Associate Principal, Platform Security (Information Security Engineer)
Who We Are
The Options Clearing Corporation (OCC) is the world's largest equity derivatives clearing organization.
Founded in 1973, OCC is dedicated to promoting stability and market integrity by delivering clearing and settlement services for options, futures and securities lending transactions.
As a Systemically Important Financial Market Utility (SIFMU), OCC operates under the jurisdiction of the U.S. Securities and Exchange Commission (SEC), the U.S. Commodity Futures Trading Commission (CFTC), and the Board of Governors of the Federal Reserve System.
OCC has more than 100 clearing members and provides central counterparty (CCP) clearing and settlement services to 19 exchanges and trading platforms.
More information about OCC is available at www.theocc.com.
What We Offer
A highly collaborative and supportive environment developed to encourage work-life balance and employee wellness. Some of these components include:
A hybrid work environment, up to 3 days per week of remote work
Tuition Reimbursement to support your continued education
Student Loan Repayment Assistance
Technology Stipend allowing you to use the device of your choice to connect to our network while working remotely
Generous PTO and Parental leave
Competitive health benefits including medical, dental and vision
What You’ll Do
This role will support the architecture, design and governance of a secure infrastructure ecosystem, focused on automation and proactive IaaS security best practices in collaboration with other teams.
Working between IT and security, the team's mission is to build security in from the start.
We look for opportunities to automate and streamline security practices in order to support the business while reducing risk.
Primary Duties and Responsibilities:
To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.
Collaborate with development, operations and infrastructure teams to analyze security change control Processes, Controls and Guardrails
Search for opportunities to integrate and automate security best practices within processes to deliver secure software and infrastructure
Support cloud infrastructure teams with security observation remediation and proactive strategy to improve security posture
Work to reduce cycle time on remediating security observations within cloud and enterprise platform teams
Support automation for any security-related objectives within IT
Assess the production security readiness of services we plan to deploy
Support operationalization of shared security services and tools to improve automated monitoring capabilities
Contribute to the team’s continuous improvement through research, retrospectives, discussion groups and performing architecture assessments
This role will provide hands on support architecting cloud security technologies, native AWS monitoring and auditing services, and improved cloud security governance and control
This role is expected to demonstrate exceptionally strong ethics, integrity and be accountable for their actions
This candidate must be driven, a stellar communicator, enthusiastic and have the desire to stay ahead of today’s emerging threats and actor techniques
The ideal candidate will have strong attention to detail, be motivated to collaborate with stakeholders across Security and IT teams and keep current on regulatory/compliance demands on our company (e.g. CIS, NIST, etc)
The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions.
Able to succeed in fast-paced environment with frequent changes
Comfortable communicating with both technical and non-technical audiences
Exceptional verbal/written communication skills to be able to articulate ideas clearly and concisely
Excellent listening skills
Exceptional analytical, problem solving and troubleshooting skills with the ability to exercise good judgment while developing creative solutions
Self-starter – takes the initiative to research, learn and deliver. Anticipates the play
Team player – humble, collaborative, and focused on making sure the entire team succeeds
Ability to work with business users, understand their needs and translate those needs to the final project deliverables
Good consultative, communication, team player and analytical skills are a must, as you will be regularly interacting between various teams
High-energy, results driven person with an attention to detail
Exceptional tactical planning skills based on long-term strategic goals
Cloud engineering and assessment experience, and training with focus on development of secure enterprise solutions
Strong familiarity with enterprise technologies; strong technical background and understanding of security-related technologies
Good applicable knowledge of policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management
Understanding of Identity access management and Privileged Account Management ideologies and have some experience with key industry toolsets
Understanding of Public Key Infrastructure and Cloud Based Technologies
Strong architectural understanding of security landscape and trending technologies
Proficient in creating content with Microsoft Office (Word, Excel, PowerPoint, Visio)
Proficient in basic document management in a Microsoft SharePoint or similar environment
Understanding and experience utilizing Cloud Services and Architecture (AWS / Azure)
Ability to learn and review Infrastructure as code (Terraform / Hashi Vault)
Experience managing infrastructure in public cloud environments like AWS (preferred), Azure or GCP
Experience providing visibility using monitoring and alerting tools like Splunk
Experience with Terraform, Infrastructure as code
Programming/scripting experience in languages like Java, Bash, Python or Go
Experience with using Continuous Integration and Continuous Delivery (CI/CD) tools like Jenkins, Travis, Harness, Spinnaker, Appveyor, CodeBuild or CodePipeline
Experience with cloud/technology deployments in general
Experience with NIST CSF/COBIT and related control framework
Experience with IT-security/risk/governance
Excellent proficiency in network, application, wireless and physical security
Experience with dedicated document management tools (e.g., DMS, PolicyTech)
Experience with using ServiceNow
Experience with encryption technologies and products (Key Management / Certificate Management)
Exposure to IAM and PAM services and applications (CyberArk / ForgeRock / Sailpoint)
Education and/or Experience:
BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university OR equivalent work experience
5+ Years’ experience in Information Assurance or Information Security environment
Certificates or Licenses:
Security-related certifications (AWS Certified Solutions Architect, AWS Certified Security Specialty, etc.)
CISSP, Cloud Based Certifications and PKI Foundational certifications
When you find a position you're interested in, click the 'Apply' button. Please complete the application and attach your resume.
You will receive an email notification to confirm that we've received your application.
If you are called in for an interview, a representative from OCC will contact you to set up a date, time, and location.
OCC is an Equal Opportunity Employer
- Chicago - 125 S Franklin
- Full Time Regular
- Posted: May 17, 2022
How to Apply
Step 1 - When you find a position you're interested in, click the 'Apply' button. Please complete the application and attach your resume.
Step 2 - You will receive an email notification to confirm that we've received your application.
Step 3 - If you are called in for an interview, a representative from OCC will contact you to set up a date, time, and location.
OCC is an Equal Opportunity Employer
Numerous studies have shown that people from groups that are traditionally under-represented in financial services apply to jobs only if they believe they meet 100% of the requirements. We want to break down this mindset to further diversify our workforce.
We encourage you to review our open positions and apply if you think your experience may be a match, even if you do not meet all of the qualifications. Your perspective may be an element we need to continue building innovative solutions to support the markets and market participants we serve.
OCC is a globally recognized entity that clears a multitude of diverse and sophisticated products. We want to reflect this in the diversity of our workforce.