at CME Group
OtherPosted 2 months ago
No clicks
The Global Information Security (GIS) Technology Risk Management Analyst III will work with GIS and Technology Division teams to ensure cybersecurity and technology risks are identified, assessed, adjudicated, and communicated as part of CME Group's Risk Management program. The role involves collaborating with technology and business partners to identify risks related to confidentiality, integrity, and availability of systems and information, and documenting remediation plans with risk owners and peers. You will foster risk awareness, contribute to policy and procedure improvements, support regulatory compliance activities, and synthesize technical details into clear, actionable insights for senior decision-makers. You will also collect and create technology metrics, identify meaningful trends, and report them to decision-makers.
- Compensation
- Not specified
- City
- Bengaluru
- Country
- India
Currency: Not specified
Full Job Description
The Global Information Security (GIS) Technology Risk Management Analyst III will work with peers in GIS and across the Technology Division to ensure that cybersecurity and technology risks are properly identified, assessed, adjudicated, and communicated in support of the overall GIS Risk Management program.
As part of the GIS Risk Management team, the analyst will work with a broad range of technology and non-technology stakeholders to help CME record and remediate risks.
Accountabilities:
Support CME Groups technology and cybersecurity risk management function
Work collaboratively with technology and business partners to identify and assess risks related to the confidentiality, integrity, and availability of technology systems and information
Develop and document remediation plans with risk owners and technical peers to address identified risks, including recommendations for technology and process controls
Foster a culture of risk awareness and accountability through continuous engagement with stakeholders throughout the risk management and finding management life cycle
Contribute to the continuous improvement of Risk Management policies and procedures
Contribute to regulatory compliance activities including annual enterprise technology risk assessments
Synthesize complex technical details for presentation to non-technical decision-makers
Support the collection and creation of technology metrics, aid in identifying meaningful trends, and effectively report and present metrics to decision-makers
Problem Solving:
Objectively assess the impact, likelihood, velocity, and magnitude of identified risks
Objectively advise on any number of technical controls that will mitigate risk will not imposing undue burden on those who must implement the controls
Drive objectivity and build consensus among stakeholders with widely divergent perspectives and drivers
Rapidly analyze complex technical details
Synthesize detailed analysis into a big picture view that can be easily understood by non-technical stakeholders in order to support risk-based decision-making for senior managers within the Technology Division
Decision Making:
Recommend risk treatment decisions
Recommend ranges of controls when risk mitigation is desired
Recommend improvements to methods, instrumentation, training, documentation, and processes
Working Relationships:
Daily interaction with peers across the Technology Division.
Experience:
Bachelors degree in computer science or similar degree, or equivalent work experience (4+ years) in technology roles
3-5+ years of experience working in a cybersecurity and technology risk management or compliance role
3-5+ years of experience working with industry standard information security and control frameworks (NIST Cyber Security Framework, 800-53, ISO 27002, CobIT, etc.)
Demonstrable high quality oral and written communications skills for technical, management, and executive audiences
Demonstrable knowledge of cybersecurity and IT best practices in the areas of identity and access management, intrusion detection and response, secure software development (including Agile), security architecture, security engineering, and IT compliance
Experience working with global organizations and global teams, experience in the Financial sector preferred
Professional certifications in cybersecurity or Risk Management (such as CRISC, CISM, CISSP, CGEIT, CISA, etc.) desired
Knowledge and/or experience with Cyber Risk Quantification (CRQ) and the Factor Analysis of Information Risk (FAIR) framework and standard desirable but not required
CME Group: Where Futures are Made
CME Group is the worlds leading derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career by shaping tomorrow. We invest in your success and you own it all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And were looking for more.
At CME Group, we embrace our employees' unique experiences and skills to ensure that everyones perspectives are acknowledged and valued. As an equal-opportunity employer, we consider all potential employees without regard to any protected characteristic.
Important Notice: Recruitment fraud is on the rise, with scammers using misleading promises of job offers and interviews to solicit money and personal information from job seekers. CME Group adheres to established procedures designed to maintain trust, confidence and security throughout our recruitment process. Learn more here.
Location: Bangalore - Bagmane Tridib
Time Type: Full time
