Security Architecture Program Manager

Description
CME Group Security Architecture provides leadership around security subject matters, including: Infrastructure Architectural Design, Application Architectural Design, Application Security Testing, and Standards and Reference Architectures. By adding your experience and knowledge to the team's collective skills and experience we further enhance our ability to provide secure technical design recommendations that target on delivering business value through successful project and program delivery.
The Security Architecture Program Manager position will help to align and coordinate security assessments, prepare executive level-communications, help manage work queues, drive metrics and reporting on work activities, help develop security strategy and roadmap planning, act as a security liaison to the business, and help facilitate demand management.
This role requires both project management experience as well as technical experience in multiple disciplines within information security, including networking, virtualization, identity and access management (IAM), directory services (LDAP/AD), cloud computing (AWS, GCP, Azure), basic understanding of security and regulatory frameworks (CIS, NIST, RegSCI, HIPAA, etc.), exposure to security stack technologies (IDS/IPS, SIEM, etc.), secure software development lifecycle (SSDLC) among other disciplines.
In addition to technical prowess, the role will require mentorship and consultation to drive change and support the evolution of CME Group.

Principle Accountabilities
The principal accountabilities for this role include, but are not limited to the following:

• Manage work queue for GIS Architecture teamsMonitor and review, validate, and prepare incoming work requests for execution
  Work with management to assign work to team members for execution
  Monitor status of active work and help identify and address blockers
  Develop and maintain workload metrics and reports for management
• Assist in planning remediation of assessment, audit, and regulatory findings
• Actively support creation and updating of standards and reference architectures
• Working with Demand Management to assist in forecasting demand for architecture services. This role will also help determine necessary resource levels to support those business units' needs
• Communicate and collaborate with cross-functional peers outside of the Technology Division, including General Counsel, Records Retention, Global Assurance, Enterprise Risk Management, Third Party Risk Management, and other business unit leadership
• Drive objectivity and build consensus among internal and external stakeholders with widely divergent perspectives and drivers
• Interact with industry peers from other systemically important financial market utility (SIFMU) organizations, research organizations, solution providers, etc.
• Participate in and contribute to key working groups across the enterprise, including but not limited to Architecture Review Board and Change Control Board
• Prepare reports for senior management including presentations, metrics, and other documentation required to support governance functions
• Contribute to the continuous improvement and maturation of the methods, instrumentation, training, documentation, and processes
• Participate in development of the security roadmap, and communicate GIS' vision to business partners and IT staff
• Actively participate in Communities of Practice to ensure effective adoption of security and continuous improvement of security efforts
• Act as an advocate for security and lead efforts to promote security awareness at all levels of the organizations
• Support larger architectural projects while leading internal projects
• Provide consultation services on security topics

This role will influence and collaborate regularly with various peers via steering committees, standards and policy governance teams and other group settings that formulate CME Group security policies, standards, and reference architectures. This role will help lead formation of policies, standards, reference architectures, process, and procedures as they relate to secure architecture at CME Group.

Education A Bachelor's or Master's degree in Computer Science, Information Systems or other related field, or equivalent work experience.
Experience

• 7+ years of experience providing project/program management and architecture support in publicly traded companies or finance/technology industry; or minimum 7 years as a consultant to such companies at a commensurate level
• Experience with or exposure to the financial industry clearing or trading functions
• Demonstrable, impeccable writing skills for technical, management, and executive audiences
• Demonstrable communication capabilities including oral presentation and ability to present in front of executive leadership
• Demonstrable experience coordinating multiple concurrent issues, in high-pressure situations
• 5+ years of security analysis, design and service development or demonstrated ability to meet job requirements through a comparable number of years of technical work experience
• Familiarity with security assessment execution
• Experience with scripting languages
• Experience with drafting of standard, reference architecture, policies, procedures, and implementation guidelines
• Advanced knowledge of Jira and Confluence is desired
  • Jira skills should include administration of Jira software style projects using Kanban boards and work item backlogs.
  • Use of Jira workflows, issue types, screen customization desired.
  • Working knowledge of JQL (Jira Query Language) and exporting data from Jira
• Experience with data analysis platforms (Microsoft Power BI, Microsoft Excel, Tableau, Smartsheet) including data imports/exports, data model creation, pivot tables and data visualization for reporting and dashboards.
• Strong understanding of entire service and software development lifecycle (SDLC). Knowledge of security touchpoints to the SDLC (aka Secure SDLC desired)
• Strong understanding in the theories, methodologies and principals underlying secure technical analysis, design and implementation of secure networks, applications, systems, and databases
• Proven track record for managing programs and projects

Certifications

• Strongly desired: PMP/PMI, PgMP, CSM
• One or more certifications (nice to haves), including: GSEC, CISSP, CISA, GIAC, GPEN, MCSE, GCIA, GCIH, CSSLP, CAPM, CPMP, CPM, CSM, CompTIA Project+, MPM, PPM, PMITS

CME Group: Where Futures Are Made

CME Group (www.cmegroup.com) is the world's leading derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Joining our company gives you the opportunity to make a difference in global financial markets every day, whether you work on our industry-leading technology and risk management services, our benchmark products or in a corporate services area that helps us serve our customers better. With 3,500 employees located around the world, we're small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic, the work is unlike any other firm in the business, and the possibilities are endless. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.

This position requires that you be fully vaccinated against COVID-19 by the date of hire. Proof of vaccination will be required as a condition of employment. CME Group complies with federal, state and local laws with respect to providing accommodations for individuals who are unable to receive the vaccine due to a medical condition or religious belief.

The Candidate Privacy Policy can be found here.