Job Description

May 19, 2023

Employee

CLS helps clients navigate the changing FX marketplace – reducing risk and creating efficiencies. Our extensive network and deep market intelligence enable CLS specialists to lead the development of standardized solutions to real market problems. Our innovative, forward-looking products make the trading process faster, easier, safer

and more cost-effective – empowering our clients’ success.

Functional title

Technology Risk Management Lead

Location

New York, New Jersey, London

Corporate title

Technology Risk Management Lead

Report to

Head of Technology & Information Security Risk Management (TISRM)

Department

TISRM

No. of direct reports

3

Job purpose

The Technology Risk Management Lead is a key member of the Risk Management team and is responsible for leading the implementation of the Enterprise and Operational Risk Management frameworks designed by CLS to identify, measure, monitor and mitigate technology risks. The successful candidate serves as a second set of eyes to management to provide review and credible challenge of the effectiveness of technology management processes and controls. This position is highly engaged with the firm-wide Technology teams who provide technology solutions as well as all corporate departments that own technology risk.

Essential Function / major duties and responsibilities of the job

Strategic

· Mature the firm’s technology risk program by developing a universe of technology risks based on organizational analysis, regulatory exposure, industry factors and strategic priorities by articulating framework requirements through policy and procedures utilizing industry best practice

· Support CRO, and head of Enterprise Risk Management and Operational Risk in establishing and communicating the organization’s ORM Framework driving the efficacy of the technology risk management program

· Identify trends and shape discussions leading to process improvements mitigating operational risks at CLS

· Embed risk framework throughout the organization via projects, programs and business processes to improve risk culture throughout the firm

Operational

· Lead a team of technology risk professionals in executing oversight of technology risks in projects

o Provide subject matter expertise to business units to drive, guide and influence the 1st Line ownership, clarity and assessment of technology risks & controls

o Assess and challenge technology risks & evaluate IT risk indicators

o Prioritize IT monitoring activities & prioritize and align technology audit activities

o Review and monitor the progress of actions and validate appropriateness of actions for closure

o Thematic review of incidents and associated proposed actions to address root cause

o Document 2LoD challenge of the 1LoD assessment of Risk appetite quarterly to support the Enterprise Risk management (ERM) program

o Annual review and assessment of the technology key risk indicators including thresholds, risk taxonomy

o Annual review and update of Technology Risk procedures and project checklist

o Mature the firm’s technology risk profile by developing a universe of technology risks based on organizational analysis, regulatory exposure, industry factors and strategic priorities

o Ensure Technology risks are tracked managed and reported on to articulate the current risk exposure

o Prepare monthly and quarterly ORM/ERM reports and present these to IT Management

· Projects

o Represent ORM in working groups and Project Boards for major projects that may impact the firm risk profile.

o Work with business partners to challenge the quality of the project inherent risk assessments (PIRA) completed and contribute to the independent risk review for projects.

o Oversee ORMs independent challenge of technology project portfolio

· Products/services

o Works closely with the relevant stakeholders to ensure new products/services identified are managed in line with operational risk thresholds and with prudent, comprehensive risk assessments to minimize negative impact to CLS or the ecosystem.

· Internal Audit

o Triage internal audit requests and challenge internal audit observations and actions for clarity, impact and appropriateness

· Regulatory engagement

o Engage clear and transparent communication with the regulators to ensure we give an accurate picture of risks to the business.

Leadership

· Assist Head of TISRM by taking a leadership role in driving the culture of engagement, teamwork and accountability

· Lead projects in co-ordination with Operational Risk team to enhance the ORM framework and assist with implementation of best practices

· Assist Head of ORM with implementation and sustainability of Risk framework (i.e. review and update ORM procedure / guidance documents, reporting etc.)

· Interact with and / present to the Federal Reserve Bank of New York in regular ORM continuous monitoring meetings and selected projects

· Ability to partner, influence, and gain credibility with the business

Experience / essential and desired for successful job performance

· 10+ years of technology risk / assurance, preferably in financial services or another regulated industry

· Experience and in-depth understanding of the different system development lifecycle practices, Agile methodologies and system architecture best practices, infrastructure and network management

· Experience of the COBIT framework

· Experience in the Operational Risk discipline, establishing framework and on-going process in accordance with best practices and Basel requirements.

· Experience managing the delivery of new financial products or services that involve Information Technology systems changes

· Ability to operate in an independent manner without close supervision is essential as assessments must be sound and must contain a thorough command of the risk regime of the company.

Qualifications / certifications

· Industry certification preferred, e.g. Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), Certificate of Cloud Auditing Knowledge (CCAK).

· Experience of using structured methodologies (e.g. Prince2, ITIL, PMI, APM, Lean/Six Sigma)

· Experience in MS Office suite, including Excel, Word, Project and Visio

Knowledge, skills and abilities / competencies required for successful job performance

· Knowledge of applicable internal and/or external regulatory policies, standards, procedures and controls (e.g. International Organization for Standardization (ISO) 27000, National Institute of Standards and Technology (NIST), Control Objectives for Information and Related Technology (COBIT), Cyber Essentials, Centre for Protection of National Infrastructure (CPNI), OWASP Top 10, SANS Top 20 Critical Controls, Information Security Forum (ISF)), and relevant IT Risk frameworks

· Judgement and decision making

· Communication & Influence

· Teamwork & Professionalism

Success factors / ‘How’. Personal characteristics contributing to an individual’s ability to excel in the position

Risk Management

1. Takes personal responsibility and accountability for solving operational risk related problems to meet organizational standards

2. Identifies and appropriately manages/escalates potential risks

3. Assist business partners with their identification of process / control related issues.

Judgement and Decision Making

4. Makes decisions that have moderate and at times high impact within a function, producing positive or negative effect for efficiencies, delays, and contribute to financial gain or expense

5. Contributes significantly to achieving cross-functional, consensus driven decisions by engaging and influencing others

Work Complexity and Innovation

6. Manages work guided by established policies; and regularly establishes new procedures and policies as required

7. Drives innovative solutions that contribute to the success of the department and/or viability of the organization

Communication and Influence

8. Delivers, directs, and facilitates communication amongst the function and to business functions

9. Resolves conflicts, influences outcomes on matters of significance for the division

Knowledge

10. Identifies opportunities to improve the effectiveness or efficiency of key processes within a function and/or across functions

Teamwork and Professionalism

11. Builds strong relationships across the organization

12. Drives teamwork and cooperation with others to arrive at consensus driven decisions

13. Demonstrates the CLS values, superior professionalism and ethical conduct

Personal Effectiveness

14. Adapts to unexpected changes in circumstances and re-prioritises the team's approach and activities

15. Plans and prioritises, establishing a course of action leading to successful achievement of the team's objectives

16. Designs and implements new working practices and structures which deliver improvements for the team