Senior Information Security & Risk Manager

NFA is purpose-driven. We safeguard the integrity of the derivatives markets, protect investors and ensure that our Members meet their regulatory obligations. We take pride in our work; maintain a conviction to do the right thing; empower each other; and support our community. Envision your career in a place where performing critical regulatory work within the financial industry is as significant as the passionate and talented individuals with whom you work.

NFA is purpose-driven. We safeguard the integrity of the derivatives markets, protect investors and ensure that our Members meet their regulatory obligations. We take pride in our work; maintain a conviction to do the right thing; empower each other; and support our community. Envision your career in a place where performing critical regulatory work within the financial industry is as significant as the passionate and talented individuals with whom you work.

When you join NFA as a Senior Information Security & Risk Manager, you will play a critical role in supporting our mission by strengthening NFA's information security compliance program and ensuring alignment with regulatory requirements, industry frameworks, and evolving cybersecurity best practices.  As a subject matter expert you will ensure policy alignment with NIST CSF, NIST SP 800-53r5, and FISMA requirements. 

Bring your analytical mindset and security expertise to solve complex challenges, evaluate risk, and identify opportunities for continuous improvement.

Beginning your first day and throughout your career at NFA, you will collaborate with Information Systems, Security Operations, and business stakeholders to assess compliance requirements, evaluate security controls, and support ongoing compliance initiatives.  You will quickly become a trusted resource on security frameworks while helping NFA navigate an increasingly complex cybersecurity and technology landscape, including adoption of artificial intelligence.

What you'll do:

As a key contributor and SME, you will support the development and maturity of the information security compliance program while partnering with stakeholders across the organization to strengthen governance, manage risk, and ensure regulatory compliance. In addition, you will:

• • Support the development, implementation, maintenance, and improvement of NFA's information security compliance program.
  • Assess and monitor the effectiveness of information security controls, compliance activity, risk mitigation efforts to ensure alignment with regulatory, industry, and organizational requirements.
  • Develop and enhance information security policy standards, procedures and related governance documentation.
  • Collaborate with various departments and stakeholders to identify compliance gaps, evaluate risk, and support remediation activities. 
  • Help lead internal and external audits and prepare compliance materials for regulatory reporting and information requests, including those related to CFTC submissions.
  • Monitor changes to applicable laws, regulations, frameworks  and industry best practices to recommend appropriate updates to NFA's compliance program.
  • Prepare compliance documentation, risk assessments, metrics, and reports for management, regulatory agencies, and other stakeholders.
  • Assess governance, risk, compliance, and control considerations associated with emerging technologies, including artificial intelligence and support the development of appropriate policies, and oversight practices.
  • Maintain professional knowledge through continuous education, industry engagement, and awareness of evolving cybersecurity, compliance, privacy, and AI governance practices.

What we are looking for:

We're seeking a collaborative and intellectually curios professional who combines strong compliance expertise with business judgement.  The successful candidate will be comfortable working independently and communicating with both technical and non-technical stakeholders.  A commitment to continuous learning, attention to detail, and the ability to translate complex regulatory requirements into practical solutions will be critical to success in this role.  Additional requirements and experience include:

• • Bachelor's degree in Information Security, Cybersecurity, Risk Management, or related field.
  • A minimum of 7 years of experience in information security, cybersecurity compliance, IT risk management, or related discipline.
  • SME in NIST CSF, NIST SP 800-53, FISMA, and information security governance.
  • Experience supporting regulatory examinations, audits, control assessments, or compliance reviews.
  • Expertise in information security risk management methodologies and control frameworks.
  • Knowledge and interest in emerging cybersecurity concepts, as well as AI governance considerations.
  • Strong analytical, organizational, problem solving, and communication skills.
  • Ability to collaborate and work with departments across multifaceted organizations.
  • Skilled in developing executive reports and presentations that convey complex information security and risk concepts to both technical and non-technical audiences.
  • Relevant certifications such as CISSP, CISM, CRISC, CGRC, or similar certifications are preferred.

The salary range for this position is $152,950 to $272,000

Customers and market participants depend on NFA to act with integrity and impartiality as it carries out its mission of safeguarding the markets and protecting investors. Therefore, NFA employees have a responsibility to conduct themselves according to high ethical standards, and must abide by NFA's Code of Professional Conduct. Learn more about the Code of Professional Conduct.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.

To learn more about NFA and the benefits we offer please visit: What We Offer | National Futures Association