Associate Principal, Security Governance (GRC)
Who We Are
The Options Clearing Corporation (OCC) is the world's largest equity derivatives clearing organization. Founded in 1973, OCC is dedicated to promoting stability and market integrity by delivering clearing and settlement services for options, futures and securities lending transactions. As a Systemically Important Financial Market Utility (SIFMU), OCC operates under the jurisdiction of the U.S. Securities and Exchange Commission (SEC), the U.S. Commodity Futures Trading Commission (CFTC), and the Board of Governors of the Federal Reserve System. OCC has more than 100 clearing members and provides central counterparty (CCP) clearing and settlement services to 19 exchanges and trading platforms. More information about OCC is available at www.theocc.com.
What We Offer
A highly collaborative and supportive environment developed to encourage work-life balance and employee wellness. Some of these components include:
A hybrid work environment, up to 2 days per week of remote work
Tuition Reimbursement to support your continued education
Student Loan Repayment Assistance
Technology Stipend allowing you to use the device of your choice to connect to our network while working remotely
Generous PTO and Parental leave
Competitive health benefits including medical, dental and vision
The Associate Principal, Security Governance (reporting to the Director Security Governance) supports the Security Services Department and will regularly liaise with, Compliance, Enterprise Risk Management, Internal Audit and OCC’s Regulators. This person is responsible for driving information security initiatives related to regulatory exam and Internal Audit remediation planning, tracking, and mitigation. Additionally, this role will lead the development, review and publication of policy, procedures and controls for the Security Services Department in support of the NIST Cyber Security Framework. Likewise, this role will facilitate the management self-testing efforts for the Security Service Department by identifying, recommending, and driving enhancements to the performance, integrity, and compliance of the organization’s processes.
This role will also focus on compliance with applicable regulatory and legal rules and requirements (i.e. SEC-Regulation SCI, CFTC-System Safeguards, etc.) as they relate to information security.
Primary Duties and Responsibilities:
To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.
Responsibilities include the development, review and continuous improvement of the Security Services Department policies, procedures, and controls to enhance OCC’s risk control environment
Recommendation of appropriate reporting frameworks, standards and best practices.
Assist with remediating regulatory and Internal Audit findings, including collecting data to identify root cause of problems, identifying trends, formulating solutions, and escalating potential issues related to the lifecycle of remediation activities including, but not limited to:
Development of appropriate action plans
Delivery timeline tracking
Gathering, and review of appropriate evidence artifacts
Proving feedback to responsible SME’s regarding appropriateness of evidence artifacts
Development of documentation for closure
Act as supporting point of contact from Security Services to senior management in Compliance, Internal Audit, Enterprise Risk Management, Legal and the Enterprise Project Management Office.
Lead development, implementation, review and improvement of right sized management self-testing of controls.
Lead Information Security Cyber Security Working Group Program efforts.
Act on Security Services behalf related to compliance matters including developing and implementing strategies for strengthening the Security Services compliance posture
Manage Security Services responses to Third-Party requests and surveys
Perform ad-hoc duties for Security Governance management as necessary
The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions.
Broad knowledge of applicable regulatory, legal rules and requirements (e.g., SEC, CFTC, Federal Reserve Board, etc.) as they pertain to Information Security.
Sound knowledge of and experience working with Security and Technology authoritative industry standards and control framework s (e.g. NIST CSF, NIST 800-53, CIS 20, COBIT, COSO, ITIL, ISO 27001, CSA CCM, etc.)
Strong understanding of information technology and risk management concepts
Strong experience in Information Security related policy, procedure and control writing.
Sound knowledge of Cloud implementation and Cloud compliance strategies including for data, information, application, platform, and network security as well as control design and implementation for cloud including NFR development and definition.
Understanding of Systems Development Life Cycle (SDLC) process (Agile) and Secure Software Development Lifecycle.
Ability to work independently and as a member of a team, proficient in collaborating with internal business clients from different departments and at various levels of seniority.
Proficient in gathering, analyzing, and evaluating facts and preparing/presenting concise oral and written Compliance related data analysis and reports.
Excellent organizational, written and oral communication skills.
Proficiency with Microsoft Office Suite, including Word, Excel, and PowerPoint
Experience using an integrated risk management system (such as RSA Archer Suite) a plus
Business Intelligence tool experience (i.e. Tableau), a plus
Education and/or Experience:
Bachelor Degree - Computer Science, Management Information Systems, Business, or related field or the equivalent combination of education and/or relevant experience.
5 or more years hands-on Information Security or EGRC related work experience.
Previous work in Compliance, Audit, Risk Management, Project Management or control activities in the financial services industry
Certificates or Licenses:
Professional network and/or security certifications a plus (i.e., GIAC, CISSP, CISA, CISM, CRISC etc.)
When you find a position you're interested in, click the 'Apply' button. Please complete the application and attach your resume.
You will receive an email notification to confirm that we've received your application.
If you are called in for an interview, a representative from OCC will contact you to set up a date, time, and location.
For more information about OCC, please click here.
OCC is an Equal Opportunity Employer
- Chicago - 125 S Franklin
- Full Time Regular
- Posted: Mar. 21, 2023
How to Apply
Step 1 - When you find a position you're interested in, click the 'Apply' button. Please complete the application and attach your resume.
Step 2 - You will receive an email notification to confirm that we've received your application.
Step 3 - If you are called in for an interview, a representative from OCC will contact you to set up a date, time, and location.
OCC is an Equal Opportunity Employer
Numerous studies have shown that people from groups that are traditionally under-represented in financial services apply to jobs only if they believe they meet 100% of the requirements. We want to break down this mindset to further diversify our workforce.
We encourage you to review our open positions and apply if you think your experience may be a match, even if you do not meet all of the qualifications. Your perspective may be an element we need to continue building innovative solutions to support the markets and market participants we serve.
OCC is a globally recognized entity that clears a multitude of diverse and sophisticated products. We want to reflect this in the diversity of our workforce.