CME Management Looking for IT Compliance & Controls Analyst I at Bengaluru, Karnataka Full Time

The IT Compliance/Controls Analyst I role within the Global Information Security (GIS) department will support the Compliance Team and their efforts. This position is critical in supporting the IT governance processes established to manage IT risk, ensure critical controls are implemented & operating to avoid audit findings, and ultimately help reduce IT and corporate risk.

Primary Accountabilities

Learning and understanding the function and goals of the CME Group Technology Compliance Team

Execute controls assessments to evaluate the adequacy and effectiveness of internal controls, verify compliance with corporate policies and procedures.

Maintain up-to-date knowledge of the company’s IT infrastructure, applications, and IT standards.

Create accurate, logical and detailed work-papers clearly describing the work performed, results of testing and conclusions reached

Build a positive and collaborative business relationships with stakeholders to support effective and efficient management of the controls testing program.

Maintain and promote knowledge of the CME’s operations, including policies and procedures and any applicable regulatory requirements.

Key responsibilities include:
Perform testing of internal technology controls in support of various regulatory requirements

Recommend remediation actions for findings

Recommend improvements in IT control & risk processes for potential automation.

Provide timely status updated and assist senior team members in preparation of metrics related to controls testing progress.

Partner with more senior members of the IT Compliance team to provide recommendations to management for strengthening controls and work with management to develop acceptable solutions to mitigate risk.

Analyzing and recommend if existing controls meet new/changing best practices, new regulatory or legal obligations or if control enhancements are needed.

The incumbent will collaborate with key partners such as IT Control Owners, Corporate Compliance, Business Process Owners and Global Assurance (i.e. Internal Audit) with supporting and establishing new approaches or changes in existing processes around documented requirements for mitigation of associated risks. Given the current control environment, precedents will need to be established to determine how to properly respond, leveraging defined controls but continuing to establish a policy reflecting a culture of compliance.

Qualifications:
Bachelor’s degree in business, accounting, finance, computer science, information systems, engineering, or a related discipline

0-2 years’ experience as an IT auditor, or IT risk adviser for a financial institution, public accounting firm, or a professional services firm, performing IT Controls Management, IT Risk Management, IT Policy/Standard Governance and/or IT Internal Audit including experience in Information Security.

CISA / CISSP / CRISC / ISO27001 certification desirable, but not mandatory

Knowledge of Information Security best practices and industry standards to define the security controls and processes

Ability to participate in key management discussions and meetings; preparing concise, accurate documents and balancing project deadlines with the occurrence of unanticipated issues.

Possess strong written and verbal communication skills/presentation skills, and ability to work with diverse teams

Demonstrate thorough abilities as a team player; creating a positive environment while meeting project expectations and respecting the work-life quality of team members, providing candid, meaningful feedback in a timely manner, and keeping leadership informed of progress and issues.

Experience interfacing with key stakeholders on control solutions, and participating in planning and execution of projects in: Information Security, Risk Management, Technical Privacy/Compliance, IT Security Audit, and / or IT Risk Management (or) Experience in one or more Technology areas like Information Security, Software Development, IT Architecture, RPA, Data Analytics, etc. with a willingness to move to an IT audit role.

Knowledge of frameworks such as ISO27001, NIST, COBIT, CFTC, AICPA, ISO/IEC, PCI, FFIEC or equivalent desirable

Knowledge of CAATs/data analytics tools and/or technologies such as Cloud, DevOps, Microservices, etc. desirable, but not mandatory

Experience using Governance, Risk and Compliance (GRC) & Audit tools desirable.

#LI-MK1 #LI-Hybrid

CME Group: Where Futures Are Made

CME Group (www.cmegroup.com) is the world’s leading derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Joining our company gives you the opportunity to make a difference in global financial markets every day, whether you work on our industry-leading technology and risk management services, our benchmark products or in a corporate services area that helps us serve our customers better. With 3,500 employees located around the world, we’re small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic, the work is unlike any other firm in the business, and the possibilities are endless. Problem solvers, difference makers, trailblazers. Those are our people. And we’re looking for more.