Lead Tech Controls & Compliance Analyst

The Lead IT Compliance and Controls Analyst within the Global Information Security (GIS) department will support the Compliance Team and their efforts. This position is critical for ensuring the implementation and operation of the IT compliance & risk management function while evolving the tools, processes and methodology established in the IT Control & Risk Framework initiative. This role is important to the IT Compliance function, shaping the processes, practices, and establishing the controls and compliance culture in IT. This is critical to supporting the IT governance processes that will be established to manage IT risk, ensure critical controls are implemented & operating to avoid audit findings, and ultimately help reduce IT and corporate risk.
The Lead IT Compliance and Control Analyst will be expected to:

  • Determine the impact of changes in the IT operating environment & regulatory obligations; and work with IT Management to address needed changes.
  • 75% of the candidate’s time will be dedicated to managing, collaboration, and execution of three annual internal SOC reports with our key stakeholders. This includes:
    • Managing regular status updates, reporting and presenting to executive leadership.
    • Working closely with our external auditors, legal, and control owners in support of report creation.
    • Time critical completion of our annual SOC reports.
    • Working closely with our TPRM team to submit these reports for distribution to our customers.
    • Document and track findings identified in Archer to closure.
  • 20% of the candidate’s time will be dedicated to coordinate with internal stakeholders and control owners in support or internal audits.
  • 5% of the candidate’s time will be dedicated to reviewing and closing out IT internal audit findings.
  • The candidate will collaborate with key partners such as IT Control Owners, Corporate Compliance, and Global Assurance while helping establish new approaches where precedent does not exist in handling IT controls and associated risks. Given the current control environment, precedents will need to be established to determine how to properly respond; leaning on defined controls but helping to establish the compliance culture.

Required skills:

  • Bachelor’s degree in business, accounting, finance, computer science, information systems, engineering, or a related discipline
  • Familiar with the SOC report purpose and processes that go into generating a SOC1 and SOC2 Type II report
  • 7-10 years of experience in general accounting and/or working as a team lead, IT auditor, or IT risk adviser for a financial institution, public accounting firm, or a professional services firm, performing IT Controls Management, IT Risk Management, IT Policy/Standard Governance and/or IT Internal Audit including experience in Information Security or IT Project Management
  • Demonstrates thorough abilities participating in key management discussions and meetings preparing concise, accurate documents and balancing project deadlines with the occurrence of unanticipated issues
  • Demonstrates proven success in a role that emphasizes a thorough knowledge of technical aspects of IT Risk Management, Information Security, Technical Privacy, and/or IT Audits
  • Demonstrates a broad range of knowledge in technologies and environments leveraging operational knowledge of Information Security best practices and industry standards to define the security controls and processes
  • Understands the utilization of network and application security assessment tools and methodologies to manage and address security and control issues with the following technologies: UNIX, Windows Servers, databases (Oracle, SQL, DB2, etc.), firewalls, routers, wireless environments, mobile devices, and cloud computing
  • Possess strong written and verbal communication skills, presentation skills, leadership, and ability to lead and work with diverse teams
  • Demonstrates thorough abilities as a team leader by: creating a positive environment by monitoring workloads of the team while meeting project expectations and respecting the work-life quality of team members; providing candid, meaningful feedback in a timely manner; and keeping leadership informed of progress and issues
  • Demonstrates thorough experience as a consultant, IT project manager, auditor and/or Information Security analyst in a financial firm, professional services firm or large enterprise
  • Interfaces with key stakeholders on control solutions. Leads and/or assists with the planning and execution of work in: Information SecurityRisk Management, Technical Privacy/Compliance, IT Security Audit, and / or IT Risk Management.
  • Experience working with best practice and frameworks such as, NIST, COBIT, AICPA, ISO27001, ISO27017, PCI, FFIEC
  • Experience supporting CFTC and SEC exams preferred
  • CISA, CCAK, CIRM, ISO27001 certification preferred
  • General proficiency as user of Governance, Risk and Compliance (GRC) & Audit tools

#LI-Hybrid

#LI-RP1

CME Group : Where Futures are Made

CME Group is the world’s leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career by shaping tomorrow. We invest in your success and you own it – all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And we’re looking for more.

More Information

Apply for this job
Share this job

13th Anniversary Global InfoSec Awards for 2025 now open for early bird packages! Winners Announced during RSAC 2025...

X