Description The Senior Technology Controls and Compliance Analyst within the Global Information Security (GIS) department will be leading the Development efforts of the IT Automation & Continuous Monitoring Program. The Analyst will provide support to the Compliance Team and their efforts. This position is critical in supporting the IT governance processes established to manage IT risk, ensure critical controls are implemented and operating to avoid audit findings, and ultimately help reduce IT and corporate risk.
Perform scripting to automate specific controls as required by the IT Automation and Continuous Monitoring Program, using CI tools such as Bamboo
Researching industry best practices around automation & monitoring and providing solutions for application automation as new technology becomes available
Debugging the system and fixing related issues associated with Scripting in Bamboo and output to GRC tool
Handling complex operational tasks and recommending process and technology changes
Building, testing, and installing scripts and software in Dev, QA, Prod/DR environment as needed to automate controls supporting complex efforts involving Analysis, Design, Development and testing of various application components
Creating accurate, logical, and detailed work-papers clearly describing the work performed, results of testing and conclusions reached
Building positive and collaborative business relationships with stakeholders to support effective and efficient management of the controls testing program
Maintaining up-to-date knowledge of the company's IT infrastructure, applications, and IT standards
Participating in key management discussions and meetings and Prioritization decisions, balancing project deadlines with the occurrence of unanticipated issues
Collaborating with immediate team, fostering a positive team culture while meeting project expectations and respecting the work-life quality of team members
Providing candid, meaningful feedback in a timely manner to IT Compliance stakeholders as well as control owners, and keeping leadership informed of progress and issues
Key activities include:
Performing Scripting of Controls to provide Automation & Monitoring capabilities
Performing testing of internal technology controls in support of various regulatory requirements
Providing guidance and training to other team members as necessary
Preparing metrics related to controls testing progress and present them to stakeholders as required
Recommending improvements in IT control & risk processes for potential automation
Analyzing and recommending if existing controls meet new/changing best practices, new regulatory or legal obligations or if control enhancements are needed
Expertise in operating windows and Linux environment with good command over any scripting language such as Shell, Perl, Python, etc.
Strong Knowledge of CI tools such as Bamboo
4+ years of experience as a developer with experience operating within an SDLC framework in a regulated environment
A broad range of knowledge in technologies and environments leveraging operational knowledge of Information Security best practices and industry standards to define the security controls and processes
Strong written and verbal communication skills/presentation skills, leadership, and ability to work with diverse teams
Experience interfacing with key stakeholders and Security Control owners
Experience working with best practice and frameworks such as ISO27001, NIST, COBIT, CFTC, AICPA, ISO/IEC, PCI, FFIEC or equivalent
Degree in business, accounting, finance, computer science, information systems, engineering, or a related discipline - or relevant work experience
Experience as Senior Staff/Senior level consultant, auditor, or Information Security analyst in a professional services firm or large enterprise
Participation in the planning and execution of projects in one or more of the following areas: Information Security Risk Management, Technical Compliance, IT Security Audit, Remediation, and/ or IT Risk Management
Experience with Governance, Risk and Compliance (GRC) & Audit tools
Experience working with CAATs/data analytics tools and technologies such as Cloud, DevOps, Microservices, etc. desirable, but not mandatory
CME Group is committed to offering a competitive total rewards package for our employees that recognizes their contributions to the business and reflects our long-term investment in their future. The salary range for this role is $101,700-$169,500. Actual salary offered will be dependent on a wide array of factors including but not limited to: relevant experience, skills, education and comparison to internal employees (where relevant). Our compensation program also includes an annual target bonus opportunity for all employees, as well as the opportunity to become an owner in the company through our broad-based equity program. Through our Benefits program, we strive to offer flexibility, value and choice. From comprehensive health coverage, to a retirement package that includes both a 401(k) and an active Pension Plan, to highly competitive education reimbursement provisions, paid time off and a mental health benefit, CME Group offers a holistic Benefits package for our team and their dependents.
CME Group: Where Futures Are Made
CME Group (www.cmegroup.com) is the world's leading derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.
This position requires that you be fully vaccinated against COVID-19 by the date of hire. Proof of vaccination will be required as a condition of employment. CME Group complies with federal, state and local laws with respect to providing accommodations for individuals who are unable to receive the vaccine due to a medical condition or religious belief.