Staff Attorney Regulatory - IT and Operations
CME Group is the world's leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Joining our company gives you the opportunity to make a difference in global financial markets every day, whether you work on our industry-leading technology and risk management services, our benchmark products or in a corporate services area that helps us serve our customers better. We're small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic, the work is unlike any other firm in the business, and the possibilities are endless. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.
To learn more about what a career at CME Group can offer you, visit us at www.wherefuturesaremade.com .
The Staff Attorney will be a key part of a lean team providing legal and regulatory guidance regarding cybersecurity, technology, operational resilience, and data privacy matters across all CME Group business units. This role provides a breadth of experience - everything from fast paced, incident management legal support to analysis of long-term policy and regulatory developments in these highly impactful subject matter areas. In this role, you will work on issues that hit the front page of the newspaper, for a critical part of the financial markets, both domestically and world-wide. Principal Accountabilities:
• Assist with regulatory engagement for matters related to IT, information security, business continuity management, operational resilience, information governance, third party risk management, enterprise risk management and data privacy. This includes providing legal counsel, strategic oversight and strong project management for examinations conducted by supervising regulators like the CFTC, preparing business partners to present to supervisory regulators in examinations and other routine and ad hoc meetings, and drafting regulatory applications and notifications required in the technology, cyber, and data privacy areas.
• Participate in incident and crisis management at CME Group, including providing on the ground practical legal support in real-time for teams triaging cyber, operational, and data privacy incidents, as well as advising partners conducting insider threat investigations.
• Provide hands on partnership to key customers, including information security, business continuity management, technology, data privacy, third party risk management, and compliance functions. This includes using legal expertise and understanding to help shape and develop these programs, from a policy, governance and operational perspective. This also includes participating in cross-functional, internal CME Group committees and working groups, related to key technology projects and risk areas, like insider threat, threat intelligence information sharing, and data protection.
• Partner with key customers in their engagement with strategic industry and governmental groups, including participating in industry information sharing groups, as well as tracking and opining on relevant policy statements and white papers.
• Provide support to transactional legal teams, to analyze and account for nuanced legal risk in customer contracts, user agreements, and intergroup agreements as it relates to technology, cybersecurity, and data privacy.
• Provide support to legal regulatory team with rule filings with the CFTC and other notifications, as required under relevant administrative law
• Help identify and implement creative solutions from a process and project management perspective, to ensure that overlapping regulatory requests and matters emanating from multiple sources are handled in a consistent and efficient manner.