden Copilot platform configurations including:
  • Web grounding and search behaviors
  • Agents plugins and connectors
  • Permission inheritance and identity context
  • Transcripts prompt history and retention models
• Ensure controls are designed for defaultsecure behavior least privilege and failsafe operation.

Control Engineering & Operations

• Design implement and operate AIrelated controls spanning:
  • Information Protection and labeling strategy
  • DLP and Endpoint DLP (including AIspecific scenarios)
  • Insider Risk Management and Communication Compliance
  • Data Lifecycle Management and retention enforcement
  • DSPM for AI including exposure detection and oversharing remediation
• Configure deploy troubleshoot and operate controls across AD and EntraID environments.
• Support production changes through disciplined change management and approved deployment windows.

AI Risk Detection Monitoring & Response

• Define AIspecific risk use cases signals and thresholds aligned to data exposure misuse and policy violation scenarios.
• Build monitoring alerting and automation for abnormal or highrisk AI usage patterns.
• Develop operational runbooks that enable consistent response investigation and evidence preservation.
• Ensure solutions are auditready regulatordefensible and operationally sustainable.

Governance & Institutionalization

• Translate AI threat models into policyaligned enforceable technical controls.
• Partner with governance stakeholders to support:
  • AI risk assessments
  • Control mapping and documentation
  • Decision logs and exception handling
  • Executive and stakeholder reporting
• Contribute expert guidance to Copilot readiness Zero Trust alignment and broader AI governance initiatives.
• Track delivery and technical debt using Azure DevOps establishing transparency and accountability.

CopilotFocused Control Outcomes

• Define and enforce Copilotprotected labelsfor files groups sites and content sources.
• Prevent unauthorized content ingestion and unintended grounding into AI prompts.
• Expand browser and endpoint DLP protections including:
  • Copy/paste and screen capture controls
  • AI prompt and response handling
• Operationalize DSPM for AI to continuously reassess exposure and remediate oversharing.
• Establish durable workflows for AIrelated insider risk and communication compliance scenarios.

Required AI Security Expertise

• Deep understanding of LLM security fundamentals and threat modeling including:
  • Data exposure risks
  • Indirect and chained prompt injection
  • Modelmediated data exfiltration
• Practical mitigation strategies for:
  • Prompt injection and prompt data leakage
  • Overpermissioned grounding sources
  • Agent and connector misuse
• Experience securing agentic or toolaugmented AI systems including leastprivilege access and approval models.
• Strong grasp of AI governance concepts including risk classification control frameworks and policy alignment.
• Ability to translate abstract AI risk into concrete enforceable technical controls.

Qualifications

• Bachelors degree or equivalent experience in cybersecurity engineering or a related field.
• Extensive handson experience with Microsoft Purview and Microsoft Defender (including Cloud Apps).
• Strong background in data protection DLP technologies and enterprise information security.
• Proven scripting and automation capability (PowerShell Python Power Automate).
• Experience operating within formal incident problem and change management processes (e.g. ServiceNow).

Preferred Experience & Certifications

• Deep familiarity with M365 services such as SharePoint Online Teams Exchange and Entra ID.
• Experience integrating or operating with Sentinel Zscaler Symantec DLP or comparable platforms.

Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future. Northern Trust will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B L-1 TN O-1 E-3 H-1B1 F-1 J-1 OPT CPT or any other employment-based visa)

Salary Range:

Salary range is a good faith estimate of base pay. Northern Trust provides a comprehensive benefits package including retirement benefits (401k and pension) health and welfare benefits (medical dental vision spending accounts and disability) paid time off parental and caregiver leave life & accident insurance and other voluntary and well-being benefits. Northern Trust also provides a discretionary bonus program that may include an equity component.

Working with Us:

As a Northern Trust partner greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas.

Movement within the organization is encouraged senior leaders are accessible and you can take pride in working for a company committed to assisting the communities we serve!Join a workplace with a greater purpose.

Wed love to learn more about how your interests and experience could be a fit with one of the worlds most admired and sustainable companies! Build your career with us andapply today.#MadeForGreater

Reasonable accommodation

Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process please email our HR Service Center at .

We hope youre excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different things to different people.

Apply today and talk to us about your flexible working requirements and together we can achieve greater.