Security Governance, Risk and Assurance Specialist

About CLS:

CLS is the trusted party at the centre of the global FX ecosystem. Utilized by thousands of counterparties, CLS makes FX safer, smoother, and more cost-effective. Trillions of dollars’ worth of currency flows through our systems each day.

Created by the market for the market, our unrivalled global settlement infrastructure reduces systemic risk and provides standardization for participants in many of the world’s most actively traded currencies. We deliver huge efficiencies and savings for our clients: in fact, our approach to multilateral netting shrinks funding requirements by over 96% on average, so clients can put their capital and resources to better use.

CLS products are designed to enable clients to manage risk most effectively across the full FX lifecycle – whether through more efficient processing tools or market intelligence derived from the largest single source of FX executed data available to the market.

Our ambition to make a positive difference starts with our people. Our values – Protect, Improve, Grow – underpin everything that we do at CLS and define and shape a supportive and inclusive working environment in which everyone is encouraged to be open and forward-thinking.

Job information:

• Functional title - AVP, IT Security Specialist
• Department – Security Governance and Risk Management
• Corporate level – Associate Vice President
• Report to – Director of Security
• Location - London, onsite 2 days per week

About the role:

The individual will be part of the security function responsible for security governance, risk, and assurance, to ensure the organisation's security posture is robust, compliant against the security policy, standards, and controls. The position requires close collaboration with technical, operational, compliance, and audit teams to create a secure and compliant technology environment.

What you will be doing:

• Maintain security policy, standards, procedures, and frameworks.
• Ensure alignment with security industry standards such as NIST CSF and NIST 800-53.
• Act as an advisor to colleagues across the organisation on security best practices.
• Conduct regular risk assessments and maintain risk register in RSA Archer.
• Identify, assess, and prioritize security risks across the organisation’s information assets and environments.
• Understand security gaps and provide evaluation and treatment options, including remediation approaches, and monitor ongoing remediation until risks are reduced to acceptable levels.
• Support cybersecurity risk management strategies based on security findings and observations, and improve organizational cybersecurity risk management processes.
• Profile and assign asset security criticality and prioritize risk assessments.
• Monitor improvements against baselined risks and report on risk reduction, including policy exceptions and dispensations.
• Facilitate lessons learned forums and recommend improvements to security controls.
• Represent security in audits and assessments, ensuring compliance with internal and external requirements.
• Provide assurance to stakeholders through detailed reporting and metrics.

What we are looking for:

• Minimum of 2 years’ experience in Information and Cyber Security, with a desire to work within a security risk team.
• Highly organized with experience in planning and reporting data, information, and updates.
• Effective collaboration skills to drive key security objectives.
• Strong technical writing skills for reports and documenting risk assessment findings and mitigation plans.
• Meticulous attention to detail to ensure data accuracy and integrity.
• Problem-solving skills to troubleshoot security issues and propose effective solutions.
• Good verbal and written communication skills to convey complex technical information clearly, including presenting data insights to non-technical stakeholders.
• Basic understanding of security risk management and taxonomy principles.
• Knowledge of vulnerability and incident management practices.
• Ability to learn GRC tools, preferably RSA Archer.
• Financial and/or banking industry experience is preferred.

Professional qualifications / certifications

• Ideally qualified in MSc Information Security, CICA, CRISC, CISM, or Data analysis, but experience can validate skills.
• Knowledge of security frameworks such as NIST CSF, ISO 27001, SOC1,2.
• Prince 2, MSP, APMQ certifications are advantageous.
• A commitment to continuous learning and skill development in security.

Our commitment to employees:

At CLS, we celebrate diversity and consider this one of our strongest assets. We are committed to fostering an inclusive environment where everyone feels comfortable and valued. Our benefits include:

• Holiday entitlement: UK/Asia: 25 days + 3 ‘life days’; US: 23 days.
• Paid volunteer days to support community causes.
• Generous parental leave policies and transition support.
• Wellbeing and mental health resources.
• Affinity groups supporting diversity and inclusion.
• Hybrid working model for work/life balance.
• Flexible working arrangements.
• Monthly ‘Heads Down Days’ with no meetings.
• Non-contributory pension (UK/Asia) and 401K matching (US).
• Private medical and dental insurance.
• Social events and networking opportunities.
• Annual flu vaccinations.
• Employee discounts, gym memberships, and learning resources.