Senior Director of Infrastructure Security Architecture
- Chicago, IL, USA
- Permanent, Full time
- Chicago Mercantile Exchange
- 14 Dec 18
Senior Director of Infrastructure Security Architecture
CME Group: Where Futures Are Made
CME Group (www.cmegroup.com) is the world's leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Joining our company gives you the opportunity to make a difference in global financial markets every day, whether you work on our industry-leading technology and risk management services, our benchmark products or in a corporate services area that helps us serve our customers better. With 2,500 employees located around the world, we're small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic, the work is unlike any other firm in the business, and the possibilities are endless. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.
The Senior Director of Infrastructure Security Architecture will lead and manage all functions of the Infrastructure Security Architecture Team. The Senior Director will oversee a team of 5+ employees, both staff and contractors, and is responsible for the infrastructure security strategic roadmap. The role is accountable for operating the Infrastructure Security Program and acts as a business liaison with other business units of CME, and helps facilitate demand management.
The role requires a high level of technical expertise in multiple disciplines within Infrastructure and Information Security such as Networking, IAM, LDAP servers, AWS and Database in order to be able to develop solutions and mentor other staff and teams. The role will perform infrastructure security assessments and provide solution design support and guidance, in the form of consultation. It will automate as many components as possible, ensure that solutions integrate with operational processes such as monitoring and alerting, and will innovate and ensure that all solutions are built and remain secure throughout the development lifecycle. The Sr Director Infrastructure Security must be able to drive change across the organization, and support the evolution of the organization.
As a member of the Security Architecture leadership team, the Senior Director of Infrastructure Security Architecture is accountable for ensuring individual teams are aligning with the larger organization's goals and strategy, while also acting as a consultative enabler to help teams be successful and share knowledge and act as a department liaison to coordinate information security architecture activities with other departments.
As a leader on the GIS Team, the incumbent is expected to remain engaged with and support other leaders across GIS and Technology to ensure the timely delivery of security and business solutions.
- Manages 5+ people, working in conjunction with GIS and peers in Technology
- Advisory: This role will actively lead the creation and updating of Standards and Reference Architectures. Standards may be required for CME Group to be in compliance with regulations mandated by various regulatory bodies that provide oversight to CME Group business functions. Reference Architectures provide direction and guidance on proper compliance with define standards. In the course of performing infrastructure assessments, decisions on threat modeling and proper service design, structure, and implementation will be required.
- Operational: This role will help forecast demand for Infrastructure Architecture services by meeting with CME business units to better understand their needs. This role will also help determine necessary resource levels to support those business units' needs.
- Financial: This role will make staffing recommendations for the GIS Infrastructure Security Architecture Team.
- Establishing and operating the Infrastructure Security Program, including: business processes, policies, standards, and prioritization of activities
- Communicate and collaborate with cross-functional peers outside of the Technology Division, including General Counsel, Records Retention, Global Assurance, Enterprise Risk Management, Third Party Risk Management, and other business unit leadership
- Work collaboratively with various CME Group teams including I&O, E&E, APM, Enterprise Risk Management and Compliance teams to establish Security Standards and Reference Architectures and actively participates in Communities of Practice to ensure effective adoption of security and continuous improved.
- Drive objectivity and build consensus among internal and external stakeholders with widely divergent perspectives and drivers. Interact with industry peers from other SIFMUs, research organizations, solution providers, etc.
- Lead infrastructure security assessments and assist in planning the remediation of assessment, audit, and regulatory findings.
- Participate in and contribute to key working groups across the enterprise, including but not limited to: Architecture Review Board and/or change advisory boards. Prepare reports for senior management including presentations, metrics, and other documentation required to support governance functions.
- Continuous improvement and maturation of the methods, instrumentation, training, documentation, and processes required to properly assess and govern Infrastructure architecture and software development lifecycle.
- Strategic Visioning: manage security standards and reference architectures to ensure adequate security controls throughout CME Groups systems and technologies
- Management of the security road-map, and communicate securities vision to business partners and IT staff
- Actively participates in Communities of Practice to ensure effective adoption of security and continuous improvement of security efforts
- Actively participates in enterprise architecture visioning to ensure effective adoption of security and continuous improvement of security efforts
- Act as an advocate for security and lead efforts to promote security awareness at all levels of the organizations
- Act as primary contact and respond to questions or actions related to security audits
- Ensure that all risk considerations are identified and addressed with new and modified services
- Monitor and enhance secure architecture standards within the Software Development Lifecyle
- Identify and establish core architectural mechanisms to enhance the security of services
- Support larger architectural projects while leading and managing internal projects
- Perform infrastructure security assessments
- Provide consultation on secure infrastructure design
- This role will influence and collaborate regularly with various peers via steering committees, standards and policy governance teams and other group settings that formulate CME Group security policies, standards, and reference architectures. This role will lead formation of policies, standards, reference architectures, process and procedures as they relate to infrastructure architecture at CME Group.
- A Bachelor's or Master's degree in Computer Science, Information Systems or other related field; or equivalent work experience.
- 7+ years of experience at director or manager level in publicly traded companies or finance/technology industry operations; OR minimum 7 years as a consultant to such companies at a commensurate level.
- Experience with or deep exposure to the financial industry, focused on clearing or trading
- Demonstrable knowledge of a broad range of Information Security technologies and practices
- Demonstrable, impeccable writing skills for technical, management, and executive audiences
- Demonstrable communication capabilities including oral presentation and ability to present in front of executive leadership
- Demonstrable experience coordinating multiple concurrent issues, in high-pressure situations
- 10+ years of security analysis, design and service development OR demonstrated ability to meet job requirements through a comparable number of years of technical work experience
- Advanced knowledge of infrastructure security assessments
- Familiar with environmental pen testing
- 5+ years performing reviews of infrastructure for security vulnerabilities and threat modeling
- Experience with application interdependency and infrastructural design
- Experience with scripting languages
- Experience with drafting of standard, reference architecture, policies, procedures and implementation guidelines
- Extensive experience with the Build Security In Maturity Model (BSIMM) methodology and assessment process
- High understanding of entire development process, including specification, documentation and quality assurance
- High degree of understanding in the theories, methodologies and principals underlying secure technical analysis, design and implementation of secure networks, applications, systems, and databases
- Candidates must have proven ability to build value propositions, business cases, & drive results as part of a larger project or program team
- Relevant experience designing, implementing, and supporting large scale solutions
- High degree of understanding with Cryptographic Services
- Experience with Amazon Web Services
One or more of the following certifications,