Job Purpose

The TPDD Analyst, Information Security GRC (Governance, Risk, and Compliance) is part of a team responsible for aiding customers in understanding the global Information Security program and Enterprise controls. The role would gain exposure to the full suite of businesses and products which underpin the Parent ICE company.

Information Security (“IS”) is charged with:

• Preventing impactful cybersecurity and physical security incidents,
• maintaining a reputation with customers, regulators, and key stakeholders as running a best-in-class cybersecurity and physical security program, and
• avoiding negative impact to business agility and growth from cybersecurity and physical security policies and controls.

Governance, Risk, and Compliance maintain said policies, ensure controls are operating effectively via assessment and attestation, and own the vulnerability management program to identify and correct any problems within. The TPDD team within GRC coordinates responses to customer inquiries regarding these controls and ensures proper due diligence materials are provided to satisfy both customer requirements and ensure the protection of ICE intellectual property and security,

Responsibilities

• Security Metrics – Uses automated and manual processes to produce regular reports communicating the status of the Information Security program
• Policies and Procedures – Maintains corporate Information Security policies and departmental procedures and maps them to relevant control standards
• Regulator, Audit, and Customer Inquiries – Organizes and updates departmental documentation and responds to inquiries in an organized and repeatable fashion
• Security Awareness – Builds and maintains company awareness and education programs
• Risk Assessment – Builds and operates the company platform to document, measure, and report assessments, risks, controls, findings, and remediation activity

Knowledge and Experience

• University degree in Information Security, Engineering, MIS, CIS, or related discipline or equivalent years of experience required
• Experience with Systems Administration and/or IP Networking is a plus
• Experience in an exchange, trading facility, or financial services is a plus
• Experience with senior management and board metrics generation and communication is a plus
• Advanced certifications (for example, the CISSP)
• Advanced technical writing and/or communication education and experience

Specific Technologies: 

Excel, Workflow automation tools, Data collection, normalization, indexing, correlation, and visualization.  Scripting, regular expressions, string-parsing, light SDLC, and project management.  NIST Cyber Security Framework, CIS, and GRC Platforms.