Cyber and Information Risk, Independent Risk Review Lead

Cyber and Information Risk, Independent Risk Review Lead

Join to apply for the Cyber and Information Risk, Independent Risk Review Lead role at CLS Group.

• Functional title – Cyber and Information Risk, Independent Risk Review Lead
• Report to – Head of Technology & Information Security Risk Management
• Location – New York / New Jersey
• Expected full‑time salary range: $180K – $210K + variable compensation + 401(k) match + benefits. Disclosure required by NY/NJ Pay Transparency Law.

The Cyber and Information Risk, Independent Risk Review Lead is responsible for leading the execution of independent reviews of the efficacy of CLS’ Information Security and Data Management programs, including review and challenge of large‑scale risk remediation efforts. The successful candidate will provide review and credible challenge of the effectiveness of information security and data management processes and controls in mitigating key risks to the firm.

This position is highly engaged with the firm‑wide Information Security and Data Management teams and corporate departments that own information security and data management risks.

• Risk Culture – Assist the Head of Technology and Information Risk Management and Head of Enterprise Risk and Operational Risk Management in driving the culture of engagement, teamwork and accountability.
• Lead horizontal reviews of top information security and data management risks, identifying gaps in control coverage and recommending control improvements to address identified gaps.
• Complete thematic reviews of information security and data management operational risk events and associated proposed actions to propose control enhancements that reduce risk of recurrence.
• Work with the Information Security and Data Management teams to review control capabilities against industry standards and lead efforts to strengthen the control environment in line with the evolving threat landscape.
• Review and challenge actions to address gaps, monitor progress of actions, and validate sufficiency of closure evidence.
• Prepare status reports as needed and present to Technology Leadership, Audit, and regulatory bodies as required.

• Review and challenge the sufficiency of planned actions to address identified problems, provide stated benefits, and meet regulatory expectations.
• Review and monitor the progress of actions and validate sufficiency of closure evidence.
• Prepare status reports as needed and present to Technology Leadership, Audit, and regulatory bodies as required.
• Governance – Actively present to various committees and forums to keep management educated on status of independent reviews, challenges to risk remediation efforts, and progress on control improvements.
• Relationship Management – Be a respected point of contact to stakeholders across the business and technology functions in providing credible operational risk coverage for information security and data management risk.
• Policy & Procedures – Review and challenge relevant policies, standards, and procedures related to CLS information security and data management processes.

• Mentorship – Provide guidance and support to junior members of the team.
• Interact with and present to the Federal Reserve Bank of New York in regular continuous monitoring meetings.
• Ability to influence and gain credibility with the business.

• 7+ years of experience building, maintaining, and managing information security and data management risk governance, operations, and risk management functions.
• Broad‑based technology experience at substantial scale and complexity in a global, highly regulated, high‑volume transaction environment. Experience must include time operating within transaction services environments characterized by the need for continuous availability and the highest levels of security.
• Experience developing and managing Enterprise and Operational Risk programs related to information security and data management, including implementing risk and control frameworks in accordance with best practices and Basel requirements.
• Experience leading in a complex matrixed organization, ideally in a global firm with…