Senior Third-Party Cyber Risk Specialist - Flexible Hybrid in Chicago, IL or Lenexa, KS
ErisX
Job Description:
Building trusted markets —powered by our people.
At Cboe, we inspire our people to solve complex challenges together because what we do matters. We provide the financial infrastructure that powers the global economy. As a leading provider of market infrastructure and tradable products, Cboe delivers cutting-edge trading, clearing and investment solutions to market participants around the world.
We’re building inclusive ways to support professional and personal development while strengthening the trust we’ve earned as a global market leader. Our teams are empowered to share ideas, actively pursue them and bring on a challenge. As champions of internal mobility and access to opportunity, we encourage our people to “go for it” and equip our managers with the training to coach their teams to the next level. Our Associate Resource Groups champion diversity, equity and inclusion, giving associates a safe space to network, share ideas and create opportunities.
Sound like the place for you? Join us!
The Global Third-Party Risk Management Team is seeking a Senior Third-Party Cyber Risk Specialist to assist in executing the risk management program for third-party vendors and service providers. This position includes conducting comprehensive risk assessments, ensuring compliance with Cboe and industry security standards, monitoring vendor relationships, and addressing client due diligence inquiries to mitigate potential risks to the organization. Cboe’s Senior Third-Party Cyber Risk Specialist will specifically focus on cyber threats and vulnerabilities within the third-party ecosystem. Candidates must be able to quickly adjust to changing priorities and adapt to an evolving business environment.
PLEASE NOTE: We offer a flexible hybrid work model; 2 days a week on site in either our Chicago, IL or Lenexa, KS office locations.
In this role you’ll be responsible for:
Manage incoming client requests (such as assessments, questionnaires, etc.), prioritize and triage requests to appropriate teams, and validate non-disclosure agreements.
Facilitate communication between business, legal, technology, and information security teams to validate questionnaire responses and fulfill general requests related to controls defined by Cboe’s standards and policies.
Serve as a point of contact for internal stakeholders for client due diligence inquires, ensuring timely and accurate responses.
Function as the subject matter expert for the response management software used for managing and responding precisely and quickly to client due diligence questionnaires.
Manage and maintain a standardized library of responses for client due diligence questionnaires, ensuring accuracy and consistency.
Collaborate with internal experts to update and refine responses as needed.
Assist team with onboarding new vendor relationships.
Collect, review, and process information and documentation from third party vendors/suppliers.
Conduct third-party risk assessments and due diligence reviews. Analyze security information to identify significant control or security gaps and report findings to senior team members.
Perform comprehensive security reviews of potential and existing third-party vendors using questionnaires and security tools to evaluate their cybersecurity controls and identify potential risks.
Analyze identified risks from third parties and prioritize them based on their potential impact and likelihood of occurrence; create remediation plans accordingly.
Continuously monitor third-party vendors' security posture through regular assessments, vulnerability scans, and incident reporting to maintain a consistent level of security.
Coordinate with internal security team to respond to cyber incidents involving third-party vendors, providing necessary support for investigation and remediation.
Assist with regulatory exams by obtaining documentation and drafting response to regulator inquires.
Perform additional activities as needed.
The ideal candidate has:
Bachelor’s Degree or equivalent work experience in a relevant field.
Minimum three years’ experience in third-party risk management, vendor management, security incident response, cyber risk management or comparable field required.
Strong understanding of cybersecurity principles, including application security, access control, and incident response. Knowledge of compliance and regulatory frameworks (e.g., NIST, SOC 2, GDPR, ISO 27001).
Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-function teams.
Ability to work independently and manage multiple assignments/projects simultaneously.
Experience conducting vendor risk assessments.
Experience with third party/vendor risk management platforms a plus.
Benefits and Perks
We value the total wellbeing of our people – including health, financial, personal and social wellness. We believe standard benefits like health insurance and fair pay are a given at any organization. Still, you should know we offer:
Fair and competitive salary and incentive compensation packages with an upside for overachievement
Generous paid time off, including vacation, personal days, sick days and annual community service days
Flexible, hybrid work environment
Health, dental and vision benefits, including access to telemedicine and mental health services
2:1 401(k) match, up to 8% match immediately upon hire
Discounted Employee Stock Purchase Plan
Tax Savings Accounts for health, dependent and transportation
Employee referral bonus program
Volunteer opportunities to help you give back to your communities
Some of our associates’ favorite benefits and perks include:
Complimentary lunch, snacks and coffee in any Cboe office
Paid Tuition assistance and education opportunities
Generous charitable giving company match
Paid parental leave and fertility benefits
On-site gyms and discounts to other fitness centers
#LI-CP2
#LI-Hybrid
More About Cboe
We’re reimagining the future of the workplace by focusing on what matters most, our people. Our journey is an inclusive one. We’re investing deeply in leadership programs and career development initiatives that ensure everyone has an equal chance to succeed. We celebrate the diversity in our communities, inside and out, and welcome new perspectives with equity, inclusion and belonging.
We work with purpose, solving problems with ingenuity, collaboration, and a lot of passion. We’re an engaged and excited team connecting markets across borders and embracing growth in all its forms to achieve incredible outcomes.
Learn more about life at Cboe on our website and LinkedIn.
Equal Employment Opportunity
We're proud to be an equal opportunity employer - and celebrate our associates' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status
US Geographic Differentials:
110%: Austin TX, Chicago IL, Denver CO, San Diego CA
115%: Los Angeles CA, Seattle WA
120%: Boston MA, Washington DC
125%: New York City NY
130%: San Francisco CA
Within the range, individual pay is determined by a number of factors, including, but not limited to, work location, job-related skills, experience, and relevant education or training. In addition to base pay, our total rewards program includes an annual variable pay program and benefits including healthcare (medical, dental and vision), 401 (k) with a generous company match, life and disability insurance, paid time off, market-leading tuition assistance, and much more! Your recruiter will provide more details about the total compensation package, including variable pay and benefits, during the hiring process. For further information on our total rewards program, visit TOTAL REWARDS @CBOE.
Any communication from Cboe regarding this position will only come from a Cboe recruiter who has a @cboe.com email or via LinkedIn Recruiter. Cboe does not use any other third party communication tools for recruiting purposes.
