The Options Clearing Corporation (OCC) is the world's largest equity derivatives clearing organization. Founded in 1973, OCC is dedicated to promoting stability and market integrity by delivering clearing and settlement services for options, futures and securities lending transactions. As a Systemically Important Financial Market Utility (SIFMU), OCC operates under the jurisdiction of the U.S. Securities and Exchange Commission (SEC), the U.S. Commodity Futures Trading Commission (CFTC), and the Board of Governors of the Federal Reserve System. OCC has more than 100 clearing members and provides central counterparty (CCP) clearing and settlement services to 19 exchanges and trading platforms. More information about OCC is available at www.theocc.com.
What We Offer
A highly collaborative and supportive environment developed to encourage work-life balance and employee wellness. Some of these components include:
A hybrid work environment, up to 3 days per week of remote work
Tuition Reimbursement to support your continued education
Student Loan Repayment Assistance
Technology Stipend allowing you to use the device of your choice to connect to our network while working remotely
Generous PTO and Parental leave
Competitive health benefits including medical, dental and vision
The Compliance Department is organized into two functional areas, with each having a distinct role in carrying out the department’s mission in a highly regulated environment. This role will regularly interact with OCC’s Information Technology (IT) and Security Services departments. The Associate Principal (IT) will support the continued development and implementation of the IT and Security Services Compliance program which includes: process (policy, standards, procedure) and control development, risk identification and mitigation, and supporting regulatory exams. The Associate Principal will also be responsible for recommending enhancements to the performance, integrity, and compliance of the organization’s processes. This role is highly focused on review of the organization’s compliance with applicable regulatory and legal rules and requirements (i.e., SEC, CFTC, Federal Reserve, etc.) as they relate to technology and information security.
• Contribute to the development, maintenance and continuous improvement of the Regulatory Framework including policies, procedures and controls
• Act as an advisor in compliance matters
• Assist the organization in evaluating new products, key business initiatives, significant technology, and systems to ensure compliance with policy, laws, and regulations
• Participate in or lead compliance programs, projects, system implementations, or OCC initiatives
• Interpret policies, laws, and regulations and assists the organization in determining applicability and implementation strategy
• Advise and support the organization in establishing and implementing IT and Security Services policies and procedures
• Provide guidance to the organization on the development and implementation of effective remediation plans to address internal or external findings
• Keep abreast of, and leverage, industry best practices/frameworks (i.e., NIST CSF, NIST 800-53 COBIT, ISO, Cloud Security, etc.) to drive compliance related continuous improvements for IT and Security Services
• Assist in the analysis of findings to identify themes and trends
• Support other departmental activities and initiatives as required including assessment of compliance risks, supporting regulatory reporting and compliance reporting etc.
Broad knowledge of applicable regulatory, legal rules and requirements (e.g., SEC, CFTC, Federal Reserve, etc.).
Possesses proficiencies with the use of risk and control frameworks, and process improvement frameworks including for Cloud environment (e.g. COBIT, NIST CSF, NIST 800-53, COSO, ITIL, ISO 27001, ISO 9001, CMMI)
Familiarity with Systems Development Life Cycle (SDLC) agile process and Secure Software Development Lifecycle
Comprehensive analytical, conceptual, and problem-solving skills.
Ability to work independently and as a member of a team, collaborating with internal business clients from different departments and at various levels of seniority.
Excellent organizational, written and oral communication skills.
Demonstrated ability to gather, analyze, and evaluate facts and prepare and present concise oral and written reports.
Proficiency with MS Office software, GRC tools and web-based reporting tools.
Proficiency with Cloud Computing Models, Risks and Cloud Control Environment. (AWS etc.)
Experience with document management tools (e.g., DMS, PolicyTech) a plus
5+ years of experience in IT/Security Compliance, IT/Security Risk Management, IT/Security Audit, IT, Information Security or related field required
Bachelor’s degree or equivalent required (Degree in Computer Science or related field a plus)
Preferred Certifications – CISA, CISSP, CRISC, CCSP etc.