Talent.com
Information Security Risk Management Lead

Information Security Risk Management Lead

CLS Group.New York, NY, United States
20 hours ago
Job type
  • Full-time
Job description

Information Security Risk Management Lead

CLS is the trusted party at the centre of the global FX ecosystem. Utilized by thousands of counterparties, CLS makes FX safer, smoother and more cost effective. Trillions of dollars' worth of currency flows through our systems each day.

Created by the market for the market, our unrivalled global settlement infrastructure reduces systemic risk and provides standardization for participants in many of the worlds most actively traded currencies. We deliver huge efficiencies and savings for our clients : in fact, our approach to multilateral netting shrinks funding requirements by over 96% on average, so clients can put their capital and resources to better use.

CLS products are designed to enable clients to manage risk most effectively across the full FX lifecycle whether through more efficient processing tools or market intelligence derived from the largest single source of FX executed data available to the market.

Our ambition to make a positive difference starts with our people. Our values Protect, Improve, Grow underpin everything that we do at CLS and define and shape a supportive and inclusive working environment in which everyone is encouraged to be open and forward-thinking.

Job Information

Functional title - Information Security Risk Management Lead

Department - Risk

Corporate level - Director

Report to - Head of Technology & Information Security Risk Management

Location - New York / New Jersey

Expected full-time salary range between $180K - $225K + variable compensation + 401(k) match + benefits.

What You Will Be Doing

Job purpose :

The Information Security Risk Management Lead is a key member of the Risk Management team and is responsible for leading the implementation of the Enterprise and Operational Risk Management frameworks designed by CLS to identify, measure, monitor and mitigate information security risks. The successful candidate serves as a second set of eyes to management to provide review and credible challenge of the effectiveness of information security processes and controls. This position is highly engaged with the firm-wide Information Security teams who provide security solutions as well as all corporate departments that own information security risk.

Essential Functions / Major Duties and Responsibilities of the Job

Strategic :

  • Risk Culture - Assist the CRO and Head of Enterprise Risk and Operational Risk Management in driving the culture of engagement, teamwork and accountability.
  • Risk Assessments Collaborate with the Information Security teams to guide and challenge risk assessments, and lead in efforts to strengthen the control environment in line with the evolving threat landscape.
  • Process Improvements Identify opportunities to reduce risk of recurrence of incidents and events through process evaluation and improvements plans.
  • Operational Risk Management Framework - Support the CRO and Head of Enterprise Risk and Operational Risk Management in furthering the use and efficacy of the ORM framework while enhancing its applicability to manage information security risk.

Operational :

  • Review and Credible Challenge Provide review and credible challenge of the information security risk profile and all associated framework components, e.g., risk and control self-assessments, control testing, event management, metrics and indicators, risk appetite, finding management, and reporting.
  • Risk Oversight Lead in executing oversight of information security risks by performing the following :

    • Provide subject matter expertise to business units to drive, guide and influence risk ownership, clarity and assessment of risks & controls.

  • Review and monitor the progress of actions and validate appropriateness of closure evidence.
  • Thematic review of operational risk events and associated proposed actions to reduce risk of recurrence.
  • Document credible challenge of information security risk appetite to support the Enterprise Risk management (ERM) program.
  • Regular review and challenge of key risk indicators including thresholds and applicability to risk appetite.
  • Prepare monthly and quarterly ORM / ERM reports and present to Technology Leadership, Audit, and regulatory bodies as required.
  • Project Oversight Lead in executing project oversight for information security risks by performing the following :

    • Provide challenge of risk management of material information security projects that may impact the firm's risk profile.

  • Work with business partners to challenge the quality of the project inherent risk assessments and contribute to the independent risk review for projects.
  • Review project benefits and closure artifacts in preparation for transition to BAU.
  • Governance Actively present to various committees and forums to keep management educated on changes to CLS risk appetite.
  • Relationship Management Be a respected point of contact to stakeholders across the business and technology functions in providing operational risk coverage for information security risk.
  • Advisory Services Be a trusted advisor and provide effective challenge to stakeholders on the evolving cybersecurity and technology risk landscape.
  • Policy & Procedures - Maintain and oversee relevant policies, standards, and procedures related to CLS security processes.

    • Leadership :

    Primary lead for the team to role model expected work ethic and quality, meet divisional objectives, and support career development.

  • Provide guidance and support to junior members of the team.
  • Interact with and present to regulatory bodies in regular continuous monitoring meetings.
  • Ability to partner, influence, and maintain credibility with the business

    • What We're Looking For

    10+ years of experience specifically related to information security governance, operations, and risk management.

  • Broad-based technology experience at substantial scale and complexity in a global, highly regulated, high-volume transaction environment. Experience must include time operating within transaction services environments characterized by the need for continuous availability and the highest levels of security.
  • Experience with developing and managing Operational Risk programs, establishing framework and on-going process in accordance with best practices and Basel requirements.
  • Comfortable leading in a complex matrixed organization, ideally in a global firm with a dynamic and rapidly changing environment.
  • Experience leading within a highly regulated environment, with a preference for experience at the international and federal levels. Deep knowledge of policy frameworks and a strong understanding of policies, procedures, guidelines, and structure.
  • Functional expertise, with operational knowledge of and exposure to various current and emerging information security areas such as :

    • Cyber resilience Identity & privileged access management Secure coding practices Incident response Artificial Intelligence Third-party risk management Cloud security configuration and control frameworks Threat / vulnerability management Network security

    Professional qualifications / certifications :

  • B.S. in a technology discipline (Computer Science, Information Management, Computer Engineering, Cybersecurity or equivalent).
  • Relevant certification is desirable, e.g., CISSP, CISM, CISA, CRISC.
  • Working knowledge of Risk Management life cycles based on an established framework : NIST CSF, NIST SP 800-53, ORX, ISO 27001, SANS, CERT, ENISA, CSA, OACA, ISACA.
  • Proficiency in MS PowerPoint and Excel.
  • Experience in broader MS Office suite, including Project and Visio is a plus
  • Experience with enterprise GRC tools, e.g. Archer is a plus

    • Our Commitment to Employees

    At CLS, we celebrate diversity and consider this to be one of our strongest assets. We are committed to fostering an environment in which everyone feels comfortable to be who they are, and inclusion is valued. All employees have access to our inclusive benefits, including :

  • Holiday - UK / Asia : 25 holiday days and 3 'life days' (in addition to bank holidays). US : 23 holiday days.
  • 2 paid volunteer days so that you can actively support causes within your community that are important to you.
  • Generous parental leave policies to ensure you can enjoy valuable time with your family.
  • Parental transition coaching programmes and support services.
  • Wellbeing and mental health support resources to ensure you are looking after yourself, and able to support others.
    • Create a job alert for this search

    Information Security • New York, NY, United States

    Related jobs
    • Promoted
    • New!
    Information Security Risk Management Lead

    Information Security Risk Management Lead

    CLS Group.Iselin, NJ, United States
    Full-time
    CLS is the trusted party at the centre of the global FX ecosystem.Utilized by thousands of counterparties, CLS makes FX safer, smoother and more cost effective. Trillions of dollars' worth of curren...Show moreLast updated: 20 hours ago
    • Promoted
    • New!
    Manager, Operational and Enterprise Risk Management

    Manager, Operational and Enterprise Risk Management

    KPMGShort Hills, NJ, United States
    Full-time
    KPMG Advisory practice is currently our fastest growing practice.We are seeing tremendous client demand, and looking forward we do not anticipate that slowing down. In this ever-changing market envi...Show moreLast updated: 20 hours ago
    • Promoted
    VP IT Security and Risk Management (Hybrid)

    VP IT Security and Risk Management (Hybrid)

    Selective InsuranceShort Hills, NJ, United States
    Temporary
    At Selective, we don't just insure uniquely, we employ uniqueness.Selective's unique position as both a leading insurance group and an employer of choice is recognized in a wide variety of awards a...Show moreLast updated: 30+ days ago
    • Promoted
    Risk Management Specialist / Risk Management Senior Specialist (Remote)- NJ / Northern NJ

    Risk Management Specialist / Risk Management Senior Specialist (Remote)- NJ / Northern NJ

    Selective InsuranceNewark, NJ, United States
    Remote
    Full-time
    At Selective, we don't just insure uniquely, we employ uniqueness.Selective's unique position as both a leading insurance group and an employer of choice is recognized in a wide variety of awards a...Show moreLast updated: 30+ days ago
    • Promoted
    Lead Information Security Engineer- Certificate Management Services

    Lead Information Security Engineer- Certificate Management Services

    Wells FargoIselin, NJ, United States
    Full-time
    Wells Fargo is seeking a Lead Information Security Engineer in Technology as part of the Chief Technology Office (CTO).Learn more about the career areas and lines of business at wellsfargojobs.The ...Show moreLast updated: 30+ days ago
    • Promoted
    • New!
    Chief Information Security Manager

    Chief Information Security Manager

    InterSourcesSyosset, NY, United States
    Full-time
    Chief Information Security Manager.The vCISO shall provide expert virtual cybersecurity services during normal business hours except in the event of a security incident or breach.HCC seeks a fresh ...Show moreLast updated: 20 hours ago
    • Promoted
    Manager, Network Security, Tech & Data Risk Management

    Manager, Network Security, Tech & Data Risk Management

    Capital OneNew York City, New York, US
    Full-time +1
    Manager, Network Security, Tech & Data Risk Management Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers.We are serious about tech...Show moreLast updated: 30+ days ago
    • Promoted
    Cybersecurity Lead / Architect

    Cybersecurity Lead / Architect

    HCLTechEast Brunswick, NJ, US
    Full-time
    Cybersecurity Lead / Architect Candidate Persona - Ability to do architecture and consulting engagement for large and complex customer environment. Self-motivated individual and creative thinker who...Show moreLast updated: 30+ days ago
    • Promoted
    • New!
    Cyber and Information Security Risk Officer

    Cyber and Information Security Risk Officer

    UBSWest New York, NJ, United States
    Part-time
    Do you thrive in a fast paced, dynamic environment that helps protect firm and client data? Are you someone who can make the right call in challenging situations? Are you a shrewd evaluator of the ...Show moreLast updated: 10 hours ago
    • Promoted
    Information Security Analyst

    Information Security Analyst

    Spectraforce TechnologiesNewark, NJ, United States
    Full-time
    Job Title : Information Security Analyst.Location : Newark, NJ (Hybrid 3 days onsite).Focus on highest risk controls first, then medium risk (definition in progress). Coordination with AppOwners and c...Show moreLast updated: 18 days ago
    • Promoted
    Project Manager – Security

    Project Manager – Security

    Blue Ribbon Global technologies LLCNew Brunswick, NJ, US
    Full-time
    Hello , My name is Garima Gupta and I am a Lead Talent Acquisition Specialist at Blue Ribbon Global Technologies, LLC.I am reaching out to you on an exciting job opportunity with one of our clients...Show moreLast updated: 20 days ago
    • Promoted
    Director, Analyst Enterprise Risk Management REMOTE US

    Director, Analyst Enterprise Risk Management REMOTE US

    GartnerStamford, CT, United States
    Full-time
    Analysts provide must-have insights for our clients through published research and client interaction, helping to solve organizational challenges that lead to improved performance.As part of Gartne...Show moreLast updated: 7 days ago
    • Promoted
    • New!
    Security Risk Management Analyst

    Security Risk Management Analyst

    CoreWeaveLivingston, NJ, United States
    Permanent
    CoreWeave is The Essential Cloud for AI™.Built for pioneers by pioneers, CoreWeave delivers a platform of technology, tools, and teams that enables innovators to build and scale AI with confidence....Show moreLast updated: 20 hours ago
    • Promoted
    • New!
    Identity & Access Management Cyber Security Product Management Expert (Sr Director / Analyst, Ful[...]

    Identity & Access Management Cyber Security Product Management Expert (Sr Director / Analyst, Ful[...]

    GartnerStamford, Connecticut, United States
    Full-time
    Identity & Access Management Cyber Security Product Management Expert (Sr Director / Analyst, Ful[.Identity & Access Management Cyber Security Product Manager (Sr Director / Analyst, Fully Remote Unite...Show moreLast updated: 11 hours ago
    • Promoted
    Mgr IT and Res Risk

    Mgr IT and Res Risk

    City National BankNew York, NY, US
    Full-time
    This role is responsible for the development and maturing of the 2nd line of defense (2LOD) Cyber, Technology, Business Continuity, and Operational Resilience Risk teams. This leader is the owner fo...Show moreLast updated: 2 days ago
    • Promoted
    ZTD Global IT Service Management Lead

    ZTD Global IT Service Management Lead

    Zoetis, IncParsippany-Troy Hills, NJ, United States
    Full-time
    We are seeking an experienced and visionary ITSM Leader to establish and own the process and governance of a consistent IT Service Management (ITSM) practice across our ZTD organization.This is a p...Show moreLast updated: 1 day ago
    • Promoted
    Risk Management Manager - LOD1

    Risk Management Manager - LOD1

    Early Warning ServicesNew York, NY, United States
    Full-time
    At Early Warning, we've powered and protected the U.As a trusted name in payments, we partner with thousands of institutions to increase access to financial services and protect transactions for hu...Show moreLast updated: 8 days ago
    • Promoted
    Risk Management Manager - LOD1

    Risk Management Manager - LOD1

    Early Warning Services, LLCNew York, NY, United States
    Full-time
    At Early Warning, we've powered and protected the U.Zelle®, Paze℠, and so much more.As a trusted name in payments, we partner with thousands of institutions to increase access to financial services...Show moreLast updated: 8 days ago