Associate Principal, IT & Security Risk
About Us
The Options Clearing Corporation (OCC) is the world's largest equity derivatives clearing organization. Founded in 1973, OCC is dedicated to promoting stability and market integrity by delivering clearing and settlement services for options, futures and securities lending transactions. As a Systemically Important Financial Market Utility (SIFMU), OCC operates under the jurisdiction of the U.S. Securities and Exchange Commission (SEC), the U.S. Commodity Futures Trading Commission (CFTC), and the Board of Governors of the Federal Reserve System. OCC has more than 100 clearing members and provides central counterparty (CCP) clearing and settlement services to 19 exchanges and trading platforms. More information about OCC is available at www.theocc.com.
What We Offer
A highly collaborative and supportive environment developed to encourage work-life balance and employee wellness. Some of these components include:
A hybrid work environment, up to 3 days per week of remote work
Tuition Reimbursement to support your continued education
Student Loan Repayment Assistance
Technology Stipend allowing you to use the device of your choice to connect to our network while working remotely
Generous PTO and Parental leave
Competitive health benefits including medical, dental and vision
Summary:
The Enterprise Risk Management (“ERM”) department identifies, measures, monitors, and reports risks and exposures across the organization through the Enterprise Risk Management Framework, and specifically through several risk programs, including but not limited to: Enterprise Risk Assessments, Risk Event Analysis, Scenario Analysis, Key Risk Indicators, and Risk Reporting.
The IT & Security Risk Associate Principal will provide critical support to the Executive Director of Operational Risk to evaluate IT and Security risks by assisting with risk assessments and applying aspects of the risk management framework across the process, risk, and control universe. Additionally, the IT & Security Risk Associate Principal will help with the risk assessment program activities, coordinate with other functions (e.g. IT, Security, TPRM, Legal, Compliance, and Internal Audit) and facilitate appropriate ERM governance to ensure alignment to OCC strategy and short-term objectives.
- Collaborate with IT, Security, TPRM, Legal, Compliance, and Internal Audit to ensure that ERM contributes to strengthening the overall effective management of IT and Security risk across the organization.
- Lead the OCC’s risk identification and assessment process for IT and Security risks, and verify the consistency and reliability of the associated frameworks and systems.
- Drive adherence to methodologies, guidance, and standards applicable to risk identification and assessment frameworks.
- Maintain risk inventories, taxonomies, and other elements supporting IT & Security risk management and compliance activities
- Lead and execute the IT and Security risk assessment process, while aligning to the risk and control universe, and regulatory requirements and expectations.
- Generate reports of Archer data for various stakeholders, including regulators.
- Help automate IT & Security risk oversight.
- Communicate results of risk assessments to governance committees, business owners, and various levels of leadership.
- Collaborate on the enhancement and maintenance of ERM program methodologies, policies, procedures, and job aides, including the development of new program activities.
- Track and update ERM team internal findings, external exam issues, and business area self-identified issues resulting from Enterprise Risk Assessment.
Qualifications/Technical Skills/Education
- Advanced understanding of IT risk, Security risk, and intermediate understanding of Operational risk.
- Ability to act as a trusted advisor and provide effective challenge.
- Certification such as: CISSP, Security+, CSX-P, CET, CISA or CISM strongly preferred.
- Creative, independent thinker, with a willingness to develop and drive new ideas.
- Excellent written, verbal and presentation skills
- Must be team-oriented and be able to collaborate effectively in department and cross-departmental efforts.
- Ability to work under pressure and with tight deadlines.
- Familiarity with Financial Market Utilities; securities and derivatives markets a plus.
- Ability to work in a highly regulated environment, including with the SEC, CFTC, and Federal Reserve; Familiarity with the Covered Clearing Agency regulations a plus.
- Microsoft Office proficiency including advanced Excel, PowerPoint, and Word
- Experience with eGRC systems (e.g., Archer).
- 4-6 years’ experience in enterprise risk, technology risk, security risk, or risk consultancy, specifically with focus on assessing IT and Security risk.
- Big 4 consulting experience a plus.
- Bachelor’s Degree in Information Systems, Computer Science (or equivalent) preferred.
- Technology or Security certification (preferred)