For Recruiters

Sr. Technology Controls and Compliance Analyst

CME Group
New York, United States
Posted 3 days ago Permanent Competitive
Sr. Technology Controls and Compliance Analyst
Description
The Senior Technology Controls and Compliance Analyst within the Global Information Security (GIS) department will be leading the Development efforts of the IT Automation & Continuous Monitoring Program. The Analyst will provide support to the Compliance Team and their efforts. This position is critical in supporting the IT governance processes established to manage IT risk, ensure critical controls are implemented and operating to avoid audit findings, and ultimately help reduce IT and corporate risk.

Primary Responsibilities:
  • Perform scripting to automate specific controls as required by the IT Automation and Continuous Monitoring Program, using CI tools such as Bamboo
  • Researching industry best practices around automation & monitoring and providing solutions for application automation as new technology becomes available
  • Debugging the system and fixing related issues associated with Scripting in Bamboo and output to GRC tool
  • Handling complex operational tasks and recommending process and technology changes
  • Building, testing, and installing scripts and software in Dev, QA, Prod/DR environment as needed to automate controls supporting complex efforts involving Analysis, Design, Development and testing of various application components
  • Creating accurate, logical, and detailed work-papers clearly describing the work performed, results of testing and conclusions reached
  • Building positive and collaborative business relationships with stakeholders to support effective and efficient management of the controls testing program
  • Maintaining up-to-date knowledge of the company's IT infrastructure, applications, and IT standards
  • Participating in key management discussions and meetings and Prioritization decisions, balancing project deadlines with the occurrence of unanticipated issues
  • Collaborating with immediate team, fostering a positive team culture while meeting project expectations and respecting the work-life quality of team members
  • Providing candid, meaningful feedback in a timely manner to IT Compliance stakeholders as well as control owners, and keeping leadership informed of progress and issues

Key activities include:
  • Performing Scripting of Controls to provide Automation & Monitoring capabilities
  • Performing testing of internal technology controls in support of various regulatory requirements
  • Providing guidance and training to other team members as necessary
  • Preparing metrics related to controls testing progress and present them to stakeholders as required
  • Recommending improvements in IT control & risk processes for potential automation
  • Analyzing and recommending if existing controls meet new/changing best practices, new regulatory or legal obligations or if control enhancements are needed

Qualifications:
  • Expertise in operating windows and Linux environment with good command over any scripting language such as Shell, Perl, Python, etc.
  • Strong Knowledge of CI tools such as Bamboo
  • 4+ years of experience as a developer with experience operating within an SDLC framework in a regulated environment
  • A broad range of knowledge in technologies and environments leveraging operational knowledge of Information Security best practices and industry standards to define the security controls and processes
  • Strong written and verbal communication skills/presentation skills, leadership, and ability to work with diverse teams
  • Experience interfacing with key stakeholders and Security Control owners
  • Experience working with best practice and frameworks such as ISO27001, NIST, COBIT, CFTC, AICPA, ISO/IEC, PCI, FFIEC or equivalent
  • Degree in business, accounting, finance, computer science, information systems, engineering, or a related discipline - or relevant work experience


Preferred
  • Experience as Senior Staff/Senior level consultant, auditor, or Information Security analyst in a professional services firm or large enterprise
  • Participation in the planning and execution of projects in one or more of the following areas: Information Security Risk Management, Technical Compliance, IT Security Audit, Remediation, and/ or IT Risk Management
  • Experience with Governance, Risk and Compliance (GRC) & Audit tools
  • Experience working with CAATs/data analytics tools and technologies such as Cloud, DevOps, Microservices, etc. desirable, but not mandatory
  • CISA / CISSP / CISM / CGEIT / CRISC / ISO27001 certification (one or more)

#LI-MFE-Recruit
#LI-Hybrid

CME Group: Where Futures Are Made

CME Group (www.cmegroup.com) is the world's leading derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.

The Candidate Privacy Policy can be found here.
Job ID  10402572
More jobs From CME Group
CME Group
Senior Technology Controls and Compliance Analyst
CME Group
Chicago, USA
3 days ago Full time Competitive
CME Group
IAM - Lead Security Engineer LDAP
CME Group
New York, USA
3 days ago Full time Competitive
CME Group
Sr HR Technology Workday Analyst
CME Group
Chicago, USA
3 days ago Full time Competitive
CME Group
Senior Security Engineer - IAM
CME Group
New York, USA
3 days ago Full time Competitive
CME Group
IAM Senior Security Engineer
CME Group
New York, USA
3 days ago Full time Competitive
CME Group
Sr Software Engineer
CME Group
Chicago, USA
3 days ago Full time Competitive
CME Group
IAM - Lead LDAP Engineer
CME Group
Houston, USA
3 days ago Full time Competitive
CME Group
IAM Lead LDAP Engineer
CME Group
Washington D.C., USA
3 days ago Full time Competitive
CME Group
Sr Network Ops Engineer
CME Group
Belfast, United Kingdom
3 days ago Full time Competitive
CME Group
Senior Network Operations Engineer
CME Group
Singapore
3 days ago Full time Competitive