IT Controls Lead Global Financial Controls

About Northern Trust:

Northern Trust a Fortune 500 company is a globally recognized award-winning financial institution that has been in continuous operation since 1889.

Northern Trust is proud to provide innovative financial services and guidance to the worlds most successful individuals families and institutions by remaining true to our enduring principles of service expertise and integrity. With more than 130 years of financial experience and over 22000 partners we serve the worlds most sophisticated clients using leading technology and exceptional service.

We are seeking an experienced IT Controls Lead to be a part of the Global Financial Controls IT pillar which covers SOX SOC 1 and SOC 2 controls across a complex regulated financial services organization.

This role combines strategic program leadership with hands-on control testing expertise including IT General Controls (ITGCs) and application controls (ITACs) as well as working knowledge of business process controls. The Lead is responsible for ensuring SOC reporting is accurate complete and audit-defensible while also validating the effectiveness of controls through independent testing and technical review.

The role operates as a trusted authority on SOC standards control design testing methodologies and audit positioningexpected to independently challenge conclusions validate testing approaches and influence outcomes across internal stakeholders and external auditors.

Key Responsibilities

• Serve as a senior subject matter expert for SOX and SOC governance including scoping strategy control advisory and reporting standards.
• Establish and maintain control inventories risk mappings and report structures.
• Define expectations for control descriptions frequency evidence quality and audit defensibility across the program.
• Evaluate system process and organizational changes for potential impact.
• Perform and/or oversee independent testing of IT General Controls (ITGCs) (access management change management computer operations etc.) and IT Application Controls (ITACs) and automated controls.
• Evaluate both control design and operating effectiveness including sampling methodologies and population completeness evidence inspection and re-performance where required validation of system-generated reports and data dependencies.
• Identify document and evaluate control exceptions including root cause and risk implications.
• Provide authoritative interpretation of SOX/SOC standards AICPA guidance and auditor expectations.
• Define and challenge testing approaches population scoping and evidence sufficiency.
• Assess complex or ambiguous scenarios and determine impact on SOC control objectives Report disclosures Auditor conclusions etc.
• Coordination with Audit Services and Technology Risk & Control.
• Act as a primary counterpart to external auditors (e.g. KPMG).
• Lead or oversee walkthroughs testing discussions and issue resolution.
• Review and challenge auditor testing procedures and sampling approaches identified exceptions and proposed conclusions and draft SOC report language and disclosures.
• Oversee SOC and SOX related issues including exceptions and control deficiencies.
• Evaluate whether audit findings technology risks or control failures impact external reporting.
• Advise management on risk-based remediation strategies and prioritization.
• Ensure management responses are clear accurate and audit-ready.
• Align SOC SOX and ITGC testing approaches to create consistency in control narratives testing methodologies and evidence expectations.
• Resolve discrepancies in control interpretation or testing outcomes.
• Support broader control environment rationalization and standardization.
• Influence senior stakeholders and control owners without formal authority.
• Provide guidance on control design improvements evidence expectations and testing readiness.
• Translate complex technical and audit issues into clear executive-level messaging.
• Identify opportunities to strengthen control design and completeness risk coverage.
• Stay current on SOC guidance IT control testing practices and regulatory expectations.

Required Qualifications

• 8-10 years of experience in SOC reporting IT audit IT risk or control testing
• Deep expertise in:
  • SOX SOC 1 and SOC 2 frameworks
  • ITGCs ITACs and business process controls
  • Control design and operating effectiveness testing
• Demonstrated experience performing or overseeing end-to-end control testing.
• Ability to challenge testing approaches and auditor conclusions with strong technical rationale.
• Strong understanding of technology environments and data flows supporting control execution.
• Exceptional written and verbal communication skills.

Strongly Preferred Qualifications

• Prior Big 4 experience (SOC reporting or IT audit)
• Experience in financial services / regulated environments
• Direct involvement in:
  • SOC report drafting and review
  • Management assertions and auditor language
• Familiarity with SOX COSO NIST and ITGC frameworks
• Professional certifications: CPA CISA CISSP

Working Model: Hybrid (#LI-Hybrid)
We have a balanced hybrid working model to ensure you get the flexibility you need and the successful candidate will spend their time between working in the office and working from home.

Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future. Northern Trust will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B L-1 TN O-1 E-3 H-1B1 F-1 J-1 OPT CPT or any other employment-based visa)

Salary Range:

Salary range is a good faith estimate of base pay. Northern Trust provides a comprehensive benefits package including retirement benefits (401k and pension) health and welfare benefits (medical dental vision spending accounts and disability) paid time off parental and caregiver leave life & accident insurance and other voluntary and well-being benefits. Northern Trust also provides a discretionary bonus program that may include an equity component.

Working with Us:

As a Northern Trust partner greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas.

Movement within the organization is encouraged senior leaders are accessible and you can take pride in working for a company committed to assisting the communities we serve!Join a workplace with a greater purpose.

Wed love to learn more about how your interests and experience could be a fit with one of the worlds most admired and sustainable companies! Build your career with us andapply today.#MadeForGreater

Reasonable accommodation

Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process please email our HR Service Center at .

We hope youre excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different things to different people.

Apply today and talk to us about your flexible working requirements and together we can achieve greater.