Lead IT Compliance/Controls Analyst Lead IT Compliance/Controls Analyst …

Chicago Mercantile Exchange
in Chicago, IL, United States
Permanent, Full time
Last application, 27 May 20
Chicago Mercantile Exchange
in Chicago, IL, United States
Permanent, Full time
Last application, 27 May 20
Lead IT Compliance/Controls Analyst
CME Group is the world's leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Joining our company gives you the opportunity to make a difference in global financial markets every day, whether you work on our industry-leading technology and risk management services, our benchmark products or in a corporate services area that helps us serve our customers better. We’re small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic, the work is unlike any other firm in the business, and the possibilities are endless. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.

To learn more about what a career at CME Group can offer you, visit us at  www.wherefuturesaremade.com .

The Lead IT Compliance/Controls Analyst role is within the Global Information Security (GIS) department and will support the IT Compliance Team and their efforts. This position is critical in supporting the IT governance processes established to manage IT risk, ensure critical controls are implemented and operating to avoid audit findings, and ultimately help reduce IT and corporate risk.

Key responsibilities include:

  • Create and maintain IT Policy, Standards and Procedures in alignment with IT mandates with the appropriate level of approval and review frequency.

  • Analyze and recommend if existing IT controls meet new/changing best practices, regulatory or legal obligations or if control enhancements are needed.

  • Assist with the SOC1/2 report processes and ISO27001 certification maintenance.

  • Help to determine training/education needs and assist in development and execution.

  • Address customer IT and security assessments via questionnaires, on site visits or webinars.

  • The candidate will collaborate with key partners such as IT Control Owners, Corporate Compliance and Global Assurance (i.e. Internal Audit) while helping establish new approaches where precedent doesn’t exist in handling IT controls and associated risks.  Utilizing the current IT control environment, precedents will need to be established to determine how to properly respond, leveraging defined controls which continue to support and reflect a culture of compliance.


  • Proven success in a role that emphasizes a thorough knowledge of technical aspects of technology, IT Risk Management, Information Security, Privacy and/or IT Audits.

  • Experience and understanding from working in highly regulated environments.

  • A broad range of knowledge in technologies and environments leveraging operational knowledge of IT and information security best practices and industry standards to define technology controls and processes.

  • Thorough knowledge and/or exposure to the common issues facing the financial services market including privacy, security and regulatory concerns.

  • Ability to participate in key management discussions and meetings; preparing concise, accurate documents and balancing project deadlines with the occurrence of unanticipated issues.

  • Excellent written and verbal communication and presentation skills, leadership, and ability to lead and work with diverse teams.

  • Experience working with and understanding best practices, frameworks and/or regulatory requirements such as ISO27001, NIST, COBIT, CFTC, AICPA, ISO/IEC, PCI, FFIEC, SEC etc. 

  • SOC experience and/or knowledge of COSO.

  • Experience understanding the utilization of network and application security assessment tools and methodologies to manage and address security and control issues with the following technologies: UNIX, Windows Servers, databases (Oracle, SQL, DB2, etc.), firewalls, routers, wireless environments, mobile devices, and cloud computing.

  • Ability to interface with stakeholders at all levels within the organization while leading the planning and execution of projects related to Information Security, Risk Management, Technical Privacy/Compliance, IT Security Audit, and / or IT Risk Management.

  • Ability to create a positive environment by monitoring workloads of the team while meeting project expectations and respecting the work-life quality of team members, providing candid, meaningful feedback in a timely manner, and keeping leadership informed of progress and issues.

  • 7-10 years of related experience in IT, Information Security, IT Compliance, Policy/Standard Governance, IT Risk Management or IT Audit related field, as a consultant, auditor and/or Information Security analyst in a financial firm, professional services firm or large enterprise.

  • Bachelor's degree in business, accounting, finance, computer science, information systems, engineering, or a related discipline.

  • CISA / CISSP / CISM / CGEIT / ISO27001 or other related certification,  preferred.

  • Experience with usage of Governance, Risk and Compliance (GRC) & Audit tools (specifically RSA Archer).

For EU Residents, the Candidate Privacy Policy can be found here.