Northern Trust
Director Cyber Security Engineering
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
View Full Job Details on LinkedInAbout Northern Trust
Northern Trust is a global financial services company founded in 1889 in Chicago, Illinois. It specializes in wealth management, asset servicing, asset management, and banking solutions. The company serves a diverse clientele, including high-net-worth individuals, families, foundations, endowments, corporations, and institutional investors worldwide. Notably, Northern Trust has a dedicated division for Global Family & Private Investment Offices, established in 1982, which focuses on ultra-high-net-worth families. This division provides comprehensive investment management and family office support to clients with significant investable assets. The company is recognized for its personalized wealth management services, including estate planning and risk management, as well as its asset servicing capabilities for institutional clients. With a long history of conservative financial management and innovation, Northern Trust has built a reputation for stability and trustworthiness. Its headquarters in Chicago reflects its architectural significance and growth over the years.
Security at Northern Trust
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
- Governance-first, risk-based AppSec integrated into the SDLC.
- Northern Trust emphasizes building security and privacy tenets into projects from inception (shift-left), documented policies and senior-management commitment, continuous testing and monitoring, threat-intelligence enriched analytics, and workforce training — aligned to NIST, ISO 27002, ITIL and COBIT frameworks and supported by a centralized Cyber Coordination Center for detection and response.
Security Team
- AppSec responsibilities are embedded within Technology and Information & Cyber Security functions rather than published as a standalone public AppSec org.
- Public materials describe collaboration between tech teams and business stakeholders, investment in developer/technology training (cloud, AI), and centralized operational ownership (Cyber Coordination Center).
- No public org chart, named AppSec leads, team size, or explicit AppSec team listings appear on northerntrust.com.
Key Initiatives
- Publicly described initiatives include: (1) Secure-by-design practices and secure-coding protocols integrated into project lifecycles.
- (2) Regular vulnerability assessments and testing (annual assessments recommended).
- (3) Layered defensive controls and real-time intrusion detection with centralized monitoring/incident response.
- (4) Use of big-data security analytics to enrich logs and vulnerability/identity context for detection and triage.
- (5) Identity and access hygiene (access reviews, session controls, challenge responses).
- (6) Third-party risk assessments and outsourcing risk-management procedures.
- (7) Ongoing employee and developer security training and awareness programs.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.
Interested in this role?
Apply on LinkedIn