Security Governance, Risk and Assurance Specialist

Social network you want to login/join with:

Client: CLS Group

Location: London, United Kingdom

Job Category: Other

EU work permit required: Yes

4

05.05.2025

19.06.2025

About CLS:

CLS is the trusted party at the centre of the global FX ecosystem. Utilized by thousands of counterparties, CLS makes FX safer, smoother and more cost-effective. Trillions of dollars’ worth of currency flows through our systems each day.

Created by the market for the market, our unrivalled global settlement infrastructure reduces systemic risk and provides standardization for participants in many of the world’s most actively traded currencies. We deliver huge efficiencies and savings for our clients: in fact, our approach to multilateral netting shrinks funding requirements by over 96% on average, so clients can put their capital and resources to better use.

CLS products are designed to enable clients to manage risk most effectively across the full FX lifecycle – whether through more efficient processing tools or market intelligence derived from the largest single source of FX executed data available to the market.

Our ambition to make a positive difference starts with our people. Our values – Protect, Improve, Grow – underpin everything that we do at CLS and define and shape a supportive and inclusive working environment in which everyone is encouraged to be open and forward-thinking.

• Functional title - AVP, IT Security Specialist
• Department – Security Governance and Risk Management
• Report to – Director of Security

The individual will be part of the security function responsible for security governance, risk, and assurance, ensuring the organization’s security posture is robust and compliant with security policies, standards, and controls. The role requires close collaboration with technical, operational, compliance, and audit teams to create a secure and compliant technology environment.

• Maintain security policies, standards, procedures, and frameworks.
• Ensure alignment with security industry standards such as NIST CSF and NIST 800-53.
• Act as an advisor to colleagues on best security practices.
• Conduct regular risk assessments and maintain risk register in RSA Archer.
• Identify, assess, and prioritize security risks across the organization’s information assets and environments.
• Evaluate security gaps and provide remediation strategies, monitoring progress until risks are reduced to acceptable levels.
• Support cybersecurity risk management strategies based on findings and observations, improving processes and activities across security functions.
• Profile and assign asset security criticality, prioritizing risk assessments.
• Monitor improvements and report on security risk reduction, including policy exceptions and dispensations.
• Facilitate lessons learned forums and recommend control improvements.
• Represent security in audits and assessments, ensuring compliance with internal and external requirements.
• Provide assurance to stakeholders through detailed reporting and metrics.

• Minimum of 2 years’ experience in Information and Cyber Security, preferably within a security risk team.
• Highly organized with experience in planning and reporting data and updates.
• Effective collaboration skills to drive security objectives.
• Strong technical writing skills for risk assessment reports and mitigation plans.
• Meticulous attention to detail for data accuracy and integrity.
• Problem-solving skills to troubleshoot security issues and propose solutions.
• Excellent verbal and written communication skills, capable of conveying complex technical information clearly.
• Basic understanding of security risk management principles.
• Knowledge of vulnerability and incident management practices.
• Ability to learn GRC tools, with RSA Archer preferred.
• Experience in the financial or banking industry is advantageous.
• Relevant qualifications such as MSc in Information Security, CICA, CRISC, CISM, or Data Analysis are beneficial but not essential if experience demonstrates skills.
• Knowledge of security frameworks like NIST CSF, ISO 27001, SOC1,2.
• Certifications like Prince2, MSP, APMQ are advantageous.
• A desire for continuous learning and skill development in security.

At CLS, we celebrate diversity and foster an inclusive environment. Our benefits include:

• Holiday entitlement: UK/Asia: 25 days + 3 'life days'; US: 23 days.
• Paid volunteer days.
• Generous parental leave and transition support.
• Wellbeing resources and mental health support.
• Affinity groups supporting DE&I initiatives.
• Hybrid working arrangements.
• Flexible working options.
• Monthly ‘Heads Down Days’ with no meetings.
• Non-contributory pension (UK/Asia) and 401K match (US).
• Private medical and dental coverage.
• Social events and networking opportunities.
• Discounts, gym memberships, and learning resources.