Global Head of Data Protection

Job Description

About Northern Trust:Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889. Northern Trust is proud to provide innovative financial services and guidance to the worlds most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the worlds most sophisticated clients using leading technology and exceptional service.Position: Global Head of Data ProtectionThe Global Head of Data Protection is a senior leadership role responsible for overseeing the design, implementation, and maintenance of comprehensive data protection and security strategies across Northern Trust, ensuring compliance with relevant regulations while leading a team of data security engineers to proactively identify and mitigate data risks across systems and applications; this role requires a deep understanding of financial services approach to data privacy laws, security architectures, data control automation, structured & unstructured data discovery, and data protection best practices, collaborating closely with technology, legal, risk, audit and business teams to safeguard sensitive data.Key Responsibilities:Strategy Development:

• Develop and execute a holistic data protection strategy aligned with business objectives, technology, and regulatory requirements.
• Conduct risk assessments to identify potential data vulnerabilities and prioritize mitigation efforts.
• Collaborate with the data governance, insider risk, fraud, and global privacy teams on data classification standards with the goal of implementing data access controls to protect sensitive information.
• Proactively manage key stakeholder expectations at the manager level and above, advising on optimal approaches and resolving conflicts between internal controls and information security requirements.

Technical Implementation:

• Design and deploy data security solutions including encryption, data masking, data loss prevention (DLP), sensitive data discovery, cloud access security broker, proxy data controls, and certificate and key management.
• Oversee the implementation of security controls across cloud environments, on-premise systems, and third-party applications.
• Monitor and analyze data security posture, identifying trends and potential threats.

Team Leadership:

• Lead and mentor a team of data security engineers, providing technical guidance and career development opportunities.
• Recruit and retain top talent with relevant data protection and security expertise.
• Foster a culture of data security awareness within the engineering teams.

Compliance and Governance:

• Enable compliance with data privacy regulations such as GDPR, CCPA, and local laws.
• Collaborate with legal and compliance teams to address data protection inquiries and incident response.
• Maintain the Data Protection Standard, procedures, and associated guidelines.
• Develop comprehensive and effective technology/administrative controls for each standard requirement.
• Maintain and establish as necessary, data protection control objectives and relevant mappings.
• Drive the development and implementation of control metrics (KPIs and KRIs).

Incident Response:

• Participate in the response to data breaches and security incidents, including investigation, containment, and remediation.
• Conduct post-incident root cause analysis to identify improvement areas and prevent future occurrences.

Required Skills and Experience:

• Understanding of data privacy regulations (GDPR, CCPA, etc.)
• Extensive understanding of cybersecurity and financial industry frameworks as well as standards such as CRI, NIST, ISO 27001, etc.
• Expertise in data security technologies like encryption, data masking, DLP, data scanning, and access controls.
• Proven experience in designing and implementing data security architectures across cloud and on-premise environments.
• Extensive knowledge for collaborating with lines of defense, risk, and audit specifically, in large financial services organizations.
• Strong leadership and team management skills.
• Excellent communication and stakeholder management abilities.
• Experience in managing large complex projects and associated budgets.
• Expertise in managing team member capacity to address workload demand.
• Strong ability to analyze data to identify thematic issues/areas requiring improvement.
• Experience with security incident response and threat analysis is a plus.
• Programming skills and knowledge of data analytics tools.

Education and Certifications:

• Bachelors degree in computer science, information security, or a related field.
• Relevant cybersecurity certifications such as CISSP, CISM, CIPP/E, or similar are a plus.

Working with Us:As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas. Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to assisting the communities we serve! Join a workplace with a greater purpose. Wed love to learn more about how your interests and experience could be a fit with one of the worlds most admired and sustainable companies! Build your career with us and apply today. #MadeForGreaterReasonable AccommodationNorthern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at MyHRHelp@ntrs.com. We hope youre excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different things to different people.Apply today and talk to us about your flexible working requirements and together we can achieve greater.Locations: Chicago, IL

Keyskills :
data privacy regulations cybersecurity standards data security technologies risk assessment strategies team leadership skillscissp information security dlp cism nist iso 27001 data loss prevention