This position is located in the Compliance Branch of the Division of Market Oversight (DMO). The mission of the Division of Market Oversight (DMO) is to foster open, transparent, fair, competitive and secure markets through clear rules and effective oversight of derivatives markets and market participants. DMO seeks to be the world’s foremost authority on the rapidly evolving derivatives markets.Learn more about this agency
At the full performance level, you will serve as a Systems Risk Analyst in the Compliance Branch (Branch) of the Division of Market Oversight (DMO), as senior staff of the Branch's Market Continuity Program (MCP). Using advanced knowledge of information technology (IT) concepts and of standards, guidelines, and best practices regarding system safeguards and security control reviews, you will conduct the CFTC's oversight of compliance by Designated Contract Markets (DCMs), Swap Data Repositories (SDRs), and Swap Execution Facilities (SEFs) with the system safeguards requirements of the Commodity Exchange Act (Act) and CFTC regulations. Additionally you will;
- Plan and conduct System Safeguards Examinations (SSEs) of all DCMs, SDRs, and SEFs, to evaluate the reliability, cyber and physical security, adequate scalable capacity, internal oversight, and testing of their automated trading and data reporting systems
- Serve as one of DMO's senior IT and system safeguards experts for performance of system safeguards oversight that is complex, sensitive, and of high importance to the mission of the CFTC.
- Serve as an expert on teams conducting system safeguards examinations (SSEs) of DCMs, SEFs, and SDRs to assess their compliance with the system safeguards requirements of the Act and Commission regulations. SSEs address DCM, SEF, and SDR compliance with core principles requiring the regulatee to: establish and maintain a program of risk oversight to identify and minimize sources of operational risk through development of appropriate controls and procedures and development of automated systems that are reliable, secure, and have adequate scalable capacity; establish and maintain emergency procedures, backup facilities, and a plan for disaster recovery that allow for the timely recovery and resumption of operations and the fulfillment of the duties and obligations of the [regulatee]; and periodically conduct tests to verify that backup resources are sufficient.
- SSEs focus on seven risk oversight program areas, including:
- Enterprise risk management and governance;
- Information security;
- Business continuity and disaster recovery, including pandemic planning;
- Capacity and performance planning;
- Systems operations;
- Systems development and quality assurance; and
- Physical security and environmental controls.
- In leading or participating on an SSE team, the incumbent will:
- organize and conduct review of documents provided by the DCM, SDR, or SEF examined;
- conduct extended on-site interviews, as a senior expert on the interview team, with regulatee senior management and technical staff;
- apply extensive, expert knowledge of risk oversight, IT principles, appropriate controls and procedures, and best practices for automated systems to the analysis of information developed in the course of the SSE, and play a significant participatory role at an expert level in MCP staff determination of appropriate findings and recommendations;
- draft a detailed report of MCP findings and recommendations;
- participate as a senior-level expert in communicating findings and recommendations to senior management and technical staff of the DCM, SDR, or SEF examined; and
- assess the efficacy and timeliness of corrective action taken by the DCM, SDR, or SEF
Represents the MCP on DMO teams reviewing applications from entities seeking designation as a DCM or registration as an SDR or SEF. Serves as an expert in technical reviews by MCP staff of the applicant's compliance with system safeguards requirements for entities seeking the designation or registration in question. Expertly communicates with applicants during the registration or designation process and participates as a senior-level expert in MCP staff evaluation of applicant sufficiency in light of applicable system safeguards requirements, and drafts system safeguards-related portions of related reports and registration or designation orders. May be required to independently conduct such technical reviews, including on-site data center visits.
25% or less - Occasional Travel
Who May Apply
This job is open to…
We will accept applications from all U.S. Citizens
Job family (Series)
This job originated on www.usajobs.gov. For the full announcement and to apply, visit www.usajobs.gov/GetJob/ViewDetails/499367800. Only resumes submitted according to the instructions on the job announcement listed at www.usajobs.gov will be considered.