Vice President, Cyber and Information Risk, Independent Risk Review Specialist
About CLS:
CLS is the trusted party at the centre of the global FX ecosystem. Utilized by thousands of counterparties, CLS makes FX safer, smoother and more cost effective. Trillions of dollars’ worth of currency flows through our systems each day.
Created by the market for the market, our unrivalled global settlement infrastructure reduces systemic risk and provides standardization for participants in many of the world’s most actively traded currencies. We deliver huge efficiencies and savings for our clients: in fact, our approach to multilateral netting shrinks funding requirements by over 96% on average, so clients can put their capital and resources to better use.
CLS products are designed to enable clients to manage risk most effectively across the full FX lifecycle – whether through more efficient processing tools or market intelligence derived from the largest single source of FX executed data available to the market.
Our ambition to make a positive difference starts with our people. Our values underpin everything that we do at CLS and define our working environment:
- Pivotal purpose
- Trusted guardian
- Targeted innovation
- Facilitate connections
- Delivering excellence
- Inclusive culture
Job information:
- Functional title - Cyber and Information Risk, Independent Risk Review Manager
- Department - Risk Management
- Corporate level - VP
- Report to - Cyber and Information Risk, Independent Risk Review Lead
- Location - London
What you will be doing:
The Cyber and Information Risk Independent Risk Review Manager is responsible for independent reviews of the efficacy of CLS’ Information Security and Data Management programs, including review and challenge of large-scale risk remediation efforts. The successful candidate will provide review and credible challenge of the effectiveness of information security and data management processes and controls in mitigating key risks to the firm. This position is highly engaged with the firm-wide Information Security and Data Management teams who provide security and data management solutions as well as corporate departments that own information security and data management risks.
Essential Function / major duties and responsibilities of the job
- Independent Reviews –
- Execute horizontal reviews of top information security risks, identifying gaps in control coverage and recommending control improvements to address identified gaps.
- Complete thematic reviews of information security and data management operational risk events and associated proposed actions to propose control enhancements that reduce risk of recurrence.
- Work with the Information Security and Data Management teams to review control capabilities against industry standards and lead efforts to strengthen the control environment in line with the evolving threat landscape.
- Review and challenge actions to address gaps, monitor progress of actions, and validate sufficiency of closure evidence.
- Prepare status reports as needed and present to Technology Leadership, Audit, and regulatory bodies as required.
- Risk Remediation Oversight –
- Review and challenge the sufficiency of planned actions to address identified problems, provide stated benefits, and meet regulatory expectations.
- Review and monitor the progress of actions and validate sufficiency of closure evidence.
- Prepare status reports as needed and present to Technology Leadership, Audit, and regulatory bodies as required.
- Governance – Actively present to various committees and forums to keep management educated on status of independent reviews, challenges to risk remediation efforts, and progress on control improvements.
- Relationship Management – Be a respected point of contact to stakeholders across the business and technology functions in providing credible operational risk coverage for information security and data management risk.
- Policy & Procedures – Review and challenge relevant policies, standards, and procedures related to CLS information security and data management processes.
Leadership
- Mentorship – Provide guidance and support to junior members of the team.
- Ability to influence and gain credibility with the business
What we're Looking for:
· 5+ years of experience specifically related to information security and data management risk governance, operations, and risk management functions.
· Broad-based technology experience at substantial scale and complexity in a global, highly regulated, high-volume transaction environment. Experience must include time operating within transaction services environments characterized by the need for continuous availability and the highest levels of security.
· Experienced working in a complex matrixed organization, ideally in a global firm with a dynamic and rapidly changing environment.
· Experienced operating within a highly regulated environment, with a preference for experience at the international and federal levels.
· Deep knowledge of information security and data management risk and control frameworks and a strong understanding of related policies, procedures, guidelines, and structure.
· Functional expertise, with operational knowledge of and exposure to various current and emerging information security and data management areas such as:
v Cyber resilience
v Identity & privileged access management
v Secure coding practices
v Cloud security configuration and control frameworks
v Network security
v Third-party risk management
v Incident response
v Threat/vulnerability management
v Security architecture
v Data governance
v Data quality
v Data architecture/lineage
Professional qualifications / certifications
· B.S. in a technology discipline (Computer Science, Information Management, Computer Engineering, Cybersecurity or equivalent). M.S. desired.
· Relevant certification is desirable, e.g., CISSP, CISM, CISA.
· Working knowledge of information security and data management life cycles based on an established framework: CRI, NIST CSF, NIST SP 800-53, ORX, ISO 27001, SANS, CERT, ENISA, CSA, OACA, ISACA, DAMA-DMBOK.
· Proficiency in MS PowerPoint and Excel.
· Experience in broader MS Office suite, including Project and Visio is a plus
· Experience with enterprise GRC tools, e.g. Archer is a plus
Knowledge, skills, and abilities / competencies required for successful job performance
To carry out the duties of the position effectively, the individual will need to possess the following attributes:
· Judgement and decision making
· Communication & Influence
· Teamwork & Professionalism
· Able to work independently, as required
Success factors / ‘How’. Personal characteristics contributing to an individual’s ability to excel in the position
· Possess strong technical, analytical, and problem-solving skills.
· Provide thought leadership while willing and able to individually contribute to finding solutions.
· Self-motivated to exceed management expectations and objectives.
· Clearly communicate complex technical issues to both business and technical staff at all levels.
· Able to keep organized and detailed documentation.
· Confidence to effectively challenge points of view regardless of seniority or corporate title.
· Professionalism to seek out and embrace diversity of thought and experience.
· Strong collaboration skills to tackle complex security challenges that may span across multiple internal and external departments and groups.
· Able to effectively cope with change and comfortably handle risk and ambiguity.
· Tenacious resolve and positive attitude in challenging situations.
Our commitment to employees:
At CLS, we celebrate inclusion and consider this to be one of our strongest assets. We are committed to fostering an environment in which everyone feels comfortable to be who they are, and inclusion is valued. All employees have access to our inclusive benefits, including:
- Holiday - UK/Asia: 25 holiday days and 3 ‘life days’ (in addition to bank holidays). US: 23 holiday days.
- 2 paid volunteer days so that you can actively support causes within your community that are important to you.
- Generous parental leave policies to ensure you can enjoy valuable time with your family.
- Parental transition coaching programmes and support services.
- Wellbeing and mental health support resources to ensure you are looking after yourself, and able to support others.
- Employee Networks (including our Women’s Forum, Black Employee Network and Pride Network) in support of our organisational commitment to embrace and always be learning more about inclusivity.
- Hybrid working to promote a healthy work/life balance, enabling employees to work collaboratively in the office when needed and work from home when they don’t.
- Active support of flexible working for all employees where possible.
- Monthly ‘Heads Down Days’ with no meetings across the whole company.
- Generous non-contributory pension provision for UK/Asia employees, and 401K match from CLS for US employees.
- Private medical insurance and dental coverage.
- Social events that give you opportunities to meet new people and broaden your network across the organisation.
- Annual flu vaccinations.
- Discounts and savings and cashback across a wide range of categories including health and retail for UK employees.
- Discounted Gym membership – Complete Body Gym Discount/Sweat equity program for US employees.
- All employees have access to Discover – our comprehensive learning platform with 1000+ courses from LinkedIn Learning.
- Access to frequent development sessions on a number of topics to help you be successful and develop your career at CLS.
Sponsored
