Description 

The IT Compliance/Controls Analyst I role within the Global Information Security (GIS) department will support the Compliance Team and their efforts. This position is critical in supporting the IT governance processes established to manage IT risk, ensure critical controls are implemented & operating to avoid audit findings, and ultimately help reduce IT and corporate risk.

Primary Accountabilities 

• Learning and understanding the function and goals of the CME Group Technology Compliance Team 

• Execute controls assessments to evaluate the adequacy and effectiveness of internal controls, verify compliance with corporate policies and procedures.

• Maintain up-to-date knowledge of the company’s IT infrastructure, applications, and IT standards.

• Create accurate, logical and detailed work-papers clearly describing the work performed, results of testing and conclusions reached  

• Build positive and collaborative business relationships with stakeholders to support effective and efficient management of the controls testing program.

• Maintain and promote knowledge of the CME's operations, including policies and procedures and any applicable regulatory requirements.

Key responsibilities include:

• Perform testing of internal technology controls in support of various regulatory requirements

• Recommend remediation actions for findings

• Recommend improvements in IT control & risk processes for potential automation.

• Provide timely status updates and assist senior team members in preparation of metrics related to controls testing progress. 

• Partner with more senior members of the IT Compliance team to provide recommendations to management for strengthening controls and work with management to develop acceptable solutions to mitigate risk.

• Analyzing and recommending if existing controls meet new/changing best practices, new regulatory or legal obligations or if control enhancements are needed.

The incumbent will collaborate with key partners such as IT Control Owners, Corporate Compliance, Business Process Owners and Global Assurance (i.e. Internal Audit) with supporting and establishing new approaches or changes in existing processes around documented requirements for mitigation of associated risks.  Given the current control environment, precedents will need to be established to determine how to properly respond, leveraging defined controls but continuing to establish a policy reflecting a culture of compliance.

Qualifications:

• Bachelor's degree in business, accounting, finance, computer science, information systems, engineering, or a related discipline

• 0-3 years’ experience as an IT auditor, or IT risk adviser for a financial institution, public accounting firm, or a professional services firm, performing IT Controls Management, IT Risk Management, IT Policy/Standard Governance and/or IT Internal Audit including experience in Information Security.

• CISA / CISSP / CRISC / ISO27001 certification desirable, but not mandatory

• Knowledge of Information Security best practices and industry standards to define the security controls and processes

• Ability to participate in key management discussions and meetings; preparing concise, accurate documents and balancing project deadlines with the occurrence of unanticipated issues.

• Possess strong written and verbal communication skills/presentation skills, and ability to work with diverse teams 

• Demonstrate thorough abilities as a team player; creating a positive environment while meeting project expectations and respecting the work-life quality of team members, providing candid, meaningful feedback in a timely manner, and keeping leadership informed of progress and issues. 

• Experience interfacing with key stakeholders on control solutions, and participating in planning and execution of projects in: Information Security, Risk Management, Technical Privacy/Compliance, IT Security Audit, and / or IT Risk Management  (or) Experience in one or more Technology areas like Information Security, Software Development, IT Architecture, RPA, Data Analytics, etc. with a willingness to move to an IT audit role

• Knowledge of frameworks such as ISO27001, NIST, COBIT, CFTC, AICPA, ISO/IEC, PCI, FFIEC or equivalent desirable

• Knowledge of CAATs/data analytics tools and technologies such as Cloud, DevOps, Microservices, etc. desirable, but not mandatory

• Experience using Governance, Risk and Compliance (GRC) & Audit tools desirable.

CME Group: Where Futures are Made

CME Group is the world’s leading derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career by shaping tomorrow. We invest in your success and you own it – all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And we’re looking for more.

At CME Group, we embrace our employees' unique experiences and skills to ensure that everyone’s perspectives are acknowledged and valued. As an equal-opportunity employer, we consider all potential employees without regard to any protected characteristic.

Important Notice: Recruitment fraud is on the rise, with scammers using misleading promises of job offers and interviews to solicit money and personal information from job seekers. CME Group adheres to established procedures designed to maintain trust, confidence and security throughout our recruitment process. Learn more here.