Technology Risk Management Senior Analyst

Job Description

Description CME Group is the worlds leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success andyou own it, all while working alongside a team of leading experts who inspire you in ways big and small. Joining our company gives you the opportunity to make a difference in global financial markets every day, whether you work on our industry-leading technologyand risk management services, our benchmark products or in a corporate services area that helps us serve our customers better. Were small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic,the work is unlike any other firm in the business, and the possibilities are endless. Problem solvers, difference makers, trailblazers. Those are our people. And were looking for more. To learn more about what a career at CME Group can offer you, visit usat www.wherefuturesaremade.com . The Global Information Security (GIS) Technology Risk Management Senior Analyst will work with peers in GIS and across the Technology Division to ensure that Technology risks are properly identified, assessed, monitored, andcommunicated in support of the overall GIS Risk Management program. The Senior Analyst will assist with the continuous improvement and daily operation of the Technology Risk Management program. Responsibilities Include: Work with peers in the 1st and 2nd lineof defense functions to identify and assess Information Security risks Conduct tabletop, lightweight, and detailed risk assessments using CME Groups established InfoSec risk management framework Collaboratively author and edit various risk-related documents,including Risk Profiles, Risk Advisory Memos, Risk Acceptance Memos, exceptions and variances from GIS technical policies and standards, and other related output resulting from risk adjudication activities Participate in and contribute to various working groupsacross the Technology Division, including but not limited to the Enterprise Architecture Board, various change advisory boards, Identity & Access Management working group, Data Protection working group, etc. Assist the GIS Technology Risk Management functionwith: Continuous improvement and maturation of the methods, instrumentation, training, documentation, and processes required to properly manage InfoSec risks Providing advisory and consulting services to the Information Technology Management Team related toInfoSec risks, treatment strategies, and decision-making Preparation of management reports, presentations, metrics, and other documentation required to support governance functions Compiling and delivering business and operational metrics at regular intervals.Promoting a culture of risk awareness and accountability through training, education, and risk management consultative support Problem Solving: Objectively assess the impact, likelihood, velocity, and magnitude of identified risks Objectively advise on anynumber of technical controls that will mitigate risk will not imposing undue burden on those who must implement the controls Drive objectivity and build consensus among stakeholders with widely divergent perspectives and drivers Rapidly analyze complex technicaldetails Synthesize detailed analysis into a big picture view that can be easily understood by non-technical stakeholders in order to support risk-based decision-making for senior managers within the Technology Division Decision Making: Recommend risktreatment decisions Recommend ranges of controls when risk mitigation is desired Recommend improvements to methods, instrumentation, training, documentation, and processes Recommend solutions for automating and streamlining InfoSec risk management practicesWorking Relationships: Daily interaction with peers across all elements of the Technology Division. Communicate regularly with cross-functional peers outside of the Technology Division, including General Counsel, Records Retention, Global Assurance (internalaudit), Enterprise Risk Management, Third Party Risk Management, and other business unit leadership. Interact occasionally with industry peers from other SIFMUs, research organizations, solution providers, etc. Required Experience: Bachelors Degree or equivalentexperience Relevant experience in publicly traded companies or finance/technology industry operations. Experience in at least two of the following: InfoSec (Operations, Program Management, Governance, Risk Management, etc.), Enterprise Architecture, Identity& Access Management, Application Development, Infrastructure & Operations, IT Compliance, or Internal Audit. Experience working with industry based information security and / or control frameworks (NIST Cyber Security Framework, ISO 27002, CobIT, etc.). Demonstrableknowledge of a broad range InfoSec technologies and practices. Demonstrable, impeccable writing skills for technical, management, and executive audiences. Additional preferred experience: Demonstrable knowledge of InfoSec risk management methods and practicesExperience with recommending, implementing, or operating GRC solutions Professional certification in InfoSec or Risk Management (such as CRISC, CISM, CISSP, CGEIT, CISA, etc.) For EU Residents, the Candidate Privacy Policy can be found here.