Information Security Compliance Analyst II
Department: Information Technology
Location: Chicago, IL
Travel Requirements: N/A
Job ID: 464
DIVERSITY & INCLUSION
NFA's culture supports all our employees to perform at the highest level, no matter the circumstances, and values an inclusive culture where all staff can thrive. Read more.
When you join NFA as an Information Security Compliance Analyst II, you'll join a high-performing team of dedicated governance, risk and compliance (GRC) professionals for monitoring, managing and closing existing compliance issues while also ensuring that internal systems are compliant with security standards. This responsibility includes developing key performance metrics to ensure compliance with established policies and standards.
Bring your innovative, analytical mindset. Bring your technical know-how and attention to detail. Bring a healthy skepticism and passion for information security.
Beginning your first day and throughout your career, you'll utilize your critical thinking, decision-making and risk assessment skills to support our important regulatory mission.
What you'll do:
As an Information Security Compliance Analyst II, you'll contribute to NFA's important regulatory mission by:
- Conducting walkthroughs and IT audits to assess the adequacy of controls for adherence to established policies, procedures, business practices, and compliance with SOC 2 and NIST.
- Obtaining and reviewing evidence, ensuring audit conclusions are well documented and based on a complete understanding of the processes and risks.
- Tracking enterprise compliance risks across multiple security frameworks including SOC 2 and NIST, and ensuring risks are being remediated in accordance with NFA's policy.
- Identifying and analyzing third party vendor management risks to ensure vendors are meeting compliance requirements and industry standards.
- Continuously monitoring and evaluating the organization’s security controls to ensure compliance with industry standards, regulations and internal policies.
- Conducting policy compliance against infrastructure servers and ensuring server hardening guides and policies are aligned to CIS control framework.
- Collaborating on critical IT projects to ensure security policy/risk issues are addressed throughout the project life cycle.
- Updating policy, process and procedure documents to enable an effective security compliance management program.
- Monitoring NFA's Change Management process to ensure compliance.
- Conducting risk assessments to identify security risks and recommending mitigation strategies.
- Collaborating with cross-functional teams, including Information Systems, General Counsel and Futures and OTC Derivatives Compliance, to ensure a cohesive and comprehensive approach to security.
- Preparing and delivering regular reports on compliance status and security metrics to management and relevant stakeholders.
What we’re looking for:
Diligent, detail-oriented individuals thrive in this analytical role. If you're eager to apply your technical abilities to serve a public good—supporting the integrity of the derivatives markets—and meet the qualifications below, we encourage you to apply to join our team as an Information Security Compliance Analyst II.
- Bachelor's degree in Computer Science, Information Security, or a technology-oriented major required
- At least three years of experience in security compliance or a related role
- Holding a Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) and/or Certified Information Systems Security Professional (CISSP) is highly preferred.
- Strong knowledge of industry standards and regulations (e.g., SOC 2, NIST, ISO 27001)
- Basic knowledge of GRC tools
- Basic familiarity with technology risks and controls, governance, risk and compliance tools
- Strong analytical and problem-solving skills
- Excellent oral and written communication skills
WHY CHOOSE NFA?
We understand how important culture is to an organization, and we pursue a culture of excellence where every NFA employee, regardless of circumstances, can succeed. Our workforce respects and celebrates each employee's diversity, unique values and abilities, all of which mold our creative approach to regulation. Most importantly, we believe that our diverse, inclusive workforce makes NFA a friendly, supportive and enjoyable place to work.
MAKE OUR MISSION YOUR CAREER
NFA is purpose-driven. We safeguard the integrity of the derivatives markets, protect investors and ensure that our Members meet their regulatory obligations. We take pride in our work; maintain a conviction to do the right thing; empower each other; and support our community. Envision your career in a place where performing critical regulatory work within the financial industry is as significant as the diverse, passionate and talented individuals with whom you work.
Together, we will innovate regulation.
Benefits
Read about NFA's generous and flexible benefits package that allows employees to balance work and life.
NFA Cares
Learn about how NFA cares for the health and wellness of our employees and communities to promote the pursuit of excellence in our employees work.