IT Compliance and Controls Manager
CME Group is the world's leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Joining our company gives you the opportunity to make a difference in global financial markets every day, whether you work on our industry-leading technology and risk management services, our benchmark products or in a corporate services area that helps us serve our customers better. We're small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic, the work is unlike any other firm in the business, and the possibilities are endless. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.
To learn more about what a career at CME Group can offer you, visit us at www.wherefuturesaremade.com .
The IT Compliance and Controls Manager role within the Technology department is a critical role driving the organization to understand, implement, and regularly validate compliance to IT control & risk management practices that meet legal, regulatory and CME policy obligations. This position will ensure the implementation and operation of the IT compliance function while shaping the processes, practices and establishing the controls & compliance culture in IT. This position will support the IT governance processes, manage IT risk, ensure critical controls are implemented & operating to avoid audit findings, and ultimately help reduce IT and corporate risk.
The incumbent will manage day-to-day efforts of the IT Compliance & Controls Program. Activities will include evaluation of findings & providing recommendations to the governance body on remediation plans; assisting in remediation planning and tracking; supporting definition of Governance Risk & Compliance (GRC) automation needs including reporting requirements; maintaining the IT Control Framework (library, authoritative source maintenance, applicability & control plan updates as sources or the IT environment changes); leading IT Control assurance testing, leading baseline controls & test procedure development & maintenance, providing evaluation over new authoritative sources; regularly interacting with control plan owners and assisting in compliance awareness efforts while supporting IT compliance obligations as required. Key responsibilities include
- Provide thought leadership on how to prioritize improvements in control and risk processes, including what to automate vs. do manually
- Using a risk-based approach, program manage the annual IT controls testing in alignment with customer, legal and regulatory obligations
- Provide guidance and oversite to third party contacted staff in handling IT Findings and remediation, compliance, controls, assurance testing plans, testing results and overall challenges facing the team.
- Provide thought leadership on remediation plan structure and outcomes
- Provide thought leadership to determine training/education needs (based on interaction with control plan owners)
- Determine improvements to overall control assurance processes
- Provide efficient & timely insight into the current state to allow improved risk management and avoid audit findings.
- Bachelor's degree in business, accounting, finance, computer science, information systems, engineering, or a related discipline
- 8-10 years of experience working as a Lead/Manager/Sr. Manager level IT auditor, or IT risk adviser for a financial institution, public accounting firm (Big 4 preferred), or a professional services firm, performing IT Controls, IT Risk Management, and/or IT Internal Audit including experience in Information Security. Experience in leading staff and overall project/program management.
- Demonstrated proven success in a leadership role that emphasizes an expert level knowledge of:
1. IT Risk Management,
2. Findings and Remediation Management,
3. Information Security,
4. Technical Privacy, and/or,
5. IT Audits,
6. Risk & Security assessment
- Demonstrated expert level knowledge and/or exposure to the common risks facing the financial services market/derivatives market, including regulatory obligations.
- Demonstrated general knowledge of network and application security assessment tools and methodologies to manage and address security and control issues with the following technologies: UNIX, Windows Servers, databases (Oracle, SQL, DB2, etc.), firewalls, routers, wireless environments, mobile devices, and cloud computing.
- Demonstrated leadership abilities leading key management discussions and meetings; reviewing and approving concise, accurate documents and balancing project deadlines with the occurrence of unanticipated issues.
- Strong written and verbal communication skills/presentation skills and ability to lead and work with diverse and global teams
- Demonstrated proven experience as a team leader: creating a positive environment by monitoring workloads of the team while meeting project expectations and respecting the work-life quality of team members; providing candid, meaningful feedback in a timely manner; and keeping leadership informed of progress and issues.
- Experience working with NIST, COBIT, AICPA, ISO/IEC, PCI, FFIEC IT Guidance, etc.
- Experience working in a highly regulated environment
- Proficient user of GRC & Audit tools
- One or more certifications in: CISA / CISSP / CISM / CGEIT/ CRISC