Director, Cyber and Information Risk Lead (Hiring Immediately)

About CLS:

CLS is the trusted party at the centre of the global FX ecosystem. Utilized by thousands of counterparties, CLS makes FX safer, smoother and more cost effective. Trillions of dollars’ worth of currency flows through our systems each day.

Created by the market for the market, our unrivalled global settlement infrastructure reduces systemic risk and provides standardization for participants in many of the world’s most actively traded currencies. We deliver huge efficiencies and savings for our clients: in fact, our approach to multilateral netting shrinks funding requirements by over 96% on average, so clients can put their capital and resources to better use.

CLS products are designed to enable clients to manage risk most effectively across the full FX lifecycle – whether through more efficient processing tools or market intelligence derived from the largest single source of FX executed data available to the market.

Our ambition to make a positive difference starts with our people. Our values underpin everything that we do at CLS and define our working environment:

• Pivotal purpose
• Trusted guardian
• Targeted innovation
• Facilitate connections
• Delivering excellence
• Inclusive culture

Job information:

• Functional title - Cyber and Information Risk Lead
• Department - Risk Management
• Corporate level - Director
• Report to - Head of Technology & Information Security Risk Management
• Location - London

What will you be doing:

Essential Function / major duties and responsibilities of the job

Strategic

• Risk Culture - Assist the Head of Technology and Information Security Risk Management and Head of Enterprise Risk and Operational Risk Management in driving the culture of engagement, teamwork and accountability.
• Risk Assessments – Work with the Information Security and Data Management teams to challenge risk assessments, and lead in efforts to strengthen the control environment in line with the evolving threat landscape.
• Enterprise and Operational Risk Management Framework - Support the CRO and Head of Enterprise Risk and Operational Risk Management in furthering the use and efficacy of the ERM and ORM framework while enhancing its applicability to manage information security and data management risk.

Operational

• Review and Credible Challenge – Provide review and credible challenge of information security and data management risk profile and associated framework components, e.g., risk and control self-assessments, control testing, event management, metrics and indicators, risk appetite, finding management, and reporting.
• Risk Oversight – Lead in executing oversight of information security and data management risks by performing the following:
  • Provide subject matter expertise to business units to drive, guide and influence risk ownership, clarity and assessment of risks & controls.
  • Review and monitor the progress of actions and validate appropriateness of closure evidence.
  • Document credible challenge of information security and data management risk appetite to support the Enterprise Risk management (ERM) program.
  • Regular review and challenge of key risk indicators including thresholds and applicability to risk appetite.
  • Prepare monthly and quarterly ORM/ERM reports and present to Technology Leadership, Audit, and regulatory bodies as required.
• Project Oversight – Lead in executing project oversight for information security and data management risks by performing the following:
  • Provide challenge of risk management of material information security and data management projects that may impact the firm’s risk profile.
  • Work with business partners to challenge the quality of the project inherent risk assessments and contribute to the independent risk review for projects.
  • Review project benefits and closure artifacts in preparation for transition to BAU.
• Governance – Actively present to various committees and forums to keep management educated on changes and challenges to CLS risk appetite.
• Relationship Management – Be a respected point of contact to stakeholders across the business and technology functions in providing credible operational risk coverage for information security and data management risk.

Leadership

• Mentorship – Provide guidance and support to junior members of the team.
• Lead projects in co-ordination with Operational Risk team to enhance the ORM framework and assist with implementation of best practices
• Interact with and / present to the Federal Reserve Bank of New York in regular continuous monitoring meetings
• Ability to influence and gain credibility with the business

What we are looking for:

· 7+ years of experience building, maintaining, and managing information security and data management risk governance, operations, and risk management functions.

· Broad-based technology experience at substantial scale and complexity in a global, highly regulated, high-volume transaction environment. Experience must include time operating within transaction services environments characterized by the need for continuous availability and the highest levels of security.

· Experienced developing and managing Enterprise and Operational Risk programs related to information security and data management, including implementing risk and control frameworks in accordance with best practices and Basel requirements.

· Experienced leading in a complex matrixed organization, ideally in a global firm with a dynamic and rapidly changing environment.

· Experienced leading within a highly regulated environment, with a preference for experience at the international and federal levels.

· Deep knowledge of information security and data management risk and control frameworks and a strong understanding of policies, procedures, guidelines, and structure.

· Functional expertise, with operational knowledge of and exposure to various current and emerging information security and data management areas such as:

Professional qualifications / certifications

· B.S. in a technology discipline (Computer Science, Information Management, Computer Engineering, Cybersecurity or equivalent). M.S. desired.

· Relevant certification is desirable, e.g., CISSP, CISM, CISA, CRISC.

· Working knowledge of information security and data management life cycles based on an established framework: CRI, NIST CSF, NIST SP 800-53, ORX, ISO 27001, SANS, CERT, ENISA, CSA, OACA, ISACA, DAMA-DMBOK.

· Proficiency in MS PowerPoint and Excel.

· Experience in broader MS Office suite, including Project and Visio is a plus

· Experience with enterprise GRC tools, e.g. Archer is a plus

&nbsp]]> <