- Senior
- Office in London
About CLS:
CLS is the trusted party at the centre of the global FX ecosystem. Utilized by thousands of counterparties, CLS makes FX safer, smoother and more cost effective. Trillions of dollars’ worth of currency flows through our systems each day.
Created by the market for the market, our unrivalled global settlement infrastructure reduces systemic risk and provides standardization for participants in many of the world’s most actively traded currencies. We deliver huge efficiencies and savings for our clients: in fact, our approach to multilateral netting shrinks funding requirements by over 96% on average, so clients can put their capital and resources to better use.
CLS products are designed to enable clients to manage risk most effectively across the full FX lifecycle – whether through more efficient processing tools or market intelligence derived from the largest single source of FX executed data available to the market.
Our ambition to make a positive difference starts with our people. Our values underpin everything that we do at CLS and define our working environment:
- Pivotal purpose
- Trusted guardian
- Targeted innovation
- Facilitate connections
- Delivering excellence
- Inclusive culture
Job information:
- Functional title - Vulnerability Management
- Department – IT Security
- Corporate level - Vice President
- Report to - Director
- Location - London, onsite 2 days per week
What you will be doing:
SME Consultancy:
- As part of the IT Security team, develop and implement CLS IT Strategy in consultation with the CLS IT teams, ensuring that all initiatives are mirrored in respective strategies including the overall CLS Strategy
- Provide security advice and support for information technology projects as Vulnerability Management subject matter expert (SME)
- Research new security related products and services to ensure that CLS is equipped with appropriate industry best tools and solutions
Vulnerability Management:
- Subject Matter Expert (SME) for vulnerability management within the Security Operations Department.
- Manage vulnerability management platforms, including configuration, tuning, connectors, and coverage.
- Coordinate with engineering, infrastructure and application development teams to track SLA attainment and escalate blockers.
- Apply threat-based prioritization using CVSS, threat intelligence, exploitability data, KEV lists, and business context.
- Coordinate the response to high profile vulnerabilities, including zero-days and critical CVEs with impact analysis and action plans.
- Produce weekly and monthly reporting on trends, KRIs, KPIs, backlog health, and risk posture for senior audiences.
- Execute governance for exception handling and risk acceptance in line with policy. Maintain the exception register and review cadence.
- Manage the remediation backlog, change windows, and patch orchestration to meet SLAs.
- Lead, coach, and grow a team of analysists, engineers, and program managers.
- Support audits and evidence collection for standards and frameworks such as NIST CSF and ISO 27001.
- Manage vendor relationships, licensing, and tool roadmaps in coordination with the Director.
Regulatory Compliance & Reporting:
- Ensure vulnerability management efforts and documentation comply with industry standards and best practices (GDPR, SOC, NIST, ISO etc.)
- Maintain detailed documentation and reporting for audits and compliance reviews.
Process Improvement & Risk Mitigation:
- Develop and refine vulnerability management standard operating procedures and playbooks.
- Recommend and implement process improvements to enhance vulnerability management capabilities.
Operational:
- Operate and maintain controls related to vulnerability management.
- Conduct vulnerability management risk assessments for all high impact projects, defining security mitigating controls that impact the technology architectures of CLS, service providers, and business partners
- Review and update vulnerability management procedures to reflect best practice and mitigate current and emerging threats
- Assigned ownership of vulnerability management related FRB and Internal Audit finding(s) and effect timely resolution
- Maintain relationships with third-party vulnerability management vendors and strategic partners
What we’re looking for:
- ‘Hands-on’ vulnerability management experience
- Ensure a risk-based approach to vulnerability management is adopted in every part of the business and solutions
- Work with members of the IT Security team to help design, implement and maintain security
- Operate and maintain IT Security controls related to Vulnerability Management
- Deliver vulnerability management projects from concept, approval, design, and implementation to operation
- Ability to collaborate effectively with others to drive forward key security objectives
- Strong documentation and report writing skills (to both technical and business audiences)
- Excellent time management and organizational skills combined with technical vulnerability management acumen
- Financial and/or Banking industry experience preferred
Qualifications / certifications:
- Technology discipline (Computer Science, Computer Engineering, Cybersecurity or equivalent)
- 10+ Years of experience within the cybersecurity industry with 5+ years in specific vulnerability management roles
- Security certifications such as CISSP, CISM, OSCP, GIAC GSEC, GEVA or equivalent is preferred
- Proven success operating a mature vulnerability management program at scale
- Strong understanding of scanning technologies, CVSS, and threat modelling
- Familiarity with compliance frameworks and standards such as NIST and ISO
- Experience managing technical teams and working cross-functionally with non-security stakeholders
- Experience integrating vulnerability management with ticketing and asset management tools
- Clear communicator who can brief executives and drive action
Our commitment to employees:
At CLS, we celebrate diversity and consider this to be one of our strongest assets. We are committed to fostering an environment in which everyone feels comfortable to be who they are, and inclusion is valued. All employees have access to our inclusive benefits, including:
- Holiday - UK/Asia: 25 holiday days and 3 ‘life days’ (in addition to bank holidays). US: 23 holiday days.
- 2 paid volunteer days so that you can actively support causes within your community that are important to you.
- Generous parental leave policies to ensure you can enjoy valuable time with your family.
- Parental transition coaching programmes and support services.
- Wellbeing and mental health support resources to ensure you are looking after yourself, and able to support others.
- Employee Networks (including our Women’s Forum, Black Employee Network and Pride Network) in support of our organisational commitment to embrace and always be learning more about inclusivity.
- Hybrid working to promote a healthy work/life balance, enabling employees to work collaboratively in the office when needed and work from home when they don’t.
- Active support of flexible working for all employees where possible.
- Monthly ‘Heads Down Days’ with no meetings across the whole company.
- Generous non-contributory pension provision for UK/Asia employees, and 401K match from CLS for US employees.
- Private medical insurance and dental coverage.
- Social events that give you opportunities to meet new people and broaden your network across the organisation.
- Annual flu vaccinations.
- Discounts and savings and cashback across a wide range of categories including health and retail for UK employees.
- Discounted Gym membership – Complete Body Gym Discount/Sweat equity program for US employees.
- All employees have access to Discover – our comprehensive learning platform with 1000+ courses from LinkedIn Learning.
- Access to frequent development sessions on a number of topics to help you be successful and develop your career at CLS.