Senior Third-Party Cyber Risk Specialist - Flexible Hybrid in Chicago, IL or Lenexa, KS

Join to apply for the Senior Third-Party Cyber Risk Specialist - Flexible Hybrid in Chicago, IL or Lenexa, KS role at Cboe Global Markets

Building trusted markets — powered by our people. At Cboe, we inspire our people to solve complex challenges together because what we do matters. We provide the financial infrastructure that powers the global economy. As a leading provider of market infrastructure and tradable products, Cboe delivers cutting-edge trading, clearing, and investment solutions to market participants around the world.

We’re building inclusive ways to support professional and personal development while strengthening the trust we’ve earned as a global market leader. Our teams are empowered to share ideas, actively pursue them, and bring on a challenge. As champions of internal mobility and access to opportunity, we encourage our people to “go for it” and equip our managers with the training to coach their teams to the next level. Our Associate Resource Groups champion diversity, equity, and inclusion, giving associates a safe space to network, share ideas, and create opportunities.

Sound like the place for you? Join us!

The Global Third-Party Risk Management Team seeks a Senior Third-Party Cyber Risk Specialist to execute the risk management program for third-party vendors and service providers. Responsibilities include conducting comprehensive risk assessments, ensuring compliance with security standards, monitoring vendor relationships, and addressing client due diligence inquiries to mitigate organizational risks. The focus will be on cyber threats and vulnerabilities within the third-party ecosystem. Candidates must adapt quickly to changing priorities and an evolving business environment.

PLEASE NOTE: We offer a flexible hybrid work model; 2 days a week on-site in Chicago, IL or Lenexa, KS.

• Manage client requests, prioritize, triage, and validate non-disclosure agreements.
• Coordinate communication between business, legal, technology, and security teams to validate responses and fulfill requests related to controls.
• Serve as a point of contact for client due diligence inquiries, ensuring timely responses.
• Act as a subject matter expert for response management software.
• Maintain a library of responses for client questionnaires, ensuring accuracy and consistency.
• Collaborate internally to update responses and assist with vendor onboarding.
• Conduct risk assessments, analyze security information, and report findings.
• Perform security reviews of vendors, identify risks, and develop remediation plans.
• Monitor vendors’ security posture regularly.
• Coordinate with security teams during cyber incidents involving vendors.
• Assist with regulatory examinations and documentation.
• Perform other activities as needed.

• Bachelor’s Degree or equivalent experience.
• At least three years’ experience in third-party risk management, vendor management, or cyber risk fields.
• Strong understanding of cybersecurity principles and compliance frameworks.
• Excellent communication and collaboration skills.
• Experience with risk assessments and vendor platforms is a plus.

We value total wellbeing, offering competitive salaries, comprehensive benefits, flexible work, and various wellness programs. Details include health insurance, 401(k) match, stock purchase plans, paid time off, and more. Our benefits aim to support your personal and professional growth and community involvement.

We focus on what matters most—our people. Committed to diversity, inclusion, and career development, we celebrate different perspectives and foster an equitable environment. Join us in reimagining the future of work and markets.

We are proud to be an equal opportunity employer, celebrating diversity in race, religion, gender, and more. Compensation ranges are based on role, experience, and location, with specific geographic differentials listed. Your total rewards include salary, bonuses, benefits, and more, discussed during the hiring process.