Security Governance, Risk and Assurance Specialist

Get AI-powered advice on this job and more exclusive features.

Direct message the job poster from CLS Group

CLS is the trusted party at the centre of the global FX ecosystem. Utilized by thousands of counterparties, CLS makes FX safer, smoother, and more cost-effective. Trillions of dollars’ worth of currency flow through our systems each day.

Created by the market for the market, our unrivalled global settlement infrastructure reduces systemic risk and provides standardization for participants in many of the world’s most actively traded currencies. We deliver huge efficiencies and savings for our clients: in fact, our approach to multilateral netting shrinks funding requirements by over 96% on average, enabling clients to allocate resources more effectively.

Our products are designed to help clients manage risk across the entire FX lifecycle, through efficient processing tools and market intelligence derived from the largest single source of FX executed data available to the market.

Our ambition to make a positive difference starts with our people. Our values – Protect, Improve, Grow – underpin everything we do at CLS and foster a supportive, inclusive, and forward-thinking work environment.

Job information:

• Functional title - AVP, IT Security Specialist
• Department – Security Governance and Risk Management
• Report to – Director of Security

About the role:

The individual will be part of the security function responsible for security governance, risk, and assurance, ensuring the organization’s security posture is robust and compliant with security policies, standards, and controls. The role requires close collaboration with technical, operational, compliance, and audit teams to create a secure and compliant technology environment.

What you will be doing:

• Maintain security policies, standards, procedures, and frameworks.
• Ensure alignment with security industry standards such as NIST CSF and NIST 800-53.
• Advise colleagues across the organization on best security practices.
• Conduct regular risk assessments and maintain risk registers in RSA Archer.
• Identify, assess, and prioritize security risks across information assets and environments.
• Identify security gaps, evaluate and propose remediation options, and monitor ongoing remediation efforts.
• Support cybersecurity risk management strategies based on findings and observations.
• Profile assets for security criticality and prioritize risk assessments accordingly.
• Monitor improvements and report on risk reduction efforts, including policy exceptions and dispensations.
• Lead lessons learned forums and recommend improvements to security controls.
• Represent security in audits and assessments, ensuring compliance with internal and external requirements.
• Provide assurance to stakeholders through detailed reporting and metrics.

What we are looking for:

• Minimum of 2 years’ experience in Information and Cyber Security, with an interest in security risk management.
• Highly organized, with experience in planning and reporting data and updates.
• Effective collaboration skills to drive security objectives.
• Strong technical writing skills for risk assessment reports and mitigation plans.
• Meticulous attention to detail to ensure data accuracy and thorough risk assessments.
• Problem-solving skills to address security issues impacting multiple entities and propose effective solutions.
• Excellent verbal and written communication skills, capable of conveying complex technical information clearly and to non-technical stakeholders.
• Basic understanding of security risk management principles and taxonomy.
• Knowledge of vulnerability and incident management practices.
• Ability to learn GRC tools; RSA Archer experience is preferred.
• Experience in the financial or banking industry is a plus.
• Relevant qualifications such as MSc in Information Security, CICA, CRISC, CISM, or data analysis are beneficial but not essential if experience validates skills.
• Knowledge of security frameworks like NIST CSF, ISO 27001, SOC1,2.
• Certifications such as Prince2, MSP, APMQ are advantageous.
• A commitment to continuous learning and skill development in security.

Our commitment to employees:

At CLS, we celebrate diversity and foster an inclusive environment where everyone feels valued. Our benefits include:

• Holiday entitlement: UK/Asia: 25 days + 3 ‘life days’; US: 23 days.
• Two paid volunteer days annually.
• Generous parental leave policies and transition support.
• Wellbeing and mental health resources.
• Affinity groups supporting diversity and inclusion.
• Hybrid working model promoting work/life balance.
• Flexible working arrangements.
• Monthly ‘Heads Down Days’ with no meetings.
• Non-contributory pension (UK/Asia) and 401K match (US).
• Private medical and dental insurance.
• Social events and networking opportunities.
• Discounts, gym memberships, and access to learning platforms.

• Mid-Senior level

• Full-time

• Information Technology

Referrals increase your chances of interviewing at CLS Group by 2x