Director of Infrastructure Security Architecture

The Global Information Security department is seeking a visionary and results-driven Principal Security Architect to lead the strategic evolution of our security architecture. This is an individual contributor role on a team of expert security architects. This role is for a hands-on leader who can translate business needs into robust, scalable, and resilient security solutions that protect CME Group's critical infrastructure and market integrity. You will be a key driver in shaping our security posture, collaborating with teams across the enterprise to embed security by design.

What You'll Get

• A supportive environment fostering career progression, continuous learning, and an inclusive culture.
• Broad exposure to CME's diverse products, asset classes, and cross-functional teams.
• A competitive salary and comprehensive benefits package. Learn more about our career opportunities here.

What You'll Do

• Conduct deep-dive security assessments for critical business and technology initiatives, ensuring alignment with our security standards and pioneering new ones.
• Embed secure design principles directly into our product and infrastructure lifecycles, acting as a trusted consultant to development and engineering teams.
• Drive the exploration and integration of cutting-edge security technologies, elevating the maturity and effectiveness of our security capabilities.
• Develop, evangelize, and maintain a suite of modern security policies, standards, and reference architectures that serve as the blueprint for secure innovation.
• Shape the security landscape of our cloud and container environments by defining and governing security requirements for platforms like GCP, AWS, and Kubernetes.
• Forge strong partnerships with stakeholders across Information Governance and Enterprise Risk Management to build a unified vision for security at CME Group.
• Actively contribute to key governance forums, including the Architecture Review Board and Change Advisory Board, to steer technology decisions from a security-first perspective.
• Lead remediation efforts for assessment, audit, and regulatory findings, fortifying our defenses against future risks.
• Oversee and optimize security architecture governance processes, streamlining exception requests and change management activities.

What You'll Bring

• A decade or more of hands-on experience in information security, with a proven track record in analysis, design, and service development.
• 5+ years of experience as a security architect in a large-scale, publicly traded, or financial/technology enterprise, demonstrating expertise in complex, mission-critical environments.
• Deep subject matter expertise in a broad range of information security and infrastructure technologies.
• Proven experience in developing and implementing security standards, reference architectures, policies, and procedural guidelines.
• Extensive knowledge of security practices for cloud platforms (GCP or AWS) and container orchestration technologies like Kubernetes.
• Exceptional communication skills with the ability to articulate complex security concepts to both technical and executive audiences.
• In-depth familiarity with industry-standard security and regulatory frameworks such as CIS, NIST, and RegSCI.
• A strong grasp of architectural frameworks like Zachman or TOGAF and experience with Agile/SAFe methodologies is highly desirable.
• Relevant industry certifications (e.g., CISSP, CISA, GIAC, PMP) are a plus.

#LI-JK1

#Hybrid

CME Group is committed to offering a competitive total rewards package for our employees that recognizes their contributions to the business and reflects our long-term investment in their future. The pay ranges for this role based on location are: Chicago: $164,000-$273,400 New York/New Jersey: $171,800-$286,400. Actual salary offered will be dependent on a wide array of factors including but not limited to: relevant experience, skills, education and comparison to internal employees (where relevant). Our compensation program also includes an annual target bonus opportunity for all employees, as well as the opportunity to become an owner in the company through our broad-based equity program. Through our benefits program, we strive to offer flexibility, value and choice. From comprehensive health coverage, to a retirement package that includes both a 401(k) and an active pension plan, to highly competitive education reimbursement provisions, paid time off and a mental health benefit, CME Group offers a holistic benefits package for our team and their dependents.