Description Principal Accountabilities: -Coordinate the development of information security policies, standards and procedures. Work with IT departments and data custodians in the development of such policies. Ensure policies support compliance with external requirements. -Oversee the dissemination of policies, standards and procedures. Coordinate the development and delivery of an education and training program on information security and privacy matters for employees/contractors. Assist in developing and implementing an ongoing risk assessment program targeting information security and privacy matters; recommend methods for vulnerability detection and remediation and oversee vulnerability testing. Assist in implementing information security policies and procedures for the organization. Ensure Global Information Security - Operations Team conforms to information security policies, standards, laws and regulations. Conduct reviews and audits to ensure compliance for information security Policies and Procedures. Monitor compliance with information security policies and procedures, referring problems to the appropriate department manager. Analyze Technology and -Enterprise Computing controls and provide recommendations for improvements in accordance with frameworks. Engage CME Group Internal Audit, CME Group Compliance, CME Group's external auditors, Technology and Enterprise Computing Division Management and Staff to ensure effective communication and reporting transparency for Global Information Security Projects and Programs. Assist with reporting and communicating at a strategic level on efforts within IT Risk and IT Change Management programs. -Analyze and make suggestions for enhancements to these programs while ensuring industry best practices and standards. Assist with implementing portions of ISO 27001 and an ISMS. Assist with internal investigations. Assist with implementation of Identify and Access Governance tool. Keep abreast of latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities pertaining to CME Group and its mission. Assist with Security Awareness Program and ongoing education. Assist in defining processes within the Assurance and Security Management areas of the Global Information Security Department. Ad hoc requests.
Skills & Software Requirements:
Minimum of six years of experience in information security, information technology, IT compliance, IT Internal Audit or related field. Working knowledge of policy and regulatory environment of information security. Excellent project management, written and oral communications skills desired. Ability to work collaboratively with a broad range of constituencies essential.
Knowledge and understanding of various IT platforms and databases including Unix, Solaris, Linux, Windows, Oracle and Networking. A Bachelor's degree and working towards a CISSP, Security+, CISA or CISM. Knowledge of risk management practices and programs required.
CME Group: Where Futures Are Made
CME Group (www.cmegroup.com) is the world's leading derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Joining our company gives you the opportunity to make a difference in global financial markets every day, whether you work on our industry-leading technology and risk management services, our benchmark products or in a corporate services area that helps us serve our customers better. With 3,500 employees located around the world, we're small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic, the work is unlike any other firm in the business, and the possibilities are endless. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.