Cyber Exercise Program Manager - Chicago

The Cyber Exercise Program Manager is a high visibility position responsible for the planning, design, and execution of strategic and operational cyber exercises (e.g., simulations, workshops, tabletops, functional exercises). The exercises test CME Group’s incident response plan and the resiliency of CME Group’s people, policies, and processes against realistic simulated cybersecurity events. Employees across functional areas (e.g., technology, business, legal, compliance) and from all levels, including senior management, participate in exercises. In addition, the Cyber Exercise Program Manager will coordinate with the Cyber Defense Resilience Manager to support CME Group participation in cyber exercises hosted by external parties (e.g., Treasury, FS-ISAC).

The person in this role will coordinate internal subject matter experts to develop plausible attack scenarios informed by internally and externally researched risks and trends, turn those scenarios into well-documented plans, and lead the exercises by playing out the scenarios in real-time.

To be successful in this role, a candidate must be organized and able to create timelines, inject schedules, and handouts; meet target deadlines; build relationships across the organization; maintain program documentation; and coordinate persons from multiple areas in preparation of the exercises. The Manager in this role is expected to have working knowledge of enterprise technologies (e.g., networks, databases) and deep interest in cybersecurity topics and industry trends.

The person in this role will present to all levels of management before, during, and after exercises. The Manager must be a strong communicator and comfortable presenting to technical and non-technical stakeholders. Additionally, the person in this role must be comfortable interviewing a range of employees, workshopping ideas for new scenarios, and gaining stakeholder buy-in. During exercises, the Manager is responsible for directing the exercise and capturing key takeaways to later create recommendations for improvement and findings.

This position reports to the Executive  Director of Technology Risk Management & Controls and is responsible for managing third-party consultants in support of the exercise function and developing an internal employee team. Management experience and experience managing consultants is a plus.

Primary Responsibilities:

• Coordinate subject matter experts to develop cyber exercises and create business-level scenario storylines, technical-level attack chains, exercise inject timelines, delivery structures, and logistics plans

• Develop pre-exercise, exercise, and post-exercise materials – including presentations, scenario injects, and after-action reports

• Lead cyber exercise engagements multiple times per year

• Manage relationships with third-party consultants to assist in the creation, documentation, and execution of the exercises

• Document risks and findings discovered during exercises and drive improvement

• Assist in the maintenance and testing of internal policies and procedures

• Potential travel up to 10%

Personal Attributes:

• Strong organizational skills and ability to work to meet deadlines

• Effective verbal and written communication skills, and comfort presenting to large groups and senior executive leadership

• Excellent listening and interpersonal skills, and ability to run large meetings

• Highly self-motivated and directed with keen attention to detail

• Ability to deal diplomatically and effectively at all levels of the organization in both technical and non-technical areas

Professional Experience:

• 5+ years of relevant experience developing or supporting tabletop exercises and simulations, or relevant business continuity / disaster recovery / incident response/threat modeling  experience

• 5+ years working in a cybersecurity or technology operations support role in an enterprise environment

• Ability to communicate complex technical concepts to a non-technical audience

• Relevant experience in financial or other highly-regulated industries

• Successful candidates should be able to demonstrate a passion for information security through cours work, degrees, self-study, or certifications that have been completed

Formal Education & Certifications

• BA/BS in Business, English, Information Technology, Cybersecurity  (or related work experience)

• One or more of the following: Homeland Security Exercise and Evaluation Program (HSEEP) Certificate, Master Exercise Practitioner (MEP) certification, Certified Cyber Resilience Professional (CCRP), Certified Business Continuity Professional (CBCP)

• One or more of the following: Security+, SSCP, CISSP, GCPM, PMP, CISM, CISA (or related experience)

#LI-DD-1

#LI-Hybrid

CME Group is committed to offering a competitive total rewards package for our employees that recognizes their contributions to the business and reflects our long-term investment in their future. The salary range for this role is $119,300-$198,800. Actual salary offered will be dependent on a wide array of factors including but not limited to: relevant experience, skills, education and comparison to internal employees (where relevant). Our compensation program also includes an annual target bonus opportunity for all employees, as well as the opportunity to become an owner in the company through our broad-based equity program. Through our Benefits program, we strive to offer flexibility, value and choice. From comprehensive health coverage, to a retirement package that includes both a 401(k) and an active Pension Plan, to highly competitive education reimbursement provisions, paid time off and a mental health benefit, CME Group offers a holistic Benefits package for our team and their dependents.

CME Group : Where Futures are Made

CME Group is the world’s leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career by shaping tomorrow. We invest in your success and you own it – all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And we’re looking for more.