Lead Analyst IT Compliance & Controls
- Chicago, IL, USA
- Permanent, Full time
- Chicago Mercantile Exchange
- 21 Mar 19
Lead Analyst IT Compliance & Controls
CME Group is the world's leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Joining our company gives you the opportunity to make a difference in global financial markets every day, whether you work on our industry-leading technology and risk management services, our benchmark products or in a corporate services area that helps us serve our customers better. We're small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic, the work is unlike any other firm in the business, and the possibilities are endless. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.
To learn more about what a career at CME Group can offer you, visit us at www.wherefuturesaremade.com .
Incumbent will have day-to-day responsibilities to fulfill and support the IT Compliance & Controls mission including analysis IT Control gaps, assistance in remediation planning and tracking, analyzing legal or regulatory obligations (pending or enacted) for impact to existing baseline controls & test procedures, performing the IT compliance assurance function as it relates to compliance with Systems Safeguards Testing; evaluating the results of control owner self-assessments/control testing; and recommend remediation steps; providing awareness of the IT control & risk frameworks; assist in updating the IT Control Library & Control Plans to reflect the current CME operating environment & regulatory landscape; provide findings and compliance status reporting. Interact with finding, remediation, and control plan owners & assist in compliance awareness efforts. Support IT compliance obligations as required, e.g. provide assistance in internal and external audits.
The Incumbent will be responsible for:
- Managing findings related to technology that have been issued through various reporting structures
- Intercating with finding/remediation owners to ensure findings are managed and reported on correctly through closure.
- Analyzing and determining if existing controls are sufficient to meet new regulatory or legal obligations or if control enhancements are needed.
- Helping to determine training/education needs (based on interaction with stakeholders)
- Helping assess the risk of controls not implemented
- IT Findings/Compliance reporting & escalation needs;
- Recommendations on required/updated control plans as the IT environment changes;
- Provide input into exception requests (mitigation efforts and implications on IT risk).
The Incumbent will follow common approaches for interacting with IT stakeholders while helping establish new approaches where precedent doesn't exist in handling IT controls & associated risks. Given the current control environment, precedents will sometimes need to be established to determine how to properly respond; leaning on defined controls but helping to establish the compliance culture.
In this role the Incumbent will be expected to:
- Manage findings from beginning to closure.
- Recommend control remediation approaches (may include establishing new processes vs. point solutions);
- Recommend efficient control assurance processes that provide timely awareness of potential issues;
- Advise stakeholders (and their management) on control operational state and needed improvements;
- Determine the impact of changes in the IT operating environment & regulatory obligations on the IT Control framework; and
- Develop plans to address needed changes.
- 25% of the Incumbent's time will be dedicated to setting/influencing policy or decisions.
- 75% of the Incumbent's time will be dedicated to executing/implementing decisions that have been made by leadership.
- The IT Compliance Lead Analyst role will support the existing Compliance Team and their efforts. This position, along with others being initiated, are critical for ensuring the implementation and operation of the IT compliance & risk management function while evolving the tools, processes and methodology established in the IT Control & Risk Framework initiative. This role is important to maturing the IT Compliance function, shaping the processes, practices and establishing the controls & compliance culture in IT. This is critical to supporting the IT governance processes that have been established to manage IT risk, ensure critical controls are implemented & operating to avoid audit findings, and ultimately help reduce IT and corporate risk.
- The Incumbent will have routine interaction with key stake holders (IT application, process, and/or findings/remdiation/control plan owners) that can reside in any organization within CME Group Inc. (Global Assurance, IT Compliance liaisons, ERM & Corporate Compliance Teams). This interaction will assist stakeholders better understand findings management and the compliance framework and to better understand IT Compliance activities in assessing IT controls, providing input into remediation plans, reporting on compliance efforts, education/advice on control & risk management processes. The Incumbent will also support Global Assurance during audit processes; and provide support to the IT Compliance liaisons to improve their overall effectiveness.
- The Incumbent will have routine interaction with consultants supporting control & risk framework implementation and work transition. Additionally, the Incumbent will potentially have interactions with 3rd party providers of applications / services as they perform control assessments, as well as 3rd party authoritative sources as necessary to understand updates/clarifications to legal or regulatory obligations and their services.
- Demonstrates proven success in a role that emphasizes a thorough knowledge of technical aspects of the following areas:
- IT Risk Management,
- Information Security,
- Technical Privacy, and/or
- IT Audits
- Demonstrates thorough knowledge of performing IT Risk & Security assessments across a broad range of technologies, leveraging thorough technical and operational knowledge of Information Security best practices and industry standards to define the security controls and processes.Demonstrates thorough knowledge and/or exposure to the common issues facing the financial services market including privacy and regulatory concerns.
- Demonstrates thorough abilities with the utilization of network and application security assessment tools and methodologies to manage and address security and control issues with the following technologies: UNIX, Windows Servers, databases (Oracle, SQL, DB2, etc.), firewalls, routers, wireless environments, mobile devices, and cloud computing.
- Demonstrates thorough abilities participating in key management discussions and meetings; preparing concise, accurate documents and balancing project deadlines with the occurrence of unanticipated issues.
- Possess strong written and verbal communication skills/presentation skills, Leadership, and ability to lead and work with diverse teams
- Demonstrates thorough abilities as a team leader: creating a positive environment by monitoring workloads of the team while meeting project expectations and respecting the work-life quality of team members; providing candid, meaningful feedback in a timely manner; and keeping leadership informed of progress and issues.
- Demonstrates thorough experience as a Senior level consultant, auditor and/or Information Security analyst in a financial firm, professional services firm or large enterprise, which includes:
- Interfacing with key stakeholders on control solutions.
- Leading the planning and execution of projects in the following areas:
- Findings Management,
- Information Security,
- Risk Management,
- Technical Privacy/Compliance,
- IT Security Audit, and / or
- IT Risk Management.
- Experience working with NIST, COBIT, CFTC, AICPA, ISO/IEC, PCI, FFIEC, etc.
- General proficiency as user of GRC & Audit tools
Minimum Education/Experience Requirements:
- Minimum Degree Required:
- Bachelor's degree in business, accounting, finance, computer science, information systems, engineering, or a related discipline
- Minimum Years of Experience:
- 3-6 years of experience in general accounting and/or working as a Senior level IT analyst, IT auditor, or IT risk adviser for a financial institution, public accounting firm (Big 4 preferred), or a professional services firm, performing IT Controls, IT Risk Management, and/or IT Internal Audit including experience in Information Security.
- Preferred Certifications: