Vice President, Security Governance, Risk and Assurance

CLS is the trusted party at the centre of the global FX ecosystem. Utilized by thousands of counterparties, CLS makes FX safer, smoother, and more cost-effective. Trillions of dollars' worth of currency flows through our systems each day.

Created by the market for the market, our unrivalled global settlement infrastructure reduces systemic risk and provides standardization for participants in many of the world's most actively traded currencies. We deliver huge efficiencies and savings for our clients: our approach to multilateral netting shrinks funding requirements by over 96% on average, allowing clients to utilize their capital more effectively.

Our products enable clients to manage risk across the entire FX lifecycle through efficient processing tools and market intelligence derived from the largest single source of FX executed data.

Our ambition to make a positive difference begins with our people. Our values - Protect, Improve, Grow - underpin our culture and foster a supportive, inclusive environment that encourages openness and forward-thinking.

• Functional title: VP, IT Security Risk
• Department: Security Governance and Risk Management
• Corporate level: Vice President
• Report to: Director of Security
• Location: London, onsite 2 days per week

The individual will be part of the security team responsible for security governance, risk, and assurance, ensuring the organisation's security posture is robust and compliant with policies, standards, and controls. This role requires close collaboration with technical, operational, compliance, and audit teams to maintain a secure and compliant technology environment.

• Maintain security policies, standards, procedures, and frameworks.
• Ensure alignment with industry standards such as NIST CSF and NIST 800-53.
• Advise colleagues on security best practices.
• Conduct risk assessments and maintain the risk register in RSA Archer.
• Identify, assess, and prioritize security risks.
• Evaluate security gaps, provide remediation options, and monitor ongoing remediation efforts.
• Support cybersecurity risk management strategies and improve related processes.
• Profile assets, assign security criticality, and prioritize risk assessments.
• Monitor security improvements and report on risk reduction efforts.
• Lead lessons learned forums and recommend control improvements.
• Represent security in audits and assessments, ensuring compliance.
• Provide assurance through detailed reports and metrics.

• Minimum 5 years' experience in Information and Cyber Security, with at least 2 years in a security risk team.
• Strong organizational skills and experience in planning and reporting.
• Effective collaboration skills.
• Expertise in technical report writing and risk documentation.
• Meticulous attention to detail.
• Problem-solving skills and ability to troubleshoot security issues.
• Excellent communication skills, capable of conveying complex information clearly.
• Understanding of security risk management principles.
• Knowledge of vulnerability and incident management practices.
• Experience with GRC tools, preferably RSA Archer.
• Experience in the financial or banking industry is preferred.

• Ideally MSc in Information Security, CICA, CRISC, CISM, or Data Analysis.
• Proficiency in security frameworks like NIST CSF, ISO 27001, SOC1,2.
• Certifications such as Prince2, MSP, APMQ are advantageous.
• Continuous learning and development in security skills encouraged.