Security Engineer II – Vulnerability Governance

Security Engineer II – Vulnerability Governance assists, with direction, in the oversight of the CME’s vulnerability management program to ensure all related processes are being executed according to established procedures. This is an opportunity for the right person to become a key part of a team of global information security professionals that are executing a pivotal role in protecting and defending the CME’s critical infrastructure. This candidate will be a key participant in the design, assessment and execution of vulnerability governance measurements, metrics, and analysis. Ability to work independently as well as communication, documentation, and strong problem-solving skills are required to collaborate with more senior engineers and select information technology areas, with supervision.

The Security Engineer II – Vulnerability Governance

• Assists with overseeing and ensuring the effective operation of the vulnerability management program. • Assists with the design and execution of vulnerability management program oversight measures, dashboards, and metrics across a wide variety of assets and applications. • Assesses results of measures and metrics to identify risk across critical areas of the vulnerability management program and to verify that the program operates as designed. • Assists with the development and implementation of governance frameworks and policies for vulnerability management. • Identifies risk areas to include in the oversight program, as well as identifies the most effective methods of presenting audit results. • Collaborates with cross-functional teams to gather data and contribute to program alignment. • Researches new developments in vulnerability governance oversight.

Principal Accountabilities

• Able to follow established procedures and guidelines to provide basic support in the oversight of the CME’s vulnerability management program, with supervision. • Defines simple problems. Gathers and compares data about problems and documents the details to assist more senior engineers. • Demonstrates basic understanding of some of the following: cybersecurity concepts, security frameworks, risk management principles. • Collaborates with more senior team members to determine an optimal solution for stakeholders based on established standard operating procedures. • Supports more senior engineers in gathering data to assist in setting policies. • Stays up to date on security trends, vulnerability alerts and advisories. • Able and desires to accurately work with numbers, metrics, and spreadsheets. Able to produce professional-level charts and presentations. • Able to comprehend and monitor complex business systems and integrated processes. • Capable to communicate effectively with all levels of employees.

Qualifications

• 2-3 years of vulnerability governance or risk management experience. • Bachelor’s degree in Information Technology, Business Information Systems, or related field; or equivalent work experience.

Skills & Software Requirements

• MS Excel, Word, PowerPoint • Strong analytical and problem-solving skills • Excellent verbal and written communication skills • Familiarity with issue tracking systems (JIRA, Remedy, etc.) • Familiarity with collaboration tools (Confluence, etc.)

Nice To Have

• Experience with Qualys or other vulnerability scanning tools • Familiarity with security frameworks (NIST, ISO 27001, COBIT, etc.)

CME Group: Where Futures are Made

CME Group is the world’s leading derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career by shaping tomorrow. We invest in your success and you own it – all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And we’re looking for more.

At CME Group, we embrace our employees' unique experiences and skills to ensure that everyone’s perspectives are acknowledged and valued. As an equal-opportunity employer, we consider all potential employees without regard to any protected characteristic.

Important Notice: Recruitment fraud is on the rise, with scammers using misleading promises of job offers and interviews to solicit money and personal information from job seekers. CME Group adheres to established procedures designed to maintain trust, confidence and security throughout our recruitment process. Learn more here.