GBBC Member Careers

Information Security Risk Management Lead

CLS Group

CLS Group

New York, NY, USA
Posted on Thursday, May 11, 2023

About CLS

CLS is the trusted party at the centre of the global FX ecosystem. Utilized by thousands of counterparties, CLS makes FX safer, smoother and more cost effective. Trillions of dollars’ worth of currency flows through our systems each day.

Created by the market for the market, our unrivalled global settlement infrastructure reduces systemic risk and provides standardization for participants in many of the world’s most actively traded currencies. We deliver huge efficiencies and savings for our clients: in fact, our approach to multilateral netting shrinks funding requirements by over 96% on average, so clients can put their capital and resources to better use.

CLS products are designed to enable clients to manage risk most effectively across the full FX lifecycle – whether through more efficient processing tools or market intelligence derived from the largest single source of FX executed data available to the market.

Our ambition to make a positive difference starts with our people. Our values – Protect, Improve, Grow – underpin everything that we do at CLS and define and shape a supportive and inclusive working environment in which everyone is encouraged to be open and forward-thinking.


CLS helps clients navigate the changing FX marketplace – reducing risk and creating efficiencies. Our extensive network and deep market intelligence enable CLS specialists to lead the development of standardized solutions to real market problems. Our innovative, forward-looking products make the trading process faster, easier, safer

and more cost-effective – empowering our clients’ success.

Functional title

Information Security Risk Management Lead


New York / New Jersey

Corporate title

Level 2

Report to

Head of Information Security Risk Management



No. of direct reports


Job purpose

The Information Security Risk Management Lead is a key member of the Risk Management team and is responsible for leading the implementation of the Enterprise and Operational Risk Management frameworks designed by CLS to identify, measure, monitor and mitigate information security risks. The successful candidate serves as a second set of eyes to management to provide review and credible challenge of the effectiveness of information security processes and controls. This position is highly engaged with the firm-wide Information Security teams who provide security solutions as well as all corporate departments that own information security risk.

Essential Function / major duties and responsibilities of the job


  • Risk Culture - Assist the CRO, and head of Enterprise Risk and Operational Risk Management in driving the culture of engagement, teamwork and accountability.
  • Risk Assessments – Collaborate with the Information Security teams to conduct risk assessments and lead in efforts to strengthen the control environment.
  • Process Improvements – Collaborate with the Information Security teams to identify trends and shape discussions leading to process improvements to mitigate information security risks at CLS to targeted levels.
  • Operational Risk Management Framework - Support CRO, and head of Enterprise Risk and Operational Risk Management in establishing and communicating the organization’s ORM Framework driving the efficacy of the information security risk management program


  • Review and Credible Challenge – Partner with Information Security teams to lead the review and credible challenge of the information security risk profile and all associated framework components, e.g., risk and control self-assessments, control testing, incident management, metrics and indicators, risk appetite, finding management, and reporting.
  • Risk Oversight – Lead in executing oversight of information security risks by performing the following:
    • Provide subject matter expertise to business units to drive, guide and influence risk ownership, clarity and assessment of risks & controls
    • Review and monitor the progress of actions and validate appropriateness of closure evidence
    • Thematic review of incidents and associated proposed actions to address root cause
    • Document credible challenge of risk appetite assessment quarterly to support the Enterprise Risk management (ERM) program
    • Annual review and assessment of key risk indicators including thresholds, risk taxonomy
    • Prepare monthly and quarterly ORM/ERM reports and present these to Information Security Management
  • Project Oversight – Lead in executing project oversight for information security risks by performing the following:
    • Develop and manage risk framework for challenging major information security projects that may impact the firm risk profile
    • Work with business partners to challenge the quality of the project inherent risk assessments (PIRA) completed and contribute to the independent risk review for projects.
  • Governance – Actively present to various committees and forums to keep management educated on changes to CLS risk appetite.
  • Relationship Management – Be a respected point of contact to stakeholders across the business and technology functions in providing operational risk coverage for information security risk.
  • Advisory Services – Be a trusted advisor and provide effective challenge to stakeholders on the evolving cybersecurity and technology risk landscape.
  • Policy & Procedures - Maintain and oversee relevant policies, standards, and procedures related to CLS security processes.


  • Mentorship – Provide guidance and support to junior members of the team.
  • Assist the CRO, and head of Enterprise Risk and Operational Risk Management with implementation and sustainability of Risk framework
  • Lead projects in co-ordination with Operational Risk team to enhance the ORM framework and assist with implementation of best practices
  • Interact with and / present to the Federal Reserve Bank of New York in regular continuous monitoring meetings
  • Ability to partner, influence, and gain credibility with the business

Experience / essential and desired for successful job performance

· 10+ years of experience specifically related to information security governance, operations, and risk management.

· Broad-based technology experience at substantial scale and complexity in a global, highly regulated, high-volume transaction environment. Experience must include time operating within transaction services environments characterized by the need for continuous availability and the highest levels of security.

· Experience with developing and managing Operational Risk programs, establishing framework and on-going process in accordance with best practices and Basel requirements.

· Comfortable leading in a complex matrixed organization, ideally in a global firm with a dynamic and rapidly changing environment.

