Senior Information Security & Risk Manager

National Futures Association•Chicago, IL

2d•$152,950 - $272,000

About The Position

NFA is purpose-driven. We safeguard the integrity of the derivatives markets, protect investors and ensure that our Members meet their regulatory obligations. We take pride in our work; maintain a conviction to do the right thing; empower each other; and support our community. Envision your career in a place where performing critical regulatory work within the financial industry is as significant as the passionate and talented individuals with whom you work. When you join NFA as a Senior Information Security & Risk Manager, you will play a critical role in supporting our mission by strengthening NFA's information security compliance program and ensuring alignment with regulatory requirements, industry frameworks, and evolving cybersecurity best practices. As a subject matter expert you will ensure policy alignment with NIST CSF, NIST SP 800-53r5, and FISMA requirements. Bring your analytical mindset and security expertise to solve complex challenges, evaluate risk, and identify opportunities for continuous improvement. Beginning your first day and throughout your career at NFA, you will collaborate with Information Systems, Security Operations, and business stakeholders to assess compliance requirements, evaluate security controls, and support ongoing compliance initiatives. You will quickly become a trusted resource on security frameworks while helping NFA navigate an increasingly complex cybersecurity and technology landscape, including adoption of artificial intelligence.

Requirements

Bachelor's degree in Information Security, Cybersecurity, Risk Management, or related field.
A minimum of 7 years of experience in information security, cybersecurity compliance, IT risk management, or related discipline.
SME in NIST CSF, NIST SP 800-53, FISMA, and information security governance.
Experience supporting regulatory examinations, audits, control assessments, or compliance reviews.
Expertise in information security risk management methodologies and control frameworks.
Knowledge and interest in emerging cybersecurity concepts, as well as AI governance considerations.
Strong analytical, organizational, problem solving, and communication skills.
Ability to collaborate and work with departments across multifaceted organizations.
Skilled in developing executive reports and presentations that convey complex information security and risk concepts to both technical and non-technical audiences.

Nice To Haves

Relevant certifications such as CISSP, CISM, CRISC, CGRC, or similar certifications are preferred.

Responsibilities

Support the development, implementation, maintenance, and improvement of NFA's information security compliance program.
Assess and monitor the effectiveness of information security controls, compliance activity, risk mitigation efforts to ensure alignment with regulatory, industry, and organizational requirements.
Develop and enhance information security policy standards, procedures and related governance documentation.
Collaborate with various departments and stakeholders to identify compliance gaps, evaluate risk, and support remediation activities.
Help lead internal and external audits and prepare compliance materials for regulatory reporting and information requests, including those related to CFTC submissions.
Monitor changes to applicable laws, regulations, frameworks and industry best practices to recommend appropriate updates to NFA's compliance program.
Prepare compliance documentation, risk assessments, metrics, and reports for management, regulatory agencies, and other stakeholders.
Assess governance, risk, compliance, and control considerations associated with emerging technologies, including artificial intelligence and support the development of appropriate policies, and oversight practices.
Maintain professional knowledge through continuous education, industry engagement, and awareness of evolving cybersecurity, compliance, privacy, and AI governance practices.