Job Description :

Client: OCC (Options Clearing Corporation)
Position: IS Governance Consultant

Location: 125 S Franklin St, Chicago, IL 60606 (will be remote to start, but expected to be onsite fulltime when OCC returns to the office full time; ideally wants someone local but will consider non local if they are committed to relocating if/when OCC returns to onsite)

Duration: 6 month contract

Start Date: ASAP  

Must Haves / Notes from Manger:

  • Experience applying regulatory controls to business practices
  • Experience organizing and managing large data/record inventories
  • Ability to support the creation and review process for policies and procedures
  • Strong attention to detail, organization, and problem-solving skills
  • Driver/"go-getter" type of working style; able to interact confidently and persuasively with stakeholders across departments and levels
  • Strong experience in Information Security related policy, procedure and control writing.
  • Basic understanding of information related frameworks and standards such as NIST CSF COBIT, NIST 800-53, ISO etc.
  • Experience in technology risk management principles and practices.
  • Experience in working with regulatory frameworks and requirements relevant to OCC such as, RegSCI, CFTC, etc.
  • Bachelor degree in Computer Science, Management Information Systems, or related field or the equivalent combination of education and/or relevant experience.
  • 5 or more years hands-on Information Security related work experience.
  • Previous work in Compliance, Audit, Risk Management, or Project Management.
  • Professional network and/or security certifications a plus (i.e., GIAC, CISSP, CISA, CISM, CRISC)



  • Experience with ServiceNow is a plus


Day to Day Responsibilities:

Examples of Tasks (Information Governance):

  • Document Creation and Enhancement
    • Creation of new Policy and Procedure and updates
    • Enhancements to existing Policy and Procedure
    • PowerPoint Presentation Material
    • Excel Spreadsheets
  • Review of Onboarded Systems, Applications, and Infrastructures
    • Day to day review for Records Management objectives
    • Monthly review and reconciliation
  • Annual Control Execution
    • Record Inventory 
    • Application Onboarding
  • Metric Creation to Support Program
    • System (ServiceNow, Iron Mountain, Archer)
    • Ad hoc


Examples of Tasks (Security Governance):

  • FSSCC Cyber Security Profile Fulfillment
    • Assemble and validate responses to 277 Diagnostic Statements contained in the FSSCC Cybersecurity ProfileCollect evidence to address requirements
    • Produce a Final Report that can be used stand-alone and / or incorporated into an eGRC tool
    • Analyze assessment output and provide recommendations to achieve additional objectives
  • Cloud Risk Assessment
    • Evaluate the OCC’s internal AWS IaaS Cloud Risk Assessment based on identified risks (operational- and cybersecurity-related)
    • Review the OCC’s Assessment Report and provide the following:
      • Immediate, real-time feedback for mission critical gaps
    • High-lev  el details highlighting assessment findings
    • Create a JIRA board for tracking updates and changes being made with to the Cloud Impact Analysis undertaken by the Security / IT teams
    • Provide a review of misconfigurations in the OCC’s AWS environment
  • Enterprise Security Standards Updates
    • Evaluate the OCC’s Enterprise Security Requirements based on best practices using the NIST Cybersecurity Framework (CSF) as a baseline
    • Review the OCC’s current Enterprise Security Requirements and provide the following:
      • An analysis of gaps against existing requirements
      • Advice and recommendations to meet best practices
      • A list of prioritized tactical and strategic recommendations
  • Security Strategy Development:
    • Evaluate OCC’s cybersecurity program maturity against the mission, goals, current state, gaps, future state, and roadmap outlined in the 2019-2021 Security & Strategy Roadmap
    • Review the current Security & Strategy Roadmap and provide the following:
      • Advice and recommendations to realize future state maturity
      • Status updates against goals
      • Revision of the current / future state and roadmap
      • High-level details highlighting findings and next steps


Client : OCC (Options Clearing Corporation)


Similar Jobs you may be interested in ..