The Global Information Security (GIS) Risk Analyst will work with peers in GIS and across the Technology Division to ensure that InfoSec risks are properly identified, assessed, adjudicated, and communicated in support of the overall GIS Risk Management program. The Risk Analyst will report to the Manager, InfoSec Risk Management, and will assist with the continuous improvement of the InfoSec Risk Management program, as well as contribute to the daily functioning of the GIS InfoSec Risk Management Program.
Work with peers in GIS, Architecture & Product Management, Execution & Engineering, Infrastructure & Operations, and IT Compliance & Controls to identify and adjudicate InfoSec risks.
Conduct tabletop, lightweight, and detailed risk assessments using CME Groups established InfoSec risk management method and instrumentation.
Collaboratively author and edit various risk-related documents, including Risk Profiles, Risk Advisory Memos, Risk Acceptance Memos, exceptions and exemptions from GIS technical policies and standards, and other related output resulting from risk adjudication activities.
As requested, support the GIS Risk Leads participation in and contribution to various working groups across the Technology Division, including but not limited to the Enterprise Architecture Board, various change advisory boards, Identity & Access Management working group, Data Protection working group, etc.
As requested, assist the Executive Director of GIS Risk Management, Manager, Risk Management, and GIS Risk Lead with:
Continuous improvement and maturation of the methods, instrumentation, training, documentation, and processes required to properly manage InfoSec risks.
roviding advisory and consulting services to the Information Technology Management Team related to InfoSec risks, treatment strategies, and decision-making.
Promoting a culture of risk awareness and accountability through training, education, and risk management consultative support.
roducing GIS metrics for management and other stakeholders including gathering applicable data, identifying meaningful trends and effectively reporting written narrative, tabulated data and graphical representation.
Objectively assess the impact, likelihood, velocity, and magnitude of identified risks
Objectively advise on any number of technical controls that will mitigate risk while not imposing undue burden on those who must implement the controls
Drive objectivity and build consensus among stakeholders with widely divergent perspectives and drivers
Rapidly analyze complex technical details
Synthesize detailed analysis into a big picture view that can be easily understood by non-technical stakeholders in order to support risk-based decision-making for senior managers within the Technology Division.
Recommends risk treatment decisions
Recommends ranges of controls when risk mitigation is desired
Recommends improvements to methods, instrumentation, training, documentation, and processes
Recommends solutions for automating and streamlining InfoSec risk management practices
Exercises skills in negotiation and influence on a daily basis to gain consensus with stakeholders on risk management decisions and deliverables.
Works daily with peers across all elements of the Technology Division.
Communicates regularly with cross-functional peers outside of the Technology Division, including General Counsel, Records Retention, Global Assurance (internal audit), Enterprise Risk Management, Third Party Risk Management, and other business unit leadership.
Interacts occasionally with industry peers from other SIFMUs, research organizations, solution providers, etc.
Salary: Not Disclosed by Recruiter
/ Financial Services
Functional Area: IT Software - Network Administration
Role Category: Admin/Maintenance/Security/Datawarehousing
Role: System Security
Employment Type: Permanent Job, Full Time