Director of Infrastructure Security Architecture

About The Position

Requirements

• A decade or more of hands-on experience in information security, with a proven track record in analysis, design, and service development.
• 5+ years of experience as a security architect in a large-scale, publicly traded, or financial/technology enterprise, demonstrating expertise in complex, mission-critical environments.
• Deep subject matter expertise in a broad range of information security and infrastructure technologies.
• Proven experience in developing and implementing security standards, reference architectures, policies, and procedural guidelines.
• Extensive knowledge of security practices for cloud platforms (GCP or AWS) and container orchestration technologies like Kubernetes.
• Exceptional communication skills with the ability to articulate complex security concepts to both technical and executive audiences.
• In-depth familiarity with industry-standard security and regulatory frameworks such as CIS, NIST, and RegSCI.
• A strong grasp of architectural frameworks like Zachman or TOGAF and experience with Agile/SAFe methodologies is highly desirable.

Nice To Haves

• Relevant industry certifications (e.g., CISSP, CISA, GIAC, PMP) are a plus.

Responsibilities

• Conduct deep-dive security assessments for critical business and technology initiatives, ensuring alignment with our security standards and pioneering new ones.
• Embed secure design principles directly into our product and infrastructure lifecycles, acting as a trusted consultant to development and engineering teams.
• Drive the exploration and integration of cutting-edge security technologies, elevating the maturity and effectiveness of our security capabilities.
• Develop, evangelize, and maintain a suite of modern security policies, standards, and reference architectures that serve as the blueprint for secure innovation.
• Shape the security landscape of our cloud and container environments by defining and governing security requirements for platforms like GCP, AWS, and Kubernetes.
• Forge strong partnerships with stakeholders across Information Governance and Enterprise Risk Management to build a unified vision for security at CME Group.
• Actively contribute to key governance forums, including the Architecture Review Board and Change Advisory Board, to steer technology decisions from a security-first perspective.
• Lead remediation efforts for assessment, audit, and regulatory findings, fortifying our defenses against future risks.
• Oversee and optimize security architecture governance processes, streamlining exception requests and change management activities.

Benefits

• Comprehensive health coverage
• Retirement package that includes both a 401(k) and an active pension plan
• Highly competitive education reimbursement provisions
• Paid time off
• Mental health benefit
• Annual target bonus opportunity
• Opportunity to become an owner in the company through our broad-based equity program