Vice President, Information Security Risk and Control (CCO)

CLS Group•London, ENG EC1A, GB• Full Time

Posted 1 week ago• Business & Finance

Job Description

About CLS:

CLS is the trusted party at the centre of the global FX ecosystem. Utilized by thousands of counterparties, CLS makes FX safer, smoother and more cost effective. Trillions of dollars’ worth of currency flows through our systems each day.

Created by the market for the market, our unrivalled global settlement infrastructure reduces systemic risk and provides standardization for participants in many of the world’s most actively traded currencies. We deliver huge efficiencies and savings for our clients: in fact, our approach to multilateral netting shrinks funding requirements by over 96% on average, so clients can put their capital and resources to better use.

CLS products are designed to enable clients to manage risk most effectively across the full FX lifecycle – whether through more efficient processing tools or market intelligence derived from the largest single source of FX executed data available to the market.

Our ambition to make a positive difference starts with our people. Our values underpin everything that we do at CLS and define our working environment:

Pivotal purpose
Trusted guardian
Targeted innovation
Facilitate connections
Delivering excellence
Inclusive culture

Job information:

Functional title – VP, Information Security Risk and Control (CCO)
Department – Chief Controls Office
Corporate level - Vice President
Report to – Director, Technology Risk and Control
Location – London, on-site 2 days per week

What you will be doing:

This is an exciting opportunity for a talented individual to join our Chief Controls office (CCO), a dedicated first line risk and control function. This role has arisen due to the expansion of responsibilities, offering the successful candidate the opportunity to make an impact and actively contribute to the evolution of this function.

As part of the CCO team, you will play a key role:

Improving the oversight of non-financial risks, bringing risk and control subject matter expertise with specific focus on Information Security, to partner with 1LOD business owners to proactively identify, assess and mitigate risks.
Providing cross functional oversight across the first line, driving best practices and consistency in control standards for the effective control of Information Security risks to within risk appetite.
Driving behaviors to foster a risk-aware and risk intelligent culture where employees recognize their role as risk managers and the importance of the control framework.

The role would suit candidates with 2LOD/3LOD experience looking for an opportunity to move into 1LOD, or candidates with solid experience in 1LOD control/control remediation/validation in the Cyber/Information Security space.

The Information Security Risk & Control Vice President is a key member of the CCO team who will work closely with the Information Security department (part of the Technology division) in the oversight and validation of Information Security risk and controls. This includes but not limited to:

Strategic:

Develop and implement a consistent, effective and efficient approach to the management and oversight of Information Security risks and controls
Identify and deliver best practices in control standards across CLS
Lead Technology’s engagement with Audit, also key liaison with 2LOD Risk and Compliance

Operational:

Support the identification, assessment of Information Security risks and controls
Support in drafting/reviewing self identified issues (SII) and remediation plans from a risk/control lens to ensure risks are sufficiently assessed, addressed, consider design/operating effectiveness, strategic/tactical solutions etc
Support in drafting/reviewing corrective actions for Audit findings
Support in validating corrective actions for SII and Audit findings as it comes for closure before submission to 2LOD/Audit, Monitor and report to relevant governance bodies on the status of issue/actions.
Support in identifying, assessing and recording operational risk events for the security incidents
Contribute to risk appetite statements, emerging risks and regular assessment
Review KRIs to ensure meaningful metrics for management oversight, review/challenge breaches to understand root causes, consult on lessons learned exercises and work with business owners to develop a ‘path to green’ where appropriate
Consolidate and report on the results of risk and control activity to internal stakeholders, escalating as required

Leadership:

Support ad-hoc cross-Technology control initiatives where appropriate
Build strong relationships with peers to enable cross functional oversight, and develop and implement best practices.
Share knowledge and experience with other members of the team, driving consistency and ‘added value’
Establish positive working relationships with senior stakeholders across the business.

What we’re looking for:

Experience of Internal Audit engagement, controls remediation and audit validation either from a 1LOD ownership perspective or 2LOD/3LOD validation in the Cyber/Information Security domain.
Strong knowledge of Information Security Processes, Risks & Controls within Financial Services, and ability to demonstrate an understanding of key challenges and risks which must be mitigated and managed to enable successful delivery
Minimum of 5 years or more of experience in one of more of the following:
- Information Security Risk & Control Management
- Internal Audit
- 2nd Line of Defence
Knowledge of Financial Services, Financial Markets Utilities or another highly regulated industry sector is essential
Experience of regulatory engagement preferred.

Professional qualifications / certifications

Qualifications or Certifications in any of the following specialisms would be beneficial but not essential:

Risk Management (e.g., CRISC)
Internal Audit (e.g., CISA)
Information Security process governance (e.g., CISSP, CISM)
Compliance
Project Management

Our commitment to employees:

At CLS, we celebrate inclusion and consider this to be one of our strongest assets. We are committed to fostering an environment in which everyone feels comfortable to be who they are, and inclusion is valued. All employees have access to our inclusive benefits, including:

Holiday - UK/Asia: 25 holiday days and 3 ‘life days’ (in addition to bank holidays). US: 23 holiday days.
2 paid volunteer days so that you can actively support causes within your community that are important to you.
Generous parental leave policies to ensure you can enjoy valuable time with your family.
Parental transition coaching programmes and support services.
Wellbeing and mental health support resources to ensure you are looking after yourself, and able to support others.
Employee Networks (including our Women’s Forum, Black Employee Network and Pride Network) in support of our organisational commitment to embrace and always be learning more about inclusivity.
Hybrid working to promote a healthy work/life balance, enabling employees to work collaboratively in the office when needed and work from home when they don’t.
Active support of flexible working for all employees where possible.
Monthly ‘Heads Down Days’ with no meetings across the whole company.
Generous non-contributory pension provision for UK/Asia employees, and 401K match from CLS for US employees.
Private medical insurance and dental coverage.
Social events that give you opportunities to meet new people and broaden your network across the organisation.
Annual flu vaccinations.
Discounts and savings and cashback across a wide range of categories including health and retail for UK employees.
Discounted Gym membership – Complete Body Gym Discount/Sweat equity program for US employees.
All employees have access to Discover – our comprehensive learning platform with 1000+ courses from LinkedIn Learning.
Access to frequent development sessions on a number of topics to help you be successful and develop your career at CLS.