AVP, Vulnerability Management Specialist

About CLS:

CLS is the trusted party at the centre of the global FX ecosystem.  Utilized by thousands of counterparties, CLS makes FX safer, smoother and more cost effective.  Trillions of dollars’ worth of currency flows through our systems each day. 

Created by the market for the market, our unrivalled global settlement infrastructure reduces systemic risk and provides standardization for participants in many of the world’s most actively traded currencies.  We deliver huge efficiencies and savings for our clients: in fact, our approach to multilateral netting shrinks funding requirements by over 96% on average, so clients can put their capital and resources to better use.

CLS products are designed to enable clients to manage risk most effectively across the full FX lifecycle – whether through more efficient processing tools or market intelligence derived from the largest single source of FX executed data available to the market.

Our ambition to make a positive difference starts with our people.  Our values – Protect, Improve, Grow – underpin everything that we do at CLS and define and shape a supportive and inclusive working environment in which everyone is encouraged to be open and forward-thinking.

Job information:

• Functional title – AVP, Vulnerability Management Specialist
• Department – IT Security
• Corporate level – Assistant Vice President
• Report to – VP, Information Cyber Security
• Location – New York or New Jersey

What you will be doing:

Operational

• As part of the IT Security team, develop and implement CLS IT Strategy in consultation with the CLS IT teams, ensuring that all initiatives are mirrored in respective strategies including the overall CLS Strategy
• Research new security related products and services to ensure that CLS is equipped with appropriate industry best tools and solutions
• Operate controls related to SIEM, DLP, Vulnerability Management, Cyber Threat Intelligence, Endpoint Protection, etc with an emphasis on cloud deployments and implementations. 
• Conduct IT Security risk assessments for all high impact projects, defining security mitigating controls that impact the technology architectures of CLS, service providers, and business partners
• Review and update IT Security procedures to reflect best practice and mitigate current and emerging threats
• Assigned ownership of IT Security Monitoring and Response related FRB and Internal Audit finding(s) and effective /timely resolution with IT Security
• Maintain relationships with third-party IT security vendors and strategic partners

Vulnerability Management:

Vulnerability Management Analyst is responsible for identifying, assessing, and mitigating vulnerabilities in the organization’s IT infrastructure. They conduct regular vulnerability scans, evaluate potential threats, and work closely with IT and security teams to implement effective remediation strategies. This role is crucial in maintaining the organization’s security posture and protecting critical assets from cyber threats 

Qualifications / Knowledge:

1. Virtualized and Cloud platforms experience such as Amazon Web Services, Microsoft Azure or Office 365
2. S. in a technology discipline (Computer Science, Computer Engineering, Cybersecurity or equivalent);
3. Conduct regular vulnerability scans and assessments across the organization’s IT environment using tools like Nessus, Qualys, or Rapid7. These platforms are essential for identifying and prioritizing security weaknesses, providing detailed insights that enable proactive risk reduction.
4. Analyze vulnerabilities and threats, determine their potential impact, and recommend strategies for risk prevention.
5. Coordinate with IT and security teams to prioritize and apply security patches and updates, including managing patch