Cyber War Game Manager - CME Group Chicago, IL, USA Bookmark Share Print 1216 1 12

Listing Description

Description

The Cyber War Game Manager position is responsible for the planning, design, and execution of strategic and operational cyber tabletop and wargame exercises. The exercises test the resiliency of CME Group’s people, policies, and processes against realistic simulated cybersecurity events. Employees across functional areas (e.g., technology, business, legal, compliance) and from all levels, including senior management, participate in exercises.

The person in this role will, with support, develop scenarios informed by internally and externally researched risks and trends, turn those scenarios into well-documented plans, and run the exercises. The Manager in this role is expected to have broad technology and cybersecurity knowledge and be able to turn identified scenarios into plausible attack chains, understand the business impacts of those attacks, and lead the exercises by playing out the scenarios in real-time.

To be successful in this role, a candidate must be organized and able to create timelines, inject schedules, and handouts to meet target deadlines and be able to coordinate persons from multiple areas in preparation of the exercises. During exercises, the Manager is responsible for directing the exercise and capturing key takeaways to later create recommendations for improvement.

The person in this role will be expected to present to all levels of management before, during, and after exercises. The Manager must be a strong communicator and comfortable presenting to technical and non-technical stakeholders. Additionally, the person in this role must be comfortable interviewing a broad range of employees, workshopping ideas for new scenarios, and gaining stakeholder buy-in. Strong project management experience is necessary

In addition to the above, the person in this role will participate in sector-wide exercises hosted by external parties (e.g., Treasury, FS-ISAC, etc.). The Manager will represent CME Group at these exercises and guide CME’s participation.

This position reports to the Sr. Director of Cyber Risk Management and is responsible for managing third-party consultants in support of the wargaming function and developing an internal employee team. Management experience and experience managing consultants is a plus.

Primary Responsibilities:

· Develop cyber exercise designs including a business-level scenario storyline, technical-level attack chain, exercise inject timeline, delivery structure, and logistics plan

· Develop pre-exercise, exercise, and post-exercise materials – including training presentations, scenario injects, and an after-action report

· Lead planned cyber exercises multiple times per year

· Manage relationships with third-party consultants to assist in the creation, documentation, and execution of the exercises

· Document risks and findings discovered during exercises and drive improvement

· Assist in the maintenance and testing of internal policies and procedures

· Potential travel up to 10%

Personal Attributes:

· Broad technology experience in an operational or cybersecurity role

· Strong organizational skills and ability to prioritize work to meet deadlines

· Effective verbal and written communication skills, and comfortable presenting to large groups and senior executive leadership

· Excellent listening and interpersonal skills, and ability to run large meetings

• Highly self-motivated and directed with keen attention to detail

• Ability to deal diplomatically and effectively at all levels of the organization in both technical and non-technical areas

Professional Experience:

· 3+ years of relevant experience developing or supporting tabletop exercises and wargames

· 5+ years working in a cybersecurity or technology operations support role in an enterprise environment

· Relevant experience in financial or other highly-regulated industries

· Successful candidates should be able to demonstrate a passion for information security through course work/degrees completed, self-study, and/or certifications that have been completed

Formal Education & Certifications

· BA/BS in Business, English, Information Technology (or related work experience)

· One or more of the following: Security+, SSCP, CISSP, GCPM, PMP, CISM, CISA (or related experience)Primary Responsibilities:

· Develop cyber exercise designs including a business-level scenario storyline, technical-level attack chain, exercise inject timeline, delivery structure, and logistics plan

· Develop pre-exercise, exercise, and post-exercise materials – including training presentations, scenario injects, and an after-action report

· Lead planned cyber exercises multiple times per year

· Manage relationships with third-party consultants to assist in the creation, documentation, and execution of the exercises

· Document risks and findings discovered during exercises and drive improvement

· Assist in the maintenance and testing of internal policies and procedures

· Potential travel up to 10%