Description
The Global Information Security (GIS) Technology Risk Management Senior Analyst will work with peers in GIS and across the Technology Division to ensure that Technology risks are properly identified, assessed, monitored, and communicated in support of the overall GIS Risk Management program. The Senior Analyst will assist with the continuous improvement and daily operation of the Technology Risk Management program.
Responsibilities Include:
Work with peers in the 1st and 2nd line of defense functions to identify and assess Information Security risks
Conduct tabletop, lightweight, and detailed risk assessments using CME Group’s established InfoSec risk management framework
Collaboratively author and edit various risk-related documents, including Risk Profiles, Risk Advisory Memos, Risk Acceptance Memos, exceptions and variances from GIS technical policies and standards, and other related output resulting from risk adjudication activities
Participate in and contribute to various working groups across the Technology Division, including but not limited to the Enterprise Architecture Board, various change advisory boards, Identity & Access Management working group, Data Protection working group, etc.
Assist the GIS Technology Risk Management function with:
Continuous improvement and maturation of the methods, instrumentation, training, documentation, and processes required to properly manage InfoSec risks
Providing advisory and consulting services to the Information Technology Management Team related to InfoSec risks, treatment strategies, and decision-making
Preparation of management reports, presentations, metrics, and other documentation required to support governance functions
Compiling and delivering business and operational metrics at regular intervals.
Promoting a culture of risk awareness and accountability through training, education, and risk management consultative support
Problem Solving:
Objectively assess the impact, likelihood, velocity, and magnitude of identified risks
Objectively advise on any number of technical controls that will mitigate risk will not imposing undue burden on those who must implement the controls
Drive objectivity and build consensus among stakeholders with widely divergent perspectives and drivers
Rapidly analyze complex technical details
Synthesize detailed analysis into a “big picture” view that can be easily understood by non-technical stakeholders in order to support risk-based decision-making for senior managers within the Technology Division
Decision Making:
Recommend risk treatment decisions
Recommend ranges of controls when risk mitigation is desired
Recommend improvements to methods, instrumentation, training, documentation, and processes
Recommend solutions for automating and streamlining InfoSec risk management practices
Working Relationships:
Daily interaction with peers across all elements of the Technology Division
Communicate regularly with cross-functional peers outside of the Technology Division, including General Counsel, Records Retention, Global Assurance (internal audit), Enterprise Risk Management, Third Party Risk Management, and other business unit leadership
Interact occasionally with industry peers from other SIFMUs, research organizations, solution providers, etc.
Required Experience:
Bachelor’s Degree or equivalent experience
4-6+ years of relevant experience in publicly traded companies or finance/technology industry operations
Experience in at least two of the following: InfoSec (Operations, Program Management, Governance, Risk Management, etc.), Enterprise Architecture, Identity & Access Management, Application Development, Infrastructure & Operations, IT Compliance, or Internal Audit
4-6+ years of relevant experience working with industry based information security and / or control frameworks (NIST Cyber Security Framework, ISO 27002, CobIT, etc.)
Demonstrable knowledge of a broad range InfoSec technologies and practices
Demonstrable, impeccable writing skills for technical, management, and executive audiences
Additional preferred experience:
Demonstrable knowledge of InfoSec risk management methods and practices
Experience with recommending, implementing, or operating GRC solutions
Professional certification in InfoSec or Risk Management (such as CRISC, CISM, CISSP, CGEIT, CISA, etc.)
#LI-MFE
#LI-Hybrid
CME Group is committed to offering a competitive total rewards package for our employees that recognizes their contributions to the business and reflects our long-term investment in their future. The salary range for this role is $104,800-$174,600. Actual salary offered will be dependent on a wide array of factors including but not limited to: relevant experience, skills, education and comparison to internal employees (where relevant). Our compensation program also includes an annual target bonus opportunity for all employees, as well as the opportunity to become an owner in the company through our broad-based equity program. Through our Benefits program, we strive to offer flexibility, value and choice. From comprehensive health coverage, to a retirement package that includes both a 401(k) and an active Pension Plan, to highly competitive education reimbursement provisions, paid time off and a mental health benefit, CME Group offers a holistic Benefits package for our team and their dependents.
CME Group: Where Futures Are Made
CME Group (www.cmegroup.com) is the world’s leading derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And we’re looking for more.
Receive emails for the latest jobs matching your search criteria
