Description The IT Compliance and Controls Manager role within the Technology department is a critical 2nd line of defense role driving the organization to understand, implement, and regularly validate compliance to IT control & risk management practices that meet legal, regulatory and CME policy obligations. This position will ensure the implementation and operation of the IT compliance function while shaping the processes, practices and establishing the controls & compliance culture in IT. This position will support the IT governance processes, manage IT risk, ensure critical controls are implemented & operating to avoid audit findings, and ultimately help reduce IT and corporate risk.
Principle Accountabilities: The incumbent will manage day-to-day efforts of the IT Compliance & Controls Program. Activities will include evaluation of findings & providing recommendations to the governance body on remediation plans; assisting in remediation planning and tracking; supporting definition of Governance Risk & Compliance (GRC) automation needs including reporting requirements; maintaining the IT Control Framework (library, authoritative source maintenance, applicability & control plan updates as sources or the IT environment changes); leading IT Control assurance testing, leading baseline controls & test procedure development & maintenance, providing evaluation over new authoritative sources; regularly interacting with control plan owners and assisting in compliance awareness efforts while supporting IT compliance obligations as required.
Key responsibilities include:
Provide thought leadership on how to prioritize improvements in control and risk processes, including what to automate vs. do manually
Using a risk-based approach, program manage the annual IT controls testing in alignment with customer, legal and regulatory obligations
Provide guidance and oversite to both internal global staff and third party contracted staff in handling IT Findings and remediation, compliance, controls, assurance testing plans, testing results and overall challenges facing the team.
Provide thought leadership on remediation plan structure and outcomes
Provide thought leadership to determine training/education needs (based on interaction with control plan owners)
Determine improvements to overall control assurance processes
Provide efficient & timely insight into the current state to allow improved risk management and avoid audit findings.
Bachelor's degree in business, accounting, finance, computer science, information systems, engineering, or a related discipline
8-10 years of experience working as a Lead/Manager/Sr. Manager level IT auditor, or IT risk adviser for a financial institution, public accounting firm, or a professional services firm, performing IT Controls, IT Risk Management, and/or IT Internal Audit including experience in Information Security. Experience in leading staff and overall project/program management.
Demonstrated proven success in a leadership role that emphasizes an expert level knowledge of: IT Risk Management, Finding and Remediation Management, Information Security, Technical Privacy, IT Audits, and Risk & Security assessments
Demonstrated expert level knowledge and/or exposure to the common risks facing the financial services market/derivatives market, including regulatory obligations.
Demonstrated general knowledge of network and application security assessment tools and methodologies to manage and address security and control issues with the following technologies: (AWS, GCP, Azure) cloud services, UNIX, Windows Servers, databases (Oracle, SQL, DB2, etc.), firewalls, routers, wireless environments, mobile devices and emerging technology.
Demonstrated leadership abilities leading key management discussions and meetings; reviewing and approving concise, accurate documents and balancing project deadlines with the occurrence of unanticipated issues.
Strong written and verbal communication skills/presentation skills and ability to lead and work with diverse and global teams
Demonstrated proven experience as a team leader: creating a positive environment by monitoring workloads of the team while meeting project expectations and respecting the work-life quality of team members; providing candid, meaningful feedback in a timely manner; and keeping leadership informed of progress and issues.
Experience working with NIST, COBIT, AICPA, ISO/IEC, CCM CSA, SWIFT CSF, FedLine, PCI, FFIEC IT Guidance, etc.
Experience working in a highly regulated environment
Proficient user of GRC & Audit tools
One or more certifications in: AWS/GCP/Azure Cloud, CISA / CISSP / CISM / CGEIT/ CRISC /CDPSE
#LI-hybrid # LI-RP1
CME Group: Where Futures Are Made
CME Group (www.cmegroup.com) is the world's leading derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.