Job Description
Building trusted markets — powered by our people.
At Cboe Global Markets, we inspire our people to solve complex challenges together because what we do matters. We provide the financial infrastructure that powers the global economy. As a leading provider of market infrastructure and tradable products, Cboe delivers cutting-edge trading, clearing and investment solutions to market participants around the world.
Job Description
The Cyber Security Audit Specialist will be the subject matter expert in all audit matters related to cybersecurity as well as support of technical audit and advisory projects for existing technologies as well as emerging - across infrastructure, security, and network domains including on-prem solutions and cloud. With technology supporting every facet of our company, this role will require close collaboration with members of the Cboe Internal Audit team to support not only IT audit centric projects, but the execution of operational, regulatory, data analytics or advisory projects. This role will be based in Manila but will support our global team.
The other key responsibility of the successful candidate is supporting he Internal Audit Department’s continuous improvement initiatives including, but not limited to, cybersecurity auditing and assurance techniques, the design and development of process automation, data analytics, machine learning, and system integration in support of the global Internal Audit plan.
Responsibilities
- Leading and supporting the execution of technical IT audit or advisory projects, such as:
- Serve as a key interface between Information Security and Internal audit for all security related audits and findings including annual penetration testing
- Investing time gaining a thorough understanding of Cboe’s technologies and processes
- Applying that knowledge to perform risk-based planning and scoping
- Assessing IT and process risks and controls/requirements.
- Developing and applying different audit methodologies and tests
- Providing formal feedback focused on addressing root cause of identified issues
- Providing ongoing feedback or challenge regarding technical IT risk and controls topics
- Assisting in the development of the annual audit and resource planning process, including linking Cboe’s strategic initiatives to technology risks
- Working with stakeholders across Cboe’s global IT environment to meet company objectives
- Anticipating and proactively addressing project issues or concerns, applying thoughtful judgment and elevating to management as appropriate
- Monitoring the status and resolution of open audit issues and action plans
- Supporting regulatory and compliance requests related to technical IT audit requests and/or projects
- Introducing and implementing new ideas or concepts – i.e., agile audit methods, continuous auditing, data analytics, and automation
- Providing guidance and training on technical IT topics to other team members
Requirements
- Strong written and verbal communication skills in English, with the ability to prepare clear and concise audit reports and present findings to senior management
- Willingness to work shift hours to overlap with the European time zone, ensuring effective communication and support for Global teams
- Bachelor’s degree required, preferably in Computer Science, Computer Engineering, Cybersecurity, Information Systems or other technical related field
- Minimum four years of experience in a technical field; Cybersecurity preferred
- Previous experience in conducting IT audits or cybersecurity assessments (threat, vulnerability, or risk)
- Possesses one or more cybersecurity related industry certifications, Security +, CISSP, CISA, GCCC, or related certification
- Proven ability to learn new technology concepts quickly and ability to develop global solutions for complex IT risks
- Ability to navigate through ambiguity, manage and coordinate multiple project assignments in a deadline-driven environment, and accept ownership of the process and results
- Strong analytical problem-solving skills with attention to detail and accuracy; able to work independently
- Strong knowledge of cybersecurity process domains and related frameworks (e.g., NIST SP 800 series and CIS controls) and architecture, including cloud security
- Strong technical knowledge at the application, network, operating system, and database layers (e.g., Windows, Linux or UNIX-like operating systems, Postgres SQL, Python)
- Excellent oral communication skills
- Willingness to travel to other Cboe locations internationally (20%)
#LI-JS1
Any communication from Cboe regarding this position will only come from a Cboe recruiter who has a @cboe.com email or via LinkedIn Recruiter. Cboe does not use any otherthird party communication tools for recruiting purposes.
