Explore
Close
Your acceptance of all cookies will permit robust site functionality. If you don't allow cookies, some features and functionality of OCC's site may not operate as expected. If you do not choose either cookie setting for our site, or if you close this window, this message will continue to display on each page you visit. Cookie settings can be controlled in your Internet browser to automatically reject some forms of cookies. For more details on cookies this site uses, see our OCC Site Cookies page. In addition to using cookies, we retain other information, including your Internet Protocol (IP) address, for the purposes listed in the Privacy Policy. Testing

Lead Security Governance Analyst

Summary

The Lead Security Governance Analyst will work with various Security Services team members and Management and is responsible for leading reporting and analysis of information security initiatives, remediation items, and metrics to the Director Security Governance. Additionally, this role will lead the development, creation and publication of policy, procedures and controls for the Security Services department in support of the Cyber Security Framework.

Primary Duties and Responsibilities:

To perform this job successfully, an individual must be able to perform each primary duty satisfactorily

  • Responsibilities include the development and implementation of best practices regarding the gathering, reporting and representation of security KPI’s and KRI’s to various OCC stakeholders.
  • Develop and maintain and continually improve Information Security Services policy, procedures and controls.
  • Recommend appropriate metrics, reporting frameworks and standards.
  • Assist in management of activities related to the lifecycle of remediation activities including, but not limited to:
    • Delivery timeline tracking
    • Management Reponses
    • Development of appropriate action plans
    • Gathering, review of appropriate evidence artifacts
    • Proving feedback to responsible SME regarding appropriateness of evidence artifacts
    • Development of documentation to submit for closure
  • Act as supporting point of contact from Security Services to Compliance, Internal Audit, Enterprise Risk Management (ERM) and Project Management Office (PMO).
  • Act as supporting point of contact into the Enterprise Risk Management (ERM) Group for the delivery of security metrics relevant to ERM and ensure alignment of that data across the multiple reports being supported.
  • Lead development and implementation of right sized management self-testing of controls.
  • Lead Information Security Cyber Security Working Group Program efforts.

Supervisory Responsibilities:

None

Qualifications:

The requirements listed are representative of the knowledge, skill, and/or ability required.  Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions.

  • Excellent oral and written communication, analytical skills to successfully analyze, model and communicate complex problem domains and solutions.
  • Ability to work independently and effectively with local and remote OCC staff, management, vendors, and consultants while exercising sound judgment.
  • Strong understanding of information technology and risk management concepts
  • Possesses critical IT values (i.e., fact based, collaborative, credibility/trust and judgment).

Technical Skills:

  • Strong experience in Information Security related policy, procedure and control writing.
  • Strong understanding of information related frameworks and standards such as NIST CSF COBIT, NIST 800-53, ISO etc.
  • Experience in technology risk management principles and practices.
  • Experience in working with regulatory frameworks and requirements relevant to OCC such as, RegSCI, CFTC, etc.

Education and/or Experience:

  • Bachelor Degree - Computer Science, Management Information Systems, or related field or the equivalent combination of education and/or relevant experience.
  • 5 or more years hands-on Information Security related work experience.
  • Previous work in Compliance, Audit, Risk Management, or Project Management.

Certificates or Licenses:

  • Professional network and/or security certifications a plus (i.e., GIAC, CISSP, CISA, CISM, CRISC)

Step 1
When you find a position you're interested in, click the 'Apply' button. Please complete the application and attach your resume.  

Step 2
You will receive an email notification to confirm that we've received your application.

Step 3
If you are called in for an interview, a representative from OCC will contact you to set up a date, time, and location. 

For more information about OCC, please click here.

OCC is an Equal Opportunity Employer

Apply About OCC
  • REQ-1801
  • Chicago - 125 S Franklin
  • Full Time Regular
  • Posted: Jun. 29, 2020

How to Apply

Step 1 - When you find a position you're interested in, click the 'Apply' button. Please complete the application and attach your resume.

Step 2 - You will receive an email notification to confirm that we've received your application.

Step 3 - If you are called in for an interview, a representative from OCC will contact you to set up a date, time, and location.

OCC is an Equal Opportunity Employer

This web site discusses exchange-traded options issued by The Options Clearing Corporation. No statement in this web site is to be construed as an endorsement, recommendation or solicitation to purchase or sell a security, or to provide investment advice. Options involve risk and are not suitable for all investors. Prior to buying or selling an option, a person must receive a copy of the disclosure document, Characteristics and Risks of Standardized Options. Individuals should not enter into option transactions until they have read and understood this document. To obtain copies, contact your broker, any exchange on which options are traded, or The Options Clearing Corporation, 125 S. Franklin Street, Suite 1200, Chicago, IL 60606 (investorservices@theocc.com).