Senior Associate - Technology Risk and Controls (RCSA)
About Northern Trust:
Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.
Northern Trust is proud to provide innovative financial services and guidance to the world’s most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service.
The Technology Risk and Control function at Northern Trust supports Global Information Technology in operating within a strong First Line of Defense, promotes a control‑aware culture, and enables secure, compliant, and resilient technology capabilities.
The Senior Associate, Technology Risk and Control role supports the execution of the Technology Issue Management and Risk & Control Self‑Assessment (RCSA) programs. This role is responsible for planning and executing assigned RCSA activities, supporting issue identification and remediation tracking, and ensuring consistent application of technology risk and control standards.
The Senior Associate works closely with Technology, Risk, Compliance, and Audit stakeholders to assess technology risks, evaluate control effectiveness, and support governance, transparency, and accountability across the technology risk lifecycle.
Key Responsibilities
Technology Risk & Control Self‑Assessment (RCSA) Execution
Support and execute end‑to‑end Technology Risk and Control Self‑Assessments within the defined scope, in alignment with enterprise technology risk policies, control standards, and risk frameworks.
Coordinate with technology and risk stakeholders to support RCSA planning, scheduling, data collection, and completion of assessment deliverables.
Risk Identification and Control Design & Effectiveness Evaluation
Contribute to the assessment of inherent and residual technology risks and evaluate the design and operating effectiveness of key controls.
Identify control gaps, execution issues, and process deviations, and support clear documentation of root causes and risk implications.
Assess whether controls are:
Clearly defined and appropriately documented
Aligned to identified technology risks and control objectives
Consistently executed
Supported by complete, accurate, and timely evidence suitable for audit and regulatory review
Risk Assessment and Assurance Support
Apply technology risk assessment techniques to support effective risk identification, prioritization, and articulation within RCSA activities.
Leverage exposure to SOC 1 / SOC 2 or SOX IT control testing (where applicable) to support control scoping, documentation quality, and evidence standards.
Assist in aligning RCSA outcomes with audit, risk, and regulatory expectations.
RCSA Documentation and Evidence Management
Ensure accurate and high‑quality documentation of RCSA results, including risk statements, control assessments, conclusions, and supporting evidence within designated tools.
Maintain discipline around evidence standards, traceability, and transparency to support internal and external assurance activities.
Issue Identification and Remediation Tracking
Support identification, documentation, and escalation of control deficiencies and risk issues arising from RCSA activities.
Assist with issue risk ratings and monitor remediation progress in alignment with issue management standards and timelines.
Stakeholder Engagement and Governance Support
Partner with technology, risk, and control stakeholders to support completion of RCSA activities and issue remediation actions.
Participate in governance forums, working groups, and readiness activities, providing clear, factual updates on assessment status, risks, and issues.
Continuous Improvement and Risk Awareness
Support identification of recurring risk themes and control weaknesses across RCSAs.
Contribute ideas and recommendations to enhance control design, assessment methodologies, documentation quality, and overall RCSA effectiveness.
Maintain awareness of evolving industry practices, regulatory expectations, and technology risk trends relevant to RCSA activities.
Experience and Education
6–8 years of experience in Technology Risk, Risk & Control Self‑Assessment (RCSA), IT Risk Assessment, or related roles.
Hands‑on experience executing Technology RCSA activities or participation in SOC 1 / SOC 2 and/or SOX IT control testing, including IT General Controls (ITGCs) and application controls.
Practical understanding of technology risks, control design, and control effectiveness evaluation.
Strong analytical, documentation, and stakeholder communication skills.
Preferred Certifications: CISA, CISSP, or CRISCs
Working with Us:
As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas.
Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to assisting the communities we serve! Join a workplace with a greater purpose.
We’d love to learn more about how your interests and experience could be a fit with one of the world’s most admired and sustainable companies! Build your career with us and apply today. #MadeForGreater
Reasonable accommodation
Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at [email protected].
We hope you’re excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different things to different people.
Apply today and talk to us about your flexible working requirements and together we can achieve greater.
About Our Pune Office
The Northern Trust Pune office, established in 2016, is now home to over 3,000 employees. The office handles various functions, including Operations for Asset Servicing and Wealth Management, as well as delivering critical technology solutions that support business operations across the globe.
Our Pune team takes our commitment to service to heart. In 2024, they volunteered more than 10,000+ hours into the communities where they live and work. Learn more.
