Senior Information Governance Risk Management Analyst
CME Group is the world's leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Joining our company gives you the opportunity to make a difference in global financial markets every day, whether you work on our industry-leading technology and risk management services, our benchmark products or in a corporate services area that helps us serve our customers better. We're small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic, the work is unlike any other firm in the business, and the possibilities are endless. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.
To learn more about what a career at CME Group can offer you, visit us at www.wherefuturesaremade.com .
This position supports the Information Governance programs which include privacy/confidentiality, records and information management, and eDiscovery. This role is specifically responsible for understanding and assessing Information Governance risks associated with CME Group initiatives, technology, and third party vendors. Assessments include adherence with relevant to laws, regulations, and industry standards. This role will also be responsible for conducting training and awareness activities, applicable to the assessment process. Conduct assessments to determine the capabilities for managing data in accordance with company policies, procedures, and standards. (e.g. Third Party Vendors, Software, on premises technology deployments, internal data use and access, operational initiatives). Responsibilities and Duties
Qualifications and Experience:
- Identify and document vulnerabilities and risks associated with managing data and provide solutions for remediation.
- Identify dates for remediation and monitor progress for the identified vulnerabilities and risks. Provide management with periodic updates on remedial efforts.
- Ensure the identified risks are in alignment with the Enterprise Risk Management program.
- Advance the information governance assessment program, facilitating in the identification and risk reduction of information governance risks.
- Demonstrate and understanding of business processes, policies, procedures, governance practices and regulatory requirements.
- Keep abreast of industry developments, such as standards and technology to help harden the organization's ability to protect information and comply with industry standards.
- Participate in continuing education, seminars, and professional organizations to maintain up-to-date knowledge of new issues and regulatory developments.
- Participate in and conduct training and awareness activities for the organization.
- Bachelor's degree. (e.g., Computer Information Systems, Computer Science, Information Systems Management, Privacy, Records Management) or equivalent educational or professional experience and/or qualifications.
- Familiarity with privacy and record keeping laws, data protection/security regulations, and eDiscovery frameworks
- Demonstrable audit, risk and/or compliance experience preferred
- Experience completing audits, risk assessments, and remediation management.
- Experience with RSA Archer Vendor Management tool and SharePoint Administration a plus
- Strong communication, facilitation, and relationship building skills
- Comfortable dealing with all levels of management
- Strong analytic skills
- Technical skills, required
- Highly organized with excellent time management and related organizational skills, including appropriate sense of urgency, a proactive approach, and a suitable ability to anticipate and manage project lifecycle events, issues and obstacles