Northern Trust
Financial Services
ITControlsLead
Neural analysis suggests this role is
optimal for Lead candidates.
“IT Controls Lead at Northern Trust. Skills: SOX, SOC reporting, ITGCs, ITACs. Serve as subject matter expert for SOX. Serve as subject matter expert for SOC governance”
Industry & Context.
Root cause analysis; Assess complex scenarios; Assess ambiguous scenarios
What They're Looking For.
Must Have
8-10+ years SOC reporting, 8-10+ years IT audit, 8-10+ years IT risk, 8-10+ years control testing, SOX frameworks expertise, SOC 1 frameworks expertise, SOC 2 frameworks expertise, ITGCs expertise, ITACs expertise, business process controls expertise, Control design testing expertise, Operating effectiveness testing expertise, Perform end-to-end control testing, Oversee end-to-end control testing, Challenge testing approaches, Challenge auditor conclusions
Nice to Have
Prior Big 4 experience, Experience in financial services, Experience in regulated environments, Direct involvement in SOC report drafting, Direct involvement in SOC report review, Direct involvement in management assertions, Direct involvement in auditor language, Familiarity with COSO framework, Familiarity with NIST framework, Familiarity with ITGC frameworks
What You'll Do.
Serve as subject matter expert for SOX
Serve as subject matter expert for SOC governance
Establish control inventories
Maintain control inventories
Establish risk mappings
Maintain risk mappings
Establish report structures
Maintain report structures
Define control description expectations
Define control frequency expectations
Define evidence quality expectations
Define audit defensibility expectations
Evaluate system changes
Evaluate process changes
Evaluate organizational changes
Perform independent testing of ITGCs
Oversee independent testing of ITGCs
Perform independent testing of ITACs
Oversee independent testing of ITACs
Perform independent testing of automated controls
Oversee independent testing of automated controls
Evaluate control design
Evaluate operating effectiveness
Identify control exceptions
Document control exceptions
Evaluate control exceptions
Provide interpretation of SOX standards
Provide interpretation of SOC standards
Provide interpretation of AICPA guidance
Provide interpretation of auditor expectations
Define testing approaches
Challenge testing approaches
Define population scoping
Challenge population scoping
Define evidence sufficiency
Challenge evidence sufficiency
Assess complex scenarios
Assess ambiguous scenarios
Determine impact on SOC control objectives
Determine impact on Report disclosures
Determine impact on Auditor conclusions
Coordinate with Audit Services
Coordinate with Technology Risk & Control
Act as counterpart to external auditors
Lead testing discussions
Oversee testing discussions
Lead issue resolution
Oversee issue resolution
Review auditor testing procedures
Challenge auditor testing procedures
Review auditor sampling approaches
Challenge auditor sampling approaches
Review identified exceptions
Challenge identified exceptions
Review proposed conclusions
Challenge proposed conclusions
Review draft SOC report language
Challenge draft SOC report language
Review draft SOC report disclosures
Challenge draft SOC report disclosures
Oversee SOC related issues
Oversee SOX related issues
Oversee control deficiencies
Evaluate impact of audit findings
Evaluate impact of technology risks
Evaluate impact of control failures
Advise management on remediation strategies
Advise management on risk-based remediation
Advise management on remediation prioritization
Ensure management responses are clear
Ensure management responses are accurate
Ensure management responses are audit-ready
Align SOC testing approaches
Align SOX testing approaches
Align ITGC testing approaches
Create consistency in control narratives
Create consistency in testing methodologies
Create consistency in evidence expectations
Resolve discrepancies in control interpretation
Resolve discrepancies in testing outcomes
Support control environment rationalization
Support control environment standardization
Influence senior stakeholders
Influence control owners
Provide guidance on control design improvements
Provide guidance on evidence expectations
Provide guidance on testing readiness
Translate technical issues
Translate audit issues
Identify opportunities to strengthen control design
Identify opportunities for completeness risk coverage
Stay current on SOC guidance
Stay current on IT control testing practices
Stay current on regulatory expectations
How You'll Work.
Team & Collaboration
Coordination with Audit Services; Coordination with Technology Risk; Counterpart to external auditors; Influence senior stakeholders; Influence control owners
Communication Scope
Written communication; Verbal communication; Executive messaging
Process & Methodology
Program leadership
Full Job Description
**_About Northern Trust:_** Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889. Northern Trust is proud to provide innovative financial services and guidance to the world’s most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service. We are seeking an experienced IT Controls Lead to be a part of the Global Financial Controls IT pillar, which covers SOX, SOC 1 and SOC 2 controls across a complex, regulated financial services organization. This role combines strategic program leadership with hands-on control testing expertise, including IT General Controls (ITGCs) and application controls (ITACs), as well as working knowledge of business process controls. The Lead is responsible for ensuring SOC reporting is accurate, complete, and audit-defensible, while also validating the effectiveness of controls through independent testing and technical review. The role operates as a trusted authority on SOC standards, control design, testing methodologies, and audit positioning—expected to independently challenge conclusions, validate testing approaches, and influence outcomes across internal stakeholders and external auditors. **Key Responsibilities** * Serve as a senior subject matter expert for SOX and SOC governance, including scoping strategy, control advisory, and reporting standards. * Establish and maintain control inventories, risk mappings, and report structures. * Define expectations for control descriptions, frequency, evidence quality, and audit defensibility across the program. * Evaluate system, process, and organizational changes for potential impact. * Perform and/or oversee independent testing of IT General Controls (
Applying for this IT Controls Lead role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Workday
- Workday has a multi-step form — save your progress after every section.
- "Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
- Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
- Job requisition numbers are useful when following up with HR by email.
ANONYMOUS · UNFILTERED
What do employees actually say about Northern Trust?
Real rants from real employees. Read before you apply.