Glocomms
Lead Associate Principal, Security Assurance
Glocomms, Chicago, Illinois, United States, 60290
Lead Associate Principal, Security Assurance
Location:
Chicago, IL - Hybrid (3-days on-site per week). Compensation:
$140,000 - $180,000 base salary range + bonus + benefits. Work authorization:
Please note that our client is unable to sponsor employment visas at this time; therefore, we can only consider candidates who are U.S. citizens or current Green Card holders. Glocomms is partnering with a leading financial services firm to hire a Security Assurance Lead within their Security Services division. This organization plays a vital role in maintaining stability and integrity in the equity derivatives market. Role Overview
The Lead Associate Principal, Security Assurance will lead and execute a variety of security assessments, including internal risk evaluations, third-party reviews, and technology onboarding assessments. This role also supports the development and enhancement of security assurance processes, including automation, AI integration, and policy updates. Key Responsibilities Plan, conduct, and report on security assessments for internal departments and third-party technologies. Collaborate with engineering and threat intelligence teams to define security requirements for new technologies and proof-of-concepts. Oversee the Security Observation Risk Tracking process, including risk rating, communication, and lifecycle management. Tag security observations using MITRE ATT&CK framework in collaboration with threat intelligence. Review and approve privilege elevation, proxy exceptions, and firewall requests for Linux servers. Participate in risk intake and acceptance reviews with operational risk teams. Research and recommend updates to risk assessment methodologies and frameworks. Track remediation and validate findings from audits, compliance checks, and regulatory reviews. Explore opportunities to integrate AI into security assurance workflows. Document and enhance process flows in partnership with business operations. Mentor junior analysts and support knowledge transfer. Collaborate with IT to disseminate and train on security requirements. Support project planning and process formalization.
Qualifications
Strong communication, analytical, and judgment skills. Ability to work independently and collaboratively across teams and locations. Deep understanding of IT, risk management, and analytics. Familiarity with frameworks such as COBIT, NIST 800-53, NIST CSF, ISO. Experience with regulatory requirements (e.g., Reg SCI, CFTC 99.18). Proficiency in tools like ServiceNow, Tableau, Archer GRC, Jira, and Confluence.
Education & Experience
Minimum 5 years of hands-on experience in Information Security, preferably in Compliance, Audit, or Risk Management. Bachelor's degree in Computer Science, MIS, Statistics, Mathematics, or equivalent experience.
Certifications (Preferred but not required)
GIAC, CISSP, CISA, CISM, CRISC, AWS certifications
Benefits
Hybrid work model with remote flexibility Tuition reimbursement and student loan assistance Technology stipend for remote work setup Generous PTO and parental leave 401(k) employer match
Seniority level
Mid-Senior level
Employment type
Full-time
Job function
Information Technology
Industries
Technology, Information and Internet Technology, Information and Media
#J-18808-Ljbffr
Location:
Chicago, IL - Hybrid (3-days on-site per week). Compensation:
$140,000 - $180,000 base salary range + bonus + benefits. Work authorization:
Please note that our client is unable to sponsor employment visas at this time; therefore, we can only consider candidates who are U.S. citizens or current Green Card holders. Glocomms is partnering with a leading financial services firm to hire a Security Assurance Lead within their Security Services division. This organization plays a vital role in maintaining stability and integrity in the equity derivatives market. Role Overview
The Lead Associate Principal, Security Assurance will lead and execute a variety of security assessments, including internal risk evaluations, third-party reviews, and technology onboarding assessments. This role also supports the development and enhancement of security assurance processes, including automation, AI integration, and policy updates. Key Responsibilities Plan, conduct, and report on security assessments for internal departments and third-party technologies. Collaborate with engineering and threat intelligence teams to define security requirements for new technologies and proof-of-concepts. Oversee the Security Observation Risk Tracking process, including risk rating, communication, and lifecycle management. Tag security observations using MITRE ATT&CK framework in collaboration with threat intelligence. Review and approve privilege elevation, proxy exceptions, and firewall requests for Linux servers. Participate in risk intake and acceptance reviews with operational risk teams. Research and recommend updates to risk assessment methodologies and frameworks. Track remediation and validate findings from audits, compliance checks, and regulatory reviews. Explore opportunities to integrate AI into security assurance workflows. Document and enhance process flows in partnership with business operations. Mentor junior analysts and support knowledge transfer. Collaborate with IT to disseminate and train on security requirements. Support project planning and process formalization.
Qualifications
Strong communication, analytical, and judgment skills. Ability to work independently and collaboratively across teams and locations. Deep understanding of IT, risk management, and analytics. Familiarity with frameworks such as COBIT, NIST 800-53, NIST CSF, ISO. Experience with regulatory requirements (e.g., Reg SCI, CFTC 99.18). Proficiency in tools like ServiceNow, Tableau, Archer GRC, Jira, and Confluence.
Education & Experience
Minimum 5 years of hands-on experience in Information Security, preferably in Compliance, Audit, or Risk Management. Bachelor's degree in Computer Science, MIS, Statistics, Mathematics, or equivalent experience.
Certifications (Preferred but not required)
GIAC, CISSP, CISA, CISM, CRISC, AWS certifications
Benefits
Hybrid work model with remote flexibility Tuition reimbursement and student loan assistance Technology stipend for remote work setup Generous PTO and parental leave 401(k) employer match
Seniority level
Mid-Senior level
Employment type
Full-time
Job function
Information Technology
Industries
Technology, Information and Internet Technology, Information and Media
#J-18808-Ljbffr