Your acceptance of all cookies will permit robust site functionality. If you don't allow cookies, some features and functionality of OCC's site may not operate as expected. If you do not choose either cookie setting for our site, or if you close this window, this message will continue to display on each page you visit. Cookie settings can be controlled in your Internet browser to automatically reject some forms of cookies. For more details on cookies this site uses, see our OCC Site Cookies page. In addition to using cookies, we retain other information, including your Internet Protocol (IP) address, for the purposes listed in the Privacy Policy.

Associate Principal, IT Governance


This role will be responsible for the development, implementation and oversight of programs within IT. Ensures the overall effectiveness and adherence to the governance framework and ongoing evaluation of IT’s internal control environment. A member of a high performing team responsible for risk and control self-assessments, identifying control failures, facilitating risk, compliance remediation, and monitoring the first line of defense in an effort to minimize risk exposures and strengthen IT’s overall control environment.  The ability to build and maintain working relationships with both business and technology teams and second- and third-line partners will be critical to success, as will having a compliance and continuous improvement mindset.  
Essential Duties and Responsibilities: 
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.  

•    Provide expertise in the design, development, and implementation into IT’s system of internal controls which includes policies, procedures, and controls of IT processes.
•    Assist in conducting process gap analyses of controls to key regulations, mapping to industry standards and develop continuous compliance monitoring in order to provide assurance that IT processes are operating according to the principles embedded in relevant industry standards (COBIT).  
•    Build relationships and practice effective collaboration with stakeholders across partner teams in understanding the impact of changes to the IT environment and processes.  Point of contact for IT process improvements, relevant regulatory authorities, Compliance, Enterprise Risk Management and Internal Audit teams addressing concerns and removing roadblocks to drive forward.
•    Partner with Business Process Reengineering team, product teams and process owners to support IT process improvement/reengineering efforts based on recommended solutions.  Support the implementation, operation, and continuous process improvement of IT’s governance structure that organizes, formalizes, and regulates changes to the IT environment.
•    Maintain an awareness of emerging IT GRC best practices to support the department’s goals and strategic direction.
•    Analyze processes; identify alternative solutions, and recommends new approaches, seeking to exploit automation and drive technology requirements
•    Effectively collaborate with stakeholders in the design, development and implementation of key performance indicators (KPIs) and dashboards to monitor, maintain accurate and timely visibility into the status of the IT processes, remediation, and compliance efforts. Provide transparency of performance to the IT environment.
•    Advise process owners on identified issues, support for regulatory exams, audit engagements and inquiries, review materials for examinations and monitor the resolution of regulatory examination and internal audit findings.
•    Assist in remediation planning and tracking of remediation efforts with stakeholders
•    Perform other duties as assigned. 
Supervisory Responsibilities:    

•    This role does not have direct reports but may provide supervision to multiple cross-organizational teams within IT.
The requirements listed below are representative of the knowledge, skill, and/or ability required.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.  

 •    Broad range of knowledge and experience with IT processes and operating in a highly cross-functional environment.  
•    Demonstrated exposure to process improvement initiatives
•    Knowledge and experience with IT audits and exams.
•    Working knowledge and experience of IT control frameworks and industry standards such as COBIT, NIST Cybersecurity Framework (CSF), or similar industry-accepted standards and the principles embedded within them.  
•    Demonstrated ability to develop policies and supporting documentation for programs
•    Have strong analytical, problem solving, and collaborative skills with the ability to exercise mature and timely judgment and decision-making.  
•    Deep understanding of the technical domains and processes and good understanding of legal/regulatory requirements.
•    Experience working with Agile methods.
•    Ability to manage multiple priorities and to effectively adapt to rapid changing needs with demonstrated ability to prioritize projects and workload. Ability to manage across multiple competing priorities and time-sensitive initiatives.
•    Excellent Interpersonal skills, verbal & written
•    Experience with Business Process Modeling (BPM) a plus
•    Knowledge and experience with Cloud migration a plus
Technical Skills:    

•    Excellent MS Office Suite skills (Word, PowerPoint, etc.)
•    JIRA/ Confluence experience a plus
•    Performance measurement tools such as Tableau and other similar tools a plus
•    Integrated GRC management solutions such as Archer a plus
Education and/or Experience:    

•    Bachelor’s Degree in Information Systems, Business Management or related field 
•    Minimum of 7 years of relevant work experience 
Certificates or Licenses:    

None required but preferred certificates include any of the following:
•    Control Evaluation / Auditing / Examination:  CIA, CISA, CFSA, CFE
•    Risk Management: CRMA, CRISC
•    Governance of Enterprise IT / InfoSec: CGEIT, CISM, CISSP
•    Product/Project Management Framework: Agile/Scrum
•    Process Management: Lean, Six Sigma, ITIL

Step 1
When you find a position you're interested in, click the 'Apply' button. Please complete the application and attach your resume.  

Step 2
You will receive an email notification to confirm that we've received your application.

Step 3
If you are called in for an interview, a representative from OCC will contact you to set up a date, time, and location. 

For more information about OCC, please click here.

OCC is an Equal Opportunity Employer

Apply About OCC
  • REQ-2241
  • Chicago - 125 S Franklin
  • Full Time Regular
  • Posted: Oct. 11, 2021

How to Apply

Step 1 - When you find a position you're interested in, click the 'Apply' button. Please complete the application and attach your resume.

Step 2 - You will receive an email notification to confirm that we've received your application.

Step 3 - If you are called in for an interview, a representative from OCC will contact you to set up a date, time, and location.

OCC is an Equal Opportunity Employer

Numerous studies have shown that people from groups that are traditionally under-represented in financial services apply to jobs only if they believe they meet 100% of the requirements. We want to break down this mindset to further diversify our workforce.

We encourage you to review our open positions and apply if you think your experience may be a match, even if you do not meet all of the qualifications. Your perspective may be an element we need to continue building innovative solutions to support the markets and market participants we serve.

OCC is a globally recognized entity that clears a multitude of diverse and sophisticated products. We want to reflect this in the diversity of our workforce.

This web site discusses exchange-traded options issued by The Options Clearing Corporation. No statement in this web site is to be construed as an endorsement, recommendation or solicitation to purchase or sell a security, or to provide investment advice. Options involve risk and are not suitable for all investors. Prior to buying or selling an option, a person must receive a copy of the disclosure document, Characteristics and Risks of Standardized Options. Individuals should not enter into option transactions until they have read and understood this document. To obtain copies, contact your broker, any exchange on which options are traded, or The Options Clearing Corporation, 125 S. Franklin Street, Suite 1200, Chicago, IL 60606 ([email protected]).