Executive Director, Cyber Hygiene and Data

About CLS:

CLS is the trusted party at the centre of the global FX ecosystem. Utilized by thousands of counterparties, CLS makes FX safer, smoother and more cost effective. Trillions of dollars' worth of currency flows through our systems each day.

Created by the market for the market, our unrivalled global settlement infrastructure reduces systemic risk and provides standardization for participants in many of the world's most actively traded currencies. We deliver huge efficiencies and savings for our clients: in fact, our approach to multilateral netting shrinks funding requirements by over 96% on average, so clients can put their capital and resources to better use.

CLS products are designed to enable clients to manage risk most effectively across the full FX lifecycle - whether through more efficient processing tools or market intelligence derived from the largest single source of FX executed data available to the market.

Our ambition to make a positive difference starts with our people. Our values underpin everything that we do at CLS and define our working environment:

• Pivotal purpose
• Trusted guardian
• Targeted innovation
• Facilitate connections
• Delivering excellence
• Inclusive culture

What you will be doing:

• Establish, build, and lead the new Cyber Hygiene and Data pillar, defining its operating model, processes, roles, and responsibilities. This role involves building and leading a cross-functional team dedicated to establishing and maintaining robust cyber hygiene across the enterprise, encompassing comprehensive vulnerability management, application security, and the safeguarding of CLS's critical data assets across their entire lifecycle and diverse environments, from on-premise to cloud, ensuring robust protection against evolving cyber threats and stringent regulatory requirement.

• Define and drive the overarching Cyber Hygiene and Data strategy and framework for CLS, setting the vision for data loss prevention, data protection, application security, and vulnerability management. This includes developing DLP strategies, managing policy exceptions, and defining use cases to protect critical information assets.
• Oversee the comprehensive protection of CLS data throughout its lifecycle, including strategic direction for data at rest/in-transit controls, email security, rights management, masking/tokenization, and database security. This also encompasses leading the strategy for cryptographic solutions, key management (lifecycle, inventory), issue identification/remediation, and ensuring cryptographic standards compliance.
• Establish and enforce robust data governance and classification programmes, encompassing data discovery, landscape assessment, secret scanning, classification criteria definition, handling standards, automated tooling, and compliance monitoring. Drive continuous improvement in data security risk assessment, prioritisation, and remediation efforts.
• Direct the integration of security throughout the entire Software Development Lifecycle (SDLC), defining secure development requirements, overseeing application security testing (SAST, SCA, DAST, IAST, API Security), threat modelling, and ensuring effective application vulnerability remediation tracking. This also includes managing secrets for applications and delivering internal/external penetration testing and red teaming exercises.
• Manage and continuously improve CLS's vulnerability management programmes, including asset baseline management, vulnerability identification, prioritisation, remediation ownership/tracking, disclosure processes, exception management, and patch management. Oversee executive reporting on vulnerability management and testing.
• Provide strategic leadership and talent management for the pillar, supporting performance management and career progression, identifying training and development needs, and coordinating budget for internal and external training to enhance team capabilities.
• Lead engagement with internal and external governance bodies, attending and actively contributing to forums across CLS, presenting key information and updates, and supporting ongoing governance processes. This includes enabling data collection and reporting to relevant governance stakeholders and boards in a timely manner.
• Oversee all vendor relationships and service ownership within the pillar, serving as the owner or escalation point for key vendors, evaluating new offerings, and ensuring effective implementation and use of solutions. This also includes end-to-end management of service delivery and risk management for relevant services.
• Drive regulatory and audit preparedness and response, establishing processes for managing all information security-related interactions with regulators, internal audit, 2LOD and external enquiries. This involves supporting timely, accurate, and consistent responses, coordinating evidence gathering, and ensuring robust control design, implementation, remediation, and optimisation across the pillar's services, including managing issues (SIIs, CAPs) and RCSA components.
• Report directly to the CISO, acting as a key strategic partner to shape and execute the Cyber Hygiene and Data vision, ensuring robust alignment with CLS's overarching business and technology objectives.

What we're looking for:

• A visionary leader with a proven track record in defining and executing enterprise-wide cyber security strategies, specifically in data protection, application security, and vulnerability management.
• Ability to lead and manage multiple complex security programmes and functions, translating strategic objectives into actionable plans and measurable outcomes.
• Deep understanding of the evolving threat landscape and regulatory requirements impacting data security and application security in financial services.
• Experience in establishing and maturing security capabilities across the entire data and application lifecycle, from design to deployment and ongoing operations.
• Exceptional communication and stakeholder management skills, capable of engaging and influencing executive leadership, technical teams, and external partners.
• Demonstrated ability to build, mentor, and develop high-performing security teams, fostering a culture of innovation and continuous improvement.
• A proactive approach to identifying and mitigating complex cyber risks, with a strong understanding of governance, risk, and compliance frameworks.
• Experience working in highly regulated financial services environments, understanding compliance and industry standards.

Professional qualifications / certifications:

• Experience in cyber security (15+ years), including 10+ years in a senior leadership role overseeing large-scale data security, application security, or vulnerability management programmes.
• Experience in:
  • Defining and implementing enterprise-level security strategies and frameworks.
  • Managing diverse security teams and driving significant organisational change.
  • Leading data loss prevention, data protection, and cryptographic programmes.
  • Establishing data governance, classification, and risk management frameworks.
  • Directing application security (SDLC integration, AST, threat modelling) and vulnerability management (patching, pen testing, red teaming).
  • Managing regulatory and audit engagements, control design, and issue resolution.
  • Working in highly regulated financial services environments.
• Understand, interpret and apply regulatory requirements, compliance and industry standards as pertains to Cyber Hygiene and Data (e.g., Application Security, Data Security and Vulnerability Management).

Our commitment to employees:

At CLS, we celebrate inclusion and consider this to be one of our strongest assets. We are committed to fostering an environment in which everyone feels comfortable to be who they are, and inclusion is valued. All employees have access to our inclusive benefits, including:

• Holiday - UK/Asia: 25 holiday days and 3 'life days' (in addition to bank holidays). US: 23 holiday days.
• 2 paid volunteer days so that you can actively support causes within your community that are important to you.
• Generous parental leave policies to ensure you can enjoy valuable time with your family.
• Parental transition coaching programmes and support services.
• Wellbeing and mental health support resources to ensure you are looking after yourself, and able to support others.
• Employee Networks (including our Women's Forum, Black Employee Network and Pride Network) in support of our organisational commitment to embrace and always be learning more about inclusivity.
• Hybrid working to promote a healthy work/life balance, enabling employees to work collaboratively in the office when needed and work from home when they don't.
• Active support of flexible working for all employees where possible.
• Monthly 'Heads Down Days' with no meetings across the whole company.
• Generous non-contributory pension provision for UK/Asia employees, and 401K match from CLS for US employees.
• Private medical insurance and dental coverage.
• Social events that give you opportunities to meet new people and broaden your network across the organisation.
• Annual flu vaccinations.
• Discounts and savings and cashback across a wide range of categories including health and retail for UK employees.
• Discounted Gym membership - Complete Body Gym Discount/Sweat equity program for US employees.
• All employees have access to Discover - our comprehensive learning platform with 1000+ courses from LinkedIn Learning.
• Access to frequent development sessions on a number of topics to help you be successful and develop your career at CLS.