Principal – Technology Risk and Control- Artificial Intelligence & Cloud Risk

Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.

Northern Trust is proud to provide innovative financial services and guidance to the worlds most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the worlds most sophisticated clients using leading technology and exceptional service.

Responsibilities:

Enterprise Framework & Governance

Evolve the enterprise AI and Cloud Risk & Control Framework, partnering with AI Architecture, Model Risk, Cyber, Data, Privacy, Resilience, and ThirdParty Risk teams to ensure consistency and regulatory defensibility.

Define enterprisewide risk taxonomy and tiering, aligned to usecase criticality, autonomy, data sensitivity, customer impact, and systemic exposure.

Establish clear risktocontrol linkages to support consistent decisions and auditready governance.

Define minimum control expectations for AI and Cloud services and act as the authoritative interpreter of AI and Cloud risk standards.

AI & Cloud Risk Assessment

Collaborate on the enterprise AI and Cloud risk assessment methodology, ensuring it is riskbased, proportionate, repeatable, and auditable.

Partner with AI Architecture and Model Risk to assess inherent and residual risks, including model behavior, bias, explainability, data risk, security, resilience, and autonomy.

Embed risk assessment across the AI lifecycle and cloud onboarding and architecture decisions, ensuring outcomes inform risk acceptance and executive reporting.

Control Design & Effectiveness

Set expectations for AI and Cloud control design, ensuring controls are embedded by design and aligned to preventive, detective, and corrective principles.

Define standards for human oversight, monitoring, logging, explainability, and evidence.

Partner with Risk and Assurance teams to assess control effectiveness and drive remediation of systemic gaps.

Regulatory Alignment & Advisory

Ensure alignment with internal standards, model risk governance, and emerging AI regulatory expectations.

Translate regulatory requirements into practical, implementable controls for firstline teams.

Act as a trusted risk advisor and challenger to senior Technology, Cloud, Architecture, and AI leaders, owning final risk recommendations for highimpact initiatives.

Enablement & Maturity

Develop playbooks and guidance to scale consistent AI and Cloud risk practices.

Coach risk and technology partners to improve enterprise risk fluency.

Advance AI governance maturity, including automation and integration with modern engineering practices.

Experience & Background

15+ years of experience in Technology Risk, Cyber Risk, Model Risk, Cloud Risk, or related disciplines, with demonstrable enterpriselevel accountability.

Proven track record of designing and owning enterprisewide risk and control frameworks.

Deep exposure to AI systems, cloud platforms, and complex digital architectures within regulated environments.

Professional certifications such as CISSP, CCSK, CRISC, or equivalent (preferred, not mandatory).