Information Security Compliance Analyst II

APPLY NOW

When you join NFA as an Information Security Compliance Analyst II, you'll join a high-performing team of dedicated governance, risk and compliance (GRC) professionals for monitoring, managing and closing existing compliance issues while also ensuring that internal systems are compliant with security standards. This responsibility includes developing key performance metrics to ensure compliance with established policies and standards.

Bring your innovative, analytical mindset. Bring your technical know-how and attention to detail. Bring a healthy skepticism and passion for information security.

Beginning your first day and throughout your career, you'll utilize your critical thinking, decision-making and risk assessment skills to support our important regulatory mission.

What you'll do:

As an Information Security Compliance Analyst II, you'll contribute to NFA's important regulatory mission by:

• Conducting walkthroughs and IT audits to assess the adequacy of controls for adherence to established policies, procedures, business practices, and compliance with SOC 2 and NIST.
• Obtaining and reviewing evidence, ensuring audit conclusions are well documented and based on a complete understanding of the processes and risks.
• Tracking enterprise compliance risks across multiple security frameworks including SOC 2 and NIST, and ensuring risks are being remediated in accordance with NFA's policy.
• Identifying and analyzing third party vendor management risks to ensure vendors are meeting compliance requirements and industry standards.
• Continuously monitoring and evaluating the organization’s security controls to ensure compliance with industry standards, regulations and internal policies.
• Conducting policy compliance against infrastructure servers and ensuring server hardening guides and policies are aligned to CIS control framework.
• Collaborating on critical IT projects to ensure security policy/risk issues are addressed throughout the project life cycle.
• Updating policy, process and procedure documents to enable an effective security compliance management program.
• Monitoring NFA's Change Management process to ensure compliance.
• Conducting risk assessments to identify security risks and recommending mitigation strategies.
• Collaborating with cross-functional teams, including Information Systems, General Counsel and Futures and OTC Derivatives Compliance, to ensure a cohesive and comprehensive approach to security.
• Preparing and delivering regular reports on compliance status and security metrics to management and relevant stakeholders.

What we’re looking for:

Diligent, detail-oriented individuals thrive in this analytical role. If you're eager to apply your technical abilities to serve a public good—supporting the integrity of the derivatives markets—and meet the qualifications below, we encourage you to apply to join our team as an Information Security Compliance Analyst II.

• Bachelor's degree in Computer Science, Information Security, or a technology-oriented major required
• At least three years of experience in security compliance or a related role
• Holding a Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) and/or Certified Information Systems Security Professional (CISSP) is highly preferred.
• Strong knowledge of industry standards and regulations (e.g., SOC 2, NIST, ISO 27001)
• Basic knowledge of GRC tools
• Basic familiarity with technology risks and controls, governance, risk and compliance tools
• Strong analytical and problem-solving skills
• Excellent oral and written communication skills

APPLY NOW