Vice President, Information Security Risk and Control (CCO)

About CLS:

CLS is the trusted party at the centre of the global FX ecosystem. Utilized by thousands of counterparties, CLS makes FX safer, smoother and more cost effective. Trillions of dollars’ worth of currency flows through our systems each day.

Created by the market for the market, our unrivalled global settlement infrastructure reduces systemic risk and provides standardization for participants in many of the world’s most actively traded currencies. We deliver huge efficiencies and savings for our clients: in fact, our approach to multilateral netting shrinks funding requirements by over 96% on average, so clients can put their capital and resources to better use.

CLS products are designed to enable clients to manage risk most effectively across the full FX lifecycle – whether through more efficient processing tools or market intelligence derived from the largest single source of FX executed data available to the market.

Our ambition to make a positive difference starts with our people. Our values – Protect, Improve, Grow – underpin everything that we do at CLS and define and shape a supportive and inclusive working environment in which everyone is encouraged to be open and forward-thinking

Job information:

• Functional title – Information Security Risk and Control (CCO)
• Department – Chief Controls Office
• Corporate level - Vice President
• Report to – Director, Technology Risk and Control
• Location – Iselin, New Jersey, on-site 2 days per week
• Expected full-time salary range between $160,000 - $190,000 + variable compensation + 401(k) match + benefits.

Note: Disclosure as required by NY Pay Transparency Law of the expected salary compensation range for this role.

What you will be doing:

This is an exciting opportunity for a talented individual to join our Chief Controls office (CCO), a dedicated first line risk and control function. This role has arisen due to the expansion of responsibilities, offering the successful candidate the opportunity to make an impact and actively contribute to the evolution of this function.

As part of the CCO team, you will play a key role:

• Improving the oversight of non-financial risks, bringing risk and control subject matter expertise with specific focus on Information Security, to partner with 1LOD business owners to proactively identify, assess and mitigate risks.
• Providing cross functional oversight across the first line, driving best practices and consistency in control standards for the effective control of Information Security risks to within risk appetite.
• Driving behaviors to foster a risk-aware and risk intelligent culture where employees recognize their role as risk managers and the importance of the control framework.

The role would suit candidates with 2LOD/3LOD experience looking for an opportunity to move into 1LOD, or candidates with solid experience in 1LOD control/control remediation/validation in the Cyber/Information Security space.

The Information Security Risk & Control Vice President is a key member of the CCO team who will work closely with the Information Security department (part of the Technology division) in the oversight and validation of Information Security risk and controls. This includes but not limited to:

Strategic:

• Develop and implement a consistent, effective and efficient approach to the management and oversight of Information Security risks and controls
• Identify and deliver best practices in control standards across CLS
• Lead Technology’s engagement with Audit, also key liaison with 2LOD Risk and Compliance

Operational:

• Support the identification, assessment of Information Security risks and controls
• Support in drafting/reviewing self-identified issues (SII) and remediation plans from a risk/control lens to ensure risks are sufficiently assessed, addressed, consider design/operating effectiveness, strategic/tactical solutions etc
• Support in drafting/reviewing corrective actions for Audit findings
• Support in validating corrective actions for SII and Audit findings as it comes for closure before submission to 2LOD/Audit, Monitor and report to relevant governance bodies on the status of issue/actions.
• Support in identifying, assessing and recording operational risk events for the security incidents
• Contribute to risk appetite statements, emerging risks and regular assessment
• Review KRIs to ensure meaningful metrics for management oversight, review/challenge breaches to understand root causes, consult on lessons learned exercises and work with business owners to develop a ‘path to green’ where appropriate
• Consolidate and report on the results of risk and control activity to internal stakeholders, escalating as required

Leadership:

• Support ad-hoc cross-Technology control initiatives where appropriate
• Build strong relationships with peers to enable cross functional oversight and develop and implement best practices.
• Share knowledge and experience with other members of the team, driving consistency and ‘added value’
• Establish positive working relationships with senior stakeholders across the business.

What we’re looking for:

• Experience of Internal Audit engagement, controls remediation and audit validation either from a 1LOD ownership perspective or 2LOD/3LOD validation in the Cyber/Information Security domain.
• Strong knowledge of Information Security Processes, Risks & Controls within Financial Services, and ability to demonstrate an understanding of key challenges and risks which must be mitigated and managed to enable successful delivery
• Minimum of 5 years or more of experience in one of more of the following:
• Information Security Risk & Control Management
• Internal Audit
• 2nd Line of Defence
• Knowledge of Financial Services, Financial Markets Utilities or another highly regulated industry sector is essential
• Experience of regulatory engagement preferred.

Professional qualifications / certifications

Qualifications or Certifications in any of the following specialisms would be beneficial but not essential:

• Risk Management (e.g., CRISC)
• Internal Audit (e.g., CISA)
• Information Security process governance (e.g., CISSP, CISM)
• Compliance
• Project Management

Our commitment to employees:

We are a small company with a big mandate, so every person is essential to our success. We are also committed to employing and retaining the most talented and dedicated people.

What makes us interesting goes beyond our competitive salaries and great benefits. Our work environment is designed around quality outcomes, not output. The FX market would cease to function without our services, and we take pride in being responsible for keeping it running smoothly.

We are different from other financial institutions in that we have a flatter and more transparent structure with accessible leadership. You will be seen, heard and empowered to develop your career.

We are a purpose-driven organization, with an inclusive culture that focuses on doing what is right. The well-being of our people is as important to us as the resilience of our systems. In addition to encouraging our people to ‘locate for their day,’ we run a range of initiatives that support employees’ sense of belonging and physical, emotional and mental well-being.

Our extensive benefits for employees typically include:

• Vacation/annual leave: 25 days in UK/Asia + 3 life days, 23 in US + 3 life days
• Private medical and dental cover and life insurance
• Generous pension contributions in the UK and Asia; matching 401(k) in the US
• Paid volunteer days
• ‘Locate for your day’ hybrid working – 2 days a week in office.
• Access to Discover – our learning platform with 1000+ courses from LinkedIn Learning.
• Paid parental leave / Coaching and support services
• Career development / LinkedIn Learning
• ‘Heads down days’ with no meetings on the last Friday of every month
• Wellbeing / Mental health support
• Diversity Council / Affinity groups (Women’s Forum, Black Employee Network, Pride Network, Parents & Caregivers Network, Sustainability Network)
• Social events

Awards:

• The Sunday Times Best Places to Work 2023 & 2024 / Big Company / The Sunday Times Awards
• Third place in Britain’s Healthiest Workplace 2022 / Medium Company / Vitality Awards