Systems Risk Analyst

Washington, D.C
Oct 23, 2020
Oct 24, 2020
Full Time


This position is located in the Compliance Branch of the Division of Market Oversight (DMO). The mission of the Division of Market Oversight (DMO) is to foster open, transparent, fair, competitive and secure markets through clear rules and effective oversight of derivatives markets and market participants. DMO seeks to be the world's foremost authority on the rapidly evolving derivatives markets.
Learn more about this agency


At the full performance level, you will use knowledge of information technology (IT) concepts, standards, guidelines, and best practices regarding system safeguards and security control reviews to participate in conducting the CFTC's oversight of compliance by Designated Contract Markets (DCMs), Swap Data Repositories (SDRs), and Swap Execution Facilities (SEFs) with the system safeguards requirements of the Commodity Exchange Act (Act) and CFTC regulations. [TD1]

As a team member, you will participate significantly in Systems Safeguards Examinations (SSEs) of all DCMs, SDRs, and SEFs, to evaluate the reliability, cyber and physical security, adequate scalable capacity, internal oversight, and testing of their automated trading and data reporting systems, as well as their emergency procedures, backup facilities, and disaster recovery plans.

SSEs focus on seven risk oversight program areas, including: (1) Enterprise risk management and governance; (2) Information security; (3) Business continuity and disaster recovery; (4) Capacity and performance planning; (5) Systems operations; (6) Systems development and quality assurance; and (7) Physical security and environmental controls. In this work, you will:
  • Conduct review of documents provided by the DCM, SDR, or SEF examined;
  • Participate at a significant level in conducting extended on-site interviews with regulatee senior management and technical staff;
  • Apply substantial knowledge of risk oversight, IT principles, appropriate controls and procedures, and best practices for automated systems to the analysis of information developed in the course of the SSE;
  • Participate in MCP staff determination of appropriate findings and recommendations;
  • Participate in drafting detailed reports of MCP findings and recommendations;
  • Participate in communicating findings and recommendations to senior management and technical staff of the DCM, SOR, or SEF examined; and
  • Engage at a significant level in MCP staff assessment of the efficacy and timeliness of corrective action taken by the DCM, SDR, or SEF.
  • You will also participate at a significant level in MCP monitoring and response to system disruption notifications from entities regulated by the Commission, and to cyber security or business continuity and disaster recovery incidents or threats affecting regulated entities. In this role, the Analyst also helps to prepare briefings for Commissioners and senior staff regarding the disruption, incident, or threat, and the mitigation steps being taken.

Travel Required

25% or less - Occasional Travel

Supervisory status

Promotion Potential


Conditions of Employment

  • U.S. Citizenship
  • Background/Security Investigation
  • Males born after 12-31-1959 must be registered for Selective Service
  • Time in Grade

You will be evaluated on the basis of your level of competency (knowledge, skills and abilities) in the following areas:
  • Information Technology Architecture - Knowledge of an electronic trading environment's systems and network architecture in order to assess the effectiveness of redundancy, security controls and extensibility and to understand the characteristics and interrelationships between systems within this environment.
  • Technical Competence - Ability to plan, schedule, and manage technical projects.
  • Written and Oral Communication - Ability to communicate in a clear, concise and effective manner, both orally and in writing, in order to prepare reports that document analysis, findings, and conclusions.


CT-13 Level: To qualify for the CT-13 level you must meet the Selective Placement Factor listed below and have at least one year of specialized experience equivalent to the next lower grade (GS/CT-12 level).

Specialized experience is defined as experience independently applying knowledge of IT concepts, standards, guidelines, and techniques regarding system safeguards and security control reviews; experience in oversight of compliance on system safeguards of DCMs, SDRs, and SEFs (or comparable entitities); experience in evaluating the reliability, cyber and physical security, scalable capacity, internal oversight, and testing of automated trading and data reporting systems; and experience in evaluating DCM, SDR, and SEF emergency procedures, backup facilities, and disaster recovery plans.

Selective Placement Factor: Applicants must have experience using information security principles to protect the confidentiality, integrity, and availability of systems and its information.

One or more professional certifications in the following system safeguards and IT field are highly desired:
  • Certified Information Systems Security Professional (CISSP);
  • Certified Information Systems Auditor (CISA);
  • Certified Business Continuity Professional (CBCP);
  • Certified Data Center Professional (CDCP);
  • Certified in the Governance of Enterprise IT (COEIT);
  • Systems Security Certified Practitioner (SSCP);
  • Certified Authorization Professional (CAP);
  • Certified Security Software Lifecycle Professional (CSSLP);
  • Certified Internal Auditor (CIA);
  • Certified Information Security Manager (CISM);
  • Certified in Risk and Information Systems Control (CRISC);
  • Certified Functional Continuity Professional (CFCP);
  • Master Business Continuity Professional (MBCP);
  • Business Continuity Certified Planner (BCCP);
  • Business Continuity Certified Lead Auditor (BCCLA);
  • Disaster Recovery Certified Specialist (DRCS).


Additional information

Relocation. Relocation expenses will not be paid.

Time in Grade. Must meet time in grade requirements within 30 days of the closing date of this announcement.

EEO Policy Statement. The United States Government does not discriminate in employment on the basis of race, color, religion, sex, national origin, genetic information, political affiliation, sexual orientation, marital status, disability, age, membership in an employee organization, or other non-merit factor.

Reasonable Accommodation. Federal agencies must provide reasonable accommodation to applicants with disabilities where appropriate. Applicants requiring reasonable accommodation for any part of the application and hiring process should contact the hiring agency directly. Determinations on requests for reasonable accommodation will be made on a case-by-case basis.

Career Transition Assistance Program (CTAP).Provides eligible surplus and displaced competitive service employees in the CFTC with selection priority over other candidates for competitive service vacancies. If CFTC has notified you in writing that you are a surplus or displaced employee eligible for CTAP consideration, you may receive selection priority if: 1) this vacancy is within your CTAP eligibility, 2) you apply under the instructions in this announcement, and 3) you are found well-qualified for this vacancy. To be well qualified, you must rate equivalent to the Well Qualified or better category using established rating criteria. You must provide a copy of your written notification of CTAP eligibility with your application. Additional information about CTAP eligibility is at: .

The law prohibits public officials from appointing, promoting, or recommending their relatives. The law prohibits requesting, making, transmitting, accepting, or considering political recommendations for employment or other personnel actions for non-political positions. This includes recommendations from Members of Congress, Congressional employees, elected state or local officials, and political party officials and any recommendation based on party affiliation.

How You Will Be Evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

Selective Placement Factor: This position requires a special qualification that has been determined to be essential to perform the duties of the position and will be used as a screen out element. If the selective placement factor experience is not documented in your resume you will not receive further consideration under this announcement. In addition to the specialized experience requirement this position has the following selective placement factor(s)

Applicants must have experience using information security principles to protect the confidentiality, integrity, and availability of systems and its information.

Your resume and supporting documentation will be used to determine whether you meet the job qualifications listed on this announcement. If you are minimally qualified for this job, your resume and supporting documentation will be compared to your responses on the online assessment questionnaire. If you rate yourself higher than is supported by your application materials, your responses may be adjusted and/or you may be excluded from consideration for this job. If you are found to be among the top candidates, you will be referred to the selecting official for employment consideration.

To preview questions please click here .

Background checks and security clearance

Security clearance
Not Required

Drug test required

Required Documents

You must provide a complete Application Package, which includes:
  • Resume showing relevant experience (cover letter optional).
  • Answers to the occupational questionnaire (vacancy announcement questions).
  • SF-50, Notification of Personnel Action, which shows career or career-conditional tenure.
  • Most recent performance appraisal.

If you are relying on your education to meet qualification requirements:

Education must be accredited by an accrediting institution recognized by the U.S. Department of Education in order for it to be credited towards qualifications. Therefore, provide only the attendance and/or degrees from schools accredited by accrediting institutions recognized by the U.S. Department of Education .

Failure to provide all of the required information as stated in this vacancy announcement may result in an ineligible rating or may affect the overall rating.

Similar jobs