Paul Murphy Associates
Role:
Chief Information Security Officer
Reports to:
President
Location:
Chicago or NYC preferred (Hybrid – 3 days per week on-site)
The Chief Information Security Officer is a critical leadership position responsible for establishing, managing, and evolving the enterprise-wide information security strategy and program. The Company’s security strategy will initially focus on ensuring regulatory requirements are met but it must also provide a robust, scalable and secure foundation that enables future growth in the dynamic and regulated financial markets.
The CISO will serve as the company’s foremost authority on all matters of cybersecurity, information compliance, and information risk, protecting the core exchange and clearing technology, corporate IT, and all related data and physical assets. This role is highly visible and requires a hands‑on technical leader capable of strategic direction, executive management, and detailed technical oversight, including direct interface with the Company’s Board of Directors.
Responsibilities include, but are not limited to:
Work closely with the Chief Risk Officer (CRO) to integrate information security risk management into the enterprise risk management framework.
Establish and enforce security policies, standards, and procedures across all technical infrastructure, applications, and business processes.
Direct all security operations, including threat intelligence, vulnerability management, security monitoring, incident detection, and response across the entire technology footprint (trading, clearing, corporate IT, and data platforms).
Oversee and be responsible for the security of all data and critical systems, including secure software development lifecycle (SDLC), network security, and cloud security architecture working closely with the DevOps team.
Cryptography and Key Management: Drive the strategy and implementation for managing, securing, and auditing cryptographic keys and secrets for all critical systems.
Manage and direct the company’s incident response and disaster recovery/business continuity planning related to information security. This is a 24/7/365 critical function.
Manage third‑party security assurance activities, including vendor evaluation, due diligence, penetration testing, and vulnerability assessments.
Ensure continuous compliance with all relevant financial regulatory frameworks, including CFTC regulations applicable to DCMs and DCOs, and other applicable standards (e.g., NIST Cybersecurity Framework, ISO 27001).
Build, mentor, and lead a high‑performing team of information security professionals (analysts, engineers, and architects).
Required Qualifications
10 years progressive experience in information security roles, with 5 years in a senior leadership or CISO role within a highly regulated financial institution.
#J-18808-Ljbffr
Chief Information Security Officer
Reports to:
President
Location:
Chicago or NYC preferred (Hybrid – 3 days per week on-site)
The Chief Information Security Officer is a critical leadership position responsible for establishing, managing, and evolving the enterprise-wide information security strategy and program. The Company’s security strategy will initially focus on ensuring regulatory requirements are met but it must also provide a robust, scalable and secure foundation that enables future growth in the dynamic and regulated financial markets.
The CISO will serve as the company’s foremost authority on all matters of cybersecurity, information compliance, and information risk, protecting the core exchange and clearing technology, corporate IT, and all related data and physical assets. This role is highly visible and requires a hands‑on technical leader capable of strategic direction, executive management, and detailed technical oversight, including direct interface with the Company’s Board of Directors.
Responsibilities include, but are not limited to:
Work closely with the Chief Risk Officer (CRO) to integrate information security risk management into the enterprise risk management framework.
Establish and enforce security policies, standards, and procedures across all technical infrastructure, applications, and business processes.
Direct all security operations, including threat intelligence, vulnerability management, security monitoring, incident detection, and response across the entire technology footprint (trading, clearing, corporate IT, and data platforms).
Oversee and be responsible for the security of all data and critical systems, including secure software development lifecycle (SDLC), network security, and cloud security architecture working closely with the DevOps team.
Cryptography and Key Management: Drive the strategy and implementation for managing, securing, and auditing cryptographic keys and secrets for all critical systems.
Manage and direct the company’s incident response and disaster recovery/business continuity planning related to information security. This is a 24/7/365 critical function.
Manage third‑party security assurance activities, including vendor evaluation, due diligence, penetration testing, and vulnerability assessments.
Ensure continuous compliance with all relevant financial regulatory frameworks, including CFTC regulations applicable to DCMs and DCOs, and other applicable standards (e.g., NIST Cybersecurity Framework, ISO 27001).
Build, mentor, and lead a high‑performing team of information security professionals (analysts, engineers, and architects).
Required Qualifications
10 years progressive experience in information security roles, with 5 years in a senior leadership or CISO role within a highly regulated financial institution.
#J-18808-Ljbffr