Security Control and Awareness Analyst

Job Description

DRW is a diversified trading firm with over 3 decades of experience bringing sophisticated technology and exceptional people together to operate in markets around the world. We value autonomy and the ability to quickly pivot to capture opportunities, so we operate using our own capital and trading at our own risk. 

Headquartered in Chicago with offices throughout the U.S., Canada, Europe, and Asia, we trade a variety of asset classes including Fixed Income, ETFs, Equities, FX, Commodities and Energy across all major global markets. We have also leveraged our expertise and technology to expand into three non-traditional strategies: real estate, venture capital and cryptoassets. 

We operate with respect, curiosity and open minds. The people who thrive here share our belief that it’s not just what we do that matters–it's how we do it. DRW is a place of high expectations, integrity, innovation and a willingness to challenge consensus.  

We are seeking a Security Control and Awareness Analyst to join to the team. This individual will be responsible for the following: 

  • Driving internal security control efforts including: documenting DRW security controls, validating DRW controls are operating as designed via manual and automated testing, and documenting and tracking control gaps, remediation efforts, etc.
  • Driving training and awareness efforts including: phishing similations, periodic training, periodic knowledge assessments, creating regular security awareness updates, and acting as a resource for DRW staff and families for security awareness related matters.

Minimum qualifications: 

  • 2-3+ years' experience in security control testing, internal audit, InfoSec consulting, or similar.
  • Ability to work with control / process owners to discuss the technical and administrative nature of controls.
  • Familiarity with control frameworks such as ISO, NIST, CIS, CSA, etc.
  • Ability to execute independently, not afraid to ask questions and dig deeper when things are unclear; ability to handle ambiguity and propose solutions / new ideas.
  • Knowledge of control testing methodologies (manual, automated) and best practices.
  • Proactive learner who seeks to consistently enhance their knowledge and understanding of cybersecurity news and best practices
  • Desire to enhance and drive forward security culture.
  • Familiarity with cloud controls and tools.

Nice to have's: 

  • CISA, CRISC, CISSP or other related certification.
  • Familiarity with GRC tools such as Archer, LogicGate, OneTrust, etc. 
  • Experience with security training and awareness programs.
  • Cloud certifications (AWS, Azure, GCP).

For more information about DRW's processing activities and our use of job applicants' data, please view our Privacy Notice at

California residents, please review the California Privacy Notice for information about certain legal rights at