Explore
Close
Your acceptance of all cookies will permit robust site functionality. If you don't allow cookies, some features and functionality of OCC's site may not operate as expected. If you do not choose either cookie setting for our site, or if you close this window, this message will continue to display on each page you visit. Cookie settings can be controlled in your Internet browser to automatically reject some forms of cookies. For more details on cookies this site uses, see our OCC Site Cookies page. In addition to using cookies, we retain other information, including your Internet Protocol (IP) address, for the purposes listed in the Privacy Policy.

Director, Security Engineering

About Us

The Options Clearing Corporation (OCC) is the world's largest equity derivatives clearing organization. Founded in 1973, OCC is dedicated to promoting stability and market integrity by delivering clearing and settlement services for options, futures and securities lending transactions. As a Systemically Important Financial Market Utility (SIFMU), OCC operates under the jurisdiction of the U.S. Securities and Exchange Commission (SEC), the U.S. Commodity Futures Trading Commission (CFTC), and the Board of Governors of the Federal Reserve System. OCC has more than 100 clearing members and provides central counterparty (CCP) clearing and settlement services to 19 exchanges and trading platforms. More information about OCC is available at www.theocc.com.

What We Offer

A highly collaborative and supportive environment developed to encourage work-life balance and employee wellness. Some of these components include:

A hybrid work environment, up to 3 days per week of remote work

Tuition Reimbursement to support your continued education

Student Loan Repayment Assistance

Technology Stipend allowing you to use the device of your choice to connect to our network while working remotely

Generous PTO and Parental leave

Competitive health benefits including medical, dental and vision

What you'll do

The Director, Security Engineering is responsible for the analysis, design, testing, documentation, support, monitoring, and administration of the information security technology product portfolio in compliance with OCC information security policies, standards, and procedures as well as applicable Financial Regulator guidance and requirements.

Manage a team of highly skilled security engineers; oversee, and execute key governance activities such as audit, compliance and process effectiveness testing.

Must have ability to think with a security mindset. The successful candidate must have a strong information security and technology background with in-depth knowledge of several key security practice areas to include access control; privileged access management; application security; identity and access management; data security and governance; network security; security architecture; mobile security and various cloud-based security strategies

Primary Duties and Responsibilities:

To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.

Responsibilities of the role are as follows:

  • Define and assess the effectiveness of security controls for cloud-based platforms (Amazon AWS, Microsoft Azure etc.) and the major supporting service applications (storage, logging, access controls, etc.).

  • Collect and analyze security requirements from internal customers; reconcile and remediate any conflicts with information security policies and standards.

  • Design, test, and manage the implementation of security solutions using existing products in the OCC security portfolio: firewalls, proxy servers, intrusion detection/prevention, data loss prevention, anti-virus, anti-spam, vulnerability scanning, security information and event management, etc.

  • Provide recommendations on and lead the implementation of security solutions per the organization’s change management process and procedures.

  • Develop, implement, and execute control activities to ensure that security products, processes, and procedures are working as intended; remediate any deficiencies detected; provide documentation and other artifacts.

  • Develop and collect metrics that measure the volume and trends of work activities and events within the security operations capability; provides regular reports to management.

  • Assess risks to the confidentiality, integrity, and availability of the organization’s information assets; makes risk treatment recommendations to management; researches, evaluates, and recommends new security products, processes and procedures.

  • Collaborate with technology teams on deployments requiring the establishment of new backend systems, configurations, or controls.

  • Provide security engineering support and expertise to enterprise IT projects that cross multiple platforms and ensure alignment with corporate security architecture.

  • Support the creation of and adherence to cybersecurity and information security reference architectures by developing reusable patterns for security.

  • Work directly with product and development managers to track and remediate application and infrastructure vulnerabilities.

  • Thorough knowledge of common security standards to include NIST Cybersecurity Framework, NIST 800-53, ISO 27001, and COBIT and their application within a regulated financial sector institution. 

  • Experience working with modern infrastructure and application security systems, host-based intrusion detection and prevention systems, stateful firewalls, symmetric and asymmetric encryption systems, zero-trust architecture and other security technologies relevant to web operations and mobile workforce management.

  • Maintain current understanding of cyber threat activity relevant to OCC’s business activities and technology and able to articulate their associated actors, exploits and opportunities to improve OCC’s specific defense capabilities.

  • Familiarity with distributed, cloud-hosted, service-oriented web applications using modern deployment technologies (Docker, Citrix, VMWare, Kubernetes, etc.).

  • Familiarity with modern infrastructure and message bus tooling: web services, Kafka, Hadoop, Hive, etc.

  • Ability to articulate the business risk associated with identified security weaknesses to senior management, Board of Directors, and Financial Regulators. Prepare formal written materials to support responses to Financial Regulator inquiries and as part of Regulatory Exams.

Supervisory Responsibilities:

  • Manages all members of the Security Engineering team within Security Services. 

  • Assigns personnel to projects, directs their activities and performs personnel actions (hiring, promotions, terminations, etc.).

  • Confer with and advise subordinates on administrative policies and procedures, technical problems, priorities and methods.

  • Prepare performance expectation plans and monitor progress to satisfy employee and management goals.

  • Promote employee development by conducting career-planning sessions with staff and selecting and scheduling employee training classes, conferences and seminars.

Qualifications:

The requirements listed are representative of the knowledge, skill, and/or ability required.  Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions.

  • Excellent communication, interpersonal, analytical, judgment and management skills.

  • Ability to work with customers, internal management, and staff.

  • Ability to deal effectively with stressful situations.

  • Proven ability to lead and motivate staff.

  • Ability to effectively communicate in both formal and informal review settings with all levels of management.

  • Ability to work with local and remote IT staff/management, vendors, and consultants.

  • Ability to work independently and possess strong project management skills.

Technical Skills:

 Practical working knowledge of:

  • SIEM (Splunk ESM, ArcSight, IBM QRadar, McAfee NitroSecurity, etc.) solutions

  • Forensic analysis tools (MIR, EnCase, FTK)

  • Malware analysis tools (dynamic and static)

  • Vulnerability assessment tools (Qualys, ISS Scanner, Nmap, Nessus, Nexpose etc.)

  • Secure Web Gateway (BlueCoat, Microsoft Forefront) solutions

  • Network sniffers and packet tracing tools (DSS, Ethereal and tcpdump, WireShark).

  • Intrusion Detection & Prevention Tools (Cisco Firepower, Palo Alto, etc.)

  • Encryption technologies (PGP, PKI and X.509)

  • Experience with Active Directory security, including scans, best practices and security configuration

  • Experience with Application Security controls including design, dynamic scans, static code analysis

  • Complete knowledge of dynamic Incident Reponses process, procedures, and tools

  • Identity and access management (I&AM) experience with Active Directory, NTFS permissions, LDAP and Single Sign On (SSO) solutions.

  • Proxy and caching services

  • Windows and Linux Client/server platforms

  • Operating system hardening procedures (Linux, Windows, etc.)

  • LAN/WAN routing and high availability (OSPF, BGP4/iBGP, EIGRP and NSRP)

  • Fundamental understanding of the underlying protocols and data used as the basis for the security monitoring service, including: HTTP, HTTPS, SQL, TCP/IP, Active Directory

  • Application and database security experience, including code reviews.

  • Network and security engineering experience, including log and network traffic capture analysis.

  • Experience with system hardening procedures for Windows, Linux, UNIX.

  • Security policy, standards, governance, privacy or regulatory experience (e.g., NIST, ISO, SEC Regulation SCI, CFTC, and Federal Reserve guidance).

  • Knowledge of Microsoft Mobile Device Management and Mobile Application Management platforms.

  • Knowledge of programming and scripting for development of security tools and industry frameworks.

Education and/or Experience:

  • 15+ years of experience in security environment management or 10 years equivalent combination of education and work experience

  • Bachelor’s degree in Computer Science, MIS or related discipline a plus; 5+ years of experience managing people and projects

  • Experience managing multiple, simultaneous projects

  • Track record of successful experiences with senior level representation and team building skills

  • Senior level knowledge of the cyber security industry and measures/techniques applied to both measure and reduce risk

  • Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies and motives.

  • Familiarity with computer network exploitation and network attack methodologies and understanding of the relationship these activities have with the Financial Services industry and critical infrastructure.

Certificates or Licenses:

  • Professional network and/or security certifications a plus (i.e., GIAC, CISSP, CISA, CISM, CRISC)

Step 1
When you find a position you're interested in, click the 'Apply' button. Please complete the application and attach your resume.  

Step 2
You will receive an email notification to confirm that we've received your application.

Step 3
If you are called in for an interview, a representative from OCC will contact you to set up a date, time, and location. 

For more information about OCC, please click here.

OCC is an Equal Opportunity Employer

Apply About OCC
  • REQ-2166
  • Chicago - 125 S Franklin
  • Full Time Regular
  • Posted: Aug. 19, 2021

How to Apply

Step 1 - When you find a position you're interested in, click the 'Apply' button. Please complete the application and attach your resume.

Step 2 - You will receive an email notification to confirm that we've received your application.

Step 3 - If you are called in for an interview, a representative from OCC will contact you to set up a date, time, and location.

OCC is an Equal Opportunity Employer

Numerous studies have shown that people from groups that are traditionally under-represented in financial services apply to jobs only if they believe they meet 100% of the requirements. We want to break down this mindset to further diversify our workforce.

We encourage you to review our open positions and apply if you think your experience may be a match, even if you do not meet all of the qualifications. Your perspective may be an element we need to continue building innovative solutions to support the markets and market participants we serve.

OCC is a globally recognized entity that clears a multitude of diverse and sophisticated products. We want to reflect this in the diversity of our workforce.

This web site discusses exchange-traded options issued by The Options Clearing Corporation. No statement in this web site is to be construed as an endorsement, recommendation or solicitation to purchase or sell a security, or to provide investment advice. Options involve risk and are not suitable for all investors. Prior to buying or selling an option, a person must receive a copy of the disclosure document, Characteristics and Risks of Standardized Options. Individuals should not enter into option transactions until they have read and understood this document. To obtain copies, contact your broker, any exchange on which options are traded, or The Options Clearing Corporation, 125 S. Franklin Street, Suite 1200, Chicago, IL 60606 ([email protected]).