· Experience leading within a highly regulated environment, with a preference for experience at the international and federal levels. Deep knowledge of policy frameworks and a strong understanding of policies, procedures, guidelines, and structure.

· Functional expertise, with operational knowledge of and exposure to various current and emerging information security areas such as:

v Cyber resilience

v Identity & privileged access management

v Secure coding practices

v Cloud security configuration and control frameworks

v Network security

v Third-party risk management

v Incident response

v Threat/vulnerability management

v Security architecture

Qualifications / certifications

· B.S. in a technology discipline (Computer Science, Information Management, Computer Engineering, Cybersecurity or equivalent).

· Relevant certification is desirable, e.g., CISSP, CISM, CISA.

· Working knowledge of Risk Management life cycles based on an established framework: NIST CSF, NIST SP 800-53, ISO 27001, SANS, CERT, ENISA, CSA, OACA, ISACA.

· Proficiency in MS PowerPoint and Excel.

· Experience in broader MS Office suite, including Project and Visio is a plus

· Experience with enterprise GRC tools, e.g. Archer is a plus

Knowledge, skills, and abilities / competencies required for successful job performance

To carry out the duties of the position effectively, the individual will need to possess the following attributes:

· Judgement and decision making

· Communication & Influence

· Teamwork & Professionalism

· Able to work independently, as required

Success factors / ‘How’. Personal characteristics contributing to an individual’s ability to excel in the position

Risk Management

1. Takes personal responsibility and accountability for solving ORM related problems to meet organizational standards

2. Identifies and appropriately manages/escalates potential risks

3. Assist business partners with their identification of process / control related issues.

Judgement and Decision Making

4. Makes decisions that have moderate and at times high impact within a function, producing positive or negative effect for efficiencies, delays, and contribute to financial gain or expense

5. Contributes significantly to achieving cross-functional, consensus driven decisions by engaging and influencing others

Work Complexity and Innovation

6. Manages work guided by established policies; and regularly establishes new procedures and policies as required

7. Drives innovative solutions that contribute to the success of the department and/or viability of the organization

Communication and Influence

8. Delivers, directs, and facilitates communication amongst the function and to business functions

9. Resolves conflicts, influences outcomes on matters of significance for the division


10. Identifies opportunities to improve the effectiveness or efficiency of key processes within a function and/or across functions

Teamwork and Professionalism

11. Builds strong relationships across the organization

12. Drives teamwork and cooperation with others to arrive at consensus driven decisions

13. Demonstrates the CLS values, superior professionalism and ethical conduct

Personal Effectiveness

14. Adapts to unexpected changes in circumstances and re-prioritizes the team's approach and activities

15. Plans and prioritizes, establishing a course of action leading to successful achievement of the team's objectives

16. Designs and implements new working practices and structures which deliver improvements for the team

· Possess strong technical, analytical, and problem-solving skills.

· Provide thought leadership while willing and able to individually contribute to finding solutions.

· Self-motivated to exceed management expectations and objectives.

· Clearly communicate complex technical issues to both business and technical staff at all levels.

· Able to keep organized and detailed documentation.

· Confidence to effectively challenge points of view regardless of seniority or corporate title.

· Professionalism to seek out and embrace diversity of thought and experience.

· Strong collaboration skills to tackle complex security challenges that may span across multiple internal and external departments and groups.

· Able to effectively cope with change and comfortably handle risk and ambiguity.

· Tenacious resolve and positive attitude in challenging situations.

xpected full-time salary range between $160,000 - $200,000 + variable compensation + 401(k) match + benefits.*Note: Disclosure as required by NY Pay Transparency Law of the expected salary compensation range for this role

Our commitment to employees

At CLS, we celebrate diversity and consider this to be one of our strongest assets. We are committed to fostering an environment in which everyone feels comfortable to be who they are, and inclusion is valued. All employees have access to our inclusive benefits, including:

  • Holiday - UK/Asia: 25 holiday days and 3 ‘life days’ (in addition to bank holidays). US: 23 holiday days.
  • 2 paid volunteer days so that you can actively support causes within your community that are important to you.
  • Generous parental leave policies to ensure you can enjoy valuable time with your family.
  • Parental transition coaching programmes and support services.
  • Wellbeing and mental health support resources to ensure you are looking after yourself, and able to support others.
  • Affinity Groups (including our Women’s Forum, Black Employee Network and Pride Network) in support of our organisational commitment to embrace and always be learning more about DE&I.
  • Hybrid working to promote a healthy work/life balance, enabling employees to work collaboratively in the office when needed and work from home when they don’t.
  • Active support of flexible working for all employees where possible.
  • Monthly ‘Heads Down Days’ with no meetings across the whole company.
  • Generous non-contributory pension provision for UK/Asia employees, and 401K match from CLS for US employees.
  • Private medical insurance and dental coverage.
  • Social events that give you opportunities to meet new people and broaden your network across the organisation.
  • Annual flu vaccinations.
  • Discounts and savings and cashback across a wide range of categories including health and retail for UK employees.
  • Discounted Gym membership – Complete Body Gym Discount/Sweat equity program for US employees.
  • All employees have access to Discover – our comprehensive learning platform with 1000+ courses from LinkedIn Learning.
  • Access to frequent development sessions on a number of topics to help you be successful and develop your career at CLS.