Third-Party Cyber Risk Specialist

Job Description: Building trusted markets — powered by our people       At Cboe Global Markets, we inspire our people to solve complex challenges together because what we do matters. We provide   the financial   infrastructure that powers the global economy. As a leading provider of market infrastructure and tradable products, Cboe delivers   cutting-edge   trading, clearing and investment solutions to market participants around the world.    We’re   building meaningful ways to support professional and personal development while strengthening the trust   we’ve   earned as a global market leader. Our teams are empowered to share ideas, actively pursue   them   and bring on a challenge. As champions of internal mobility and access to opportunity, we encourage our people to “go for it” and equip our managers with the training to coach their teams to the next level. We strive to   provide   employees   a safe space to network, share   ideas   and create opportunities.     Please note: To support strong partnership and team connection, this role follows a four day in office work model.   Location Overview   Cboe HQ   is   located in   the historic Old Post Office   district,   i t’ s a landmark that blends classic architecture with modern amenities. The building features expansive spaces with   high ceilings   and large windows, offering an abundance of natural light and panoramic views of the   city   skyline and the Chicago River.   With its prime location in the heart of downtown, the OPO Building provides easy access to major transportation hubs, including Union Station and multiple CTA lines, making it convenient for commuters. The building is home to a variety of amenities, including restaurants,   a   fitness center, and collaborative workspaces, creating a vibrant and dynamic work environment in one of Chicago's most iconic areas.   Role Overview   The Global  Third-Party  Risk Management Team is seeking a Third - Party Cyber Risk Specialist to  assist  in executing the risk management program for third-party vendors and service providers. This position includes conducting comprehensive risk assessments, ensuring compliance with Cboe and industry security standards,  monitoring  vendor relationships, and addressing client due diligence inquiries to mitigate potential risks to the organization.  Cboe’s  Third Party Cyber Risk Specialist will specifically focus on cyber threats and vulnerabilities within the third-party ecosystem. Candidates must be able to quickly adjust to changing priorities and adapt to an evolving business environment.     Your responsibilities will be: Manage incoming client requests (such as assessments, questionnaires, etc.), prioritize and triage requests to appropriate teams, and   validate   non-disclosure agreements .   Facilitate communication between business, legal, technology, and information security teams to   validate   questionnaire responses and fulfill general requests related to controls defined by   Cboe’s   standards and policies.       Serve as a point of contact for internal stakeholders for client due diligence inquiries,   e nsuring  timely  and  accurate  responses.    Function as the subject matter expert for the response management software used for managing and responding precisely and quickly to client due diligence questionnaires .     Manage and   maintain   a standardized library of responses for client due diligence questionnaires, ensuring accuracy and consistency.     Collaborate with internal experts to update and refine responses as needed.    Assist   team with onboarding new vendor relationships.   Collect, review, and process information and documentation from third party vendors/suppliers.    Conduct third-party risk assessments and due diligence reviews. Analyze security information to  identify  significant control or security gaps and report findings to senior team members.    Perform comprehensive security reviews of potential and existing third-party vendors using questionnaires and security tools to evaluate their cybersecurity controls and  identify  potential risks.    Analyze identified risks from third parties and prioritize them based on their potential impact and likelihood of occurrence; create remediation plans accordingly.   Continuously  monitor  third-party vendors' security posture through regular assessments, vulnerability scans, and incident reporting to  maintain  a consistent level of security.    Coordinate with internal security team to respond to cyber incidents involving third-party vendors, providing necessary support for investigation and remediation.    Assist with regulatory exams by obtaining documentation and drafting responses to regulator inquiries.   Perform  additional  activities as needed.    The ideal candidate has   Bachelor’s Degree or equivalent work experience in a relevant field.       3+   years’ experience in third-party risk management, vendor management, security incident response, cyber   management  or comparable field  required .    Strong understanding of cybersecurity principles, including application security, access control, and incident response. Knowledge of compliance and regulatory frameworks (e.g., NIST, SOC 2, GDPR, ISO 27001).    Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-function teams.   Ability to work independently and manage multiple assignments/projects simultaneously.   Experience conducting vendor risk assessments .   Experience with third party/vendor risk management platforms is a plus .   Benefits and Perks of working for Cboe Global Markets We value the total wellbeing of our people – including health, financial, personal and social wellness. We believe standard benefits like health insurance and fair pay are a given at any organization. Still, you should know we offer:  Fair and competitive sal