Executive Director, Head of Secure Design Compliance

Company background and culture

Created by the market for the market, CLS is the trusted party at the center of the global FX ecosystem.  Utilized by thousands of counterparties, CLS makes FX safer, smoother and more cost effective.  Trillions of dollars’ worth of currency flows through our systems each day. 

Given our systemic importance to the global FX market and its participants, the mission critical priority of the CLS Board, management and employees, is to maintain the robustness and resilience of CLS services, mitigate settlement risk in the CLS ecosystem and deliver operational and funding efficiencies for our clients. 

CLS has been designated a systemically important financial market utility (SIFMU) by the US Financial Stability Oversight Council (FSOC). While the Federal Reserve is CLS’s primary supervisor with statutory examination and enforcement powers under Reg HH, CLS is also uniquely overseen by the Bank of England and an Oversight Committee composed of 23 global regulators.

In essence, CLS’s core FX service is a highly specialized collection of member rules, contracts and processes that efficiently achieve settlement t reduction. 

Inherent to the CLS business model and value proposition are three important sources of competitive advantage:

CLS benefits from the strong global regulatory endorsement of its FX settlement risk mitigation mission, enabling direct access to central bank accounts and RTGS systems in 18 currencies as well as a dedicated

CLS settlement window for all currencies.

While reducing settlement risk for its settlement members and clients, CLS also achieves significant operational cost savings and liquidity efficiencies in the multilateral netting of gross FX settlement and the net funding of settlement obligations.

CLS’s dedicated technological and operational design is underpinned by comprehensive member rules, a robust legal foundation and strong risk models ultimately backstopped by risk mutualization across the owner members.

Our ambition to make a positive difference starts with our people.  Our values – Protect, Improve, Grow – underpin everything that we do at CLS and define and shape a supportive and inclusive working environment in which everyone is encouraged to be open and forward-thinking.

Products and solutions

CLS has transformed FX with its innovative approach to multilateral netting and settlement. The company has worked to reduce systemic risk while creating operational efficiencies and significant cost savings for its clients.

CLS’s network has unparalleled insight into common market challenges - it is therefore able to leverage its experience and substantial market intelligence to address its client’s wider settlement, processing and data needs. The key focus being to enhance its existing product portfolio in order to make the trading process faster, easier, safer and more cost-effective for its clients.

Settlement – the organization’s primary product and focus. The strength of CLS’s network is based on the proven quality of its service and near-zero-tolerance attitude to failure.  As the market evolves CLS continues to innovate and expand, bringing excellence in settlement solutions to new market participants.

Processing – a growing product suite gaining in size and importance. Improving post-trade efficiency is a key business driver for members of the FX community and CLS leads the market in driving innovative solutions that bring greater standardization to the post-trade environment, enabling its clients to remain competitive in an evolving market.

Data – CLS’s clients rely on robust transaction data to gain insight into market trends. In order to empower client growth and improve trading strategies, CLS has built the largest single source of FX executed trade data available to the market.

Job purpose - major duties and responsibilities of the job

The role is responsible for leading and enforcing secure design across the organization’s technical environment. This role focuses on ensuring compliance with security standards, managing cryptography and encryption, enforcing least privilege access, and maintaining strong vulnerability management practices. The individual will oversee the design, implementation, and monitoring of secure baselines, ensuring that security is embedded into the organization's infrastructure, applications, and services from the ground up. The position will require close collaboration with technical, operational, and compliance teams to create a secure and compliant technology environment.

• Develop, implement, and maintain secure configuration baselines across infrastructure, cloud environments, and applications. Ensuring compliance with industry standards (e.g., CIS, NIST, ISO 27001) and internal security policies across all platforms and environments.
• Accountable for the execution of regular assessments to validate baseline adherence and rectify any deviations or gaps.
• Oversee the selection, implementation, and lifecycle management of encryption technologies and cryptographic protocols (e.g., SSL/TLS, PKI, AES). Ensuring that all sensitive data, both at rest and in transit, is properly encrypted in compliance with internal and regulatory requirements.
• Manage cryptographic key management practices, ensuring proper storage, rotation, and lifecycle of encryption keys.
• Stay updated on advancements in cryptography, encryption techniques, and cryptographic vulnerabilities, recommending and implementing necessary improvements.
• Lead the governance and enforcement of least privilege; leading the design and implementation of access control mechanisms, ensuring that users and systems operate under the principle of least privilege (PoLP).
• Regularly review and assess access controls to ensure alignment with least privilege principles and eliminate excessive or unnecessary access rights. Drive automation of privilege escalation processes and ensure privileged account monitoring is robust.
• Collaborate with the identity and access management (IAM) team to optimize role-based access control (RBAC) and manage privileged accounts securely.
• Oversee the vulnerability management lifecycle, including vulnerability identification, risk assessment, patch management, and remediation. Work with security operations and infrastructure teams to ensure timely identification and mitigation of vulnerabilities through regular scanning and remediation of penetration testing.
• Integrate processes with Cyber Threat Intelligence to ensure appropriate monitoring of the threat landscape for emerging vulnerabilities and ensure swift response to zero-day threats.

Leadership

• Leads by Example: Demonstrates the technical and professional skills expected across the global team through personal action.
• Accountable and effective communicator: Clearly takes charge of the duties outlined above and communicates well with stakeholders so teams can operate in unison where required.
• Innovator and Change Agent: Always striving to find ways to automate existing processes, streamline and simplify complexity, and incorporate new ideas and capabilities to enhance our security posture and make the team stronger and better.
• Decisive: provides clear direction during cyber incident response to the Security Operations team and all associated stakeholders.
• Identify risks: Able to synthesize capability gaps and articulate them so the Firm can manage risk in alignment with its risk management strategy.
• Manages ambiguity: operating effectively and decisively, even when things are not certain, or the way forward is unclear.
• Collaborates: building partnerships and working collaboratively with others to meet shared objectives.
• Influence: proven success navigating and operating effectively in a matrix organization.
• Customer focus: building strong partnerships and delivering customer-centric solutions.
• Committed to professional development with a personal appetite to grow and contribute further to the organization over time.

Knowledge, skills and abilities - competencies required for successful job performance

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or related field. Master’s degree preferred.
• CISSP, CISM, CISA, GIAC, or similar advanced security certifications.
• Considerable experience in cybersecurity, with notable experience in a senior or managerial role focused on secure design, governance, or compliance.
• Strong understanding of secure configuration baselines, encryption standards, cryptography, and access control principles.
• Experience with vulnerability management tools and best practices.
• Proficiency in security frameworks (e.g., NIST CSF, ISO 27001).
• Strong knowledge of encryption standards, cryptographic protocols, and key management practices.
• Familiarity with cloud security controls and securing hybrid IT environments.
• Knowledge of vulnerability management tools such as Nessus, Qualys, or similar.
• Understanding of IAM principles, least privilege access, and privilege access management (PAM) systems.
• Evidence of working in the Financial Service Industry preferred

#LI-DNP