Information Security Specialist

About the role

Job Description Building trusted markets - powered by our people At Cboe Global Markets, we inspire our people to solve complex challenges together because what we do matters. We provide the financial infrastructure that powers the global economy. As a leading provider of market infrastructure and tradable products, Cboe delivers cutting-edge trading, clearing and investment solutions to market participants around the world. We're building meaningful ways to support professional and personal development while strengthening the trust we've earned as a global market leader. Our teams are empowered to share ideas, actively pursue them and bring on a challenge. As champions of internal mobility and access to opportunity, we encourage our people to "go for it" and equip our managers with the training to coach their teams to the next level. We strive to provide employees a safe space to network, share ideas and create opportunities. To support strong partnership and team connection, this role follows a four day in office work model. Role Overview The Information Security Specialist is responsible for supporting enterprise-wide cyber risk management and governance activities. This role requires a strong foundation in information technology and internal controls, along with proficiency in security frameworks and a solid understanding of cybersecurity risk management practices. The individual will collaborate across global teams to assess risks, recommend and implement robust security controls, and contribute to the development and maintenance of information security policies and standards. In this role, the Information Security Specialist will also support both local and global regulatory compliance efforts, including identifying control gaps and assisting in risk remediation activities. Additionally, the position plays a key role in enhancing the efficiency and effectiveness of security processes through standardization, consistency, and continuous improvement initiatives. This role contributes to the broader mission of the Information Security function by helping protect the organization's people, assets, and reputation through strong governance, optimized controls, and scalable security practices. Your responsibilities will be: Maintain assurance and governance activities related to organization-specific security compliance methodologies that demonstrate our security governance to management and other key stakeholders including regulators, auditors, and boards. Develop and maintain security policies, procedures, and guidelines according to industry best practices and regulatory requirements. Conduct regular security controls testing to evaluate the effectiveness of existing security systems and procedures and recommend improvements. Conduct comprehensive risk assessments to identify potential risks in the organization's IT infrastructure and oversee the lifecycle of any security risks, ensuring that remediation is agreed, effective, and timely. Prepare regular reports on the organization's cyber risk posture for presentation to senior management. Foster strong partnerships and collaborate regularly with other departments communicating security issues, obtaining additional information as needed, and providing status of remediation to security management. Assist with regulatory exams by obtaining documentation, drafting responses, and helping develop security action plans. Stay current with the latest cybersecurity regulatory standards, trends, threats, and technologies, and provide recommendations for improvement. The ideal candidate has Bachelor's degree in Cybersecurity, Computer Science, or related field. 2+ years of experience in information security risk management or similar role. Knowledge and expertise with a wide range of security/risk management governance, guidance, compliance concepts and documentation such as NIST 800-53, NIST Cybersecurity Framework (CSF), ISO or equivalent. Experience using and administrating GRC tooling. Proficient with Windows and Linux, including Active Directory and EntraID. Strong analytical, good organizational, effective communication, and presentation skills. Flexibility in work given and ability to actively research how to perform new tasks. Proficient in using Microsoft Teams, Excel, PowerPoint, Word and AI tools (Copilot, ChatGPT and others). Experience with GenAI coding assistance and leveraging AI to improve processes. CISSP, CRISC, CISM or other related security certifications. More About Cboe Global Markets We're reimagining the future of the workplace by focusing on what matters most, our people. Our journey is an inclusive one. We're investing deeply in leadership programs and career development initiatives that ensure everyone has an equal chance to succeed. We work with purpose, solving problems with ingenuity, collaboration, and a lot of passion. We're an engaged and excited team connecting markets across borders and embracing growth in all its forms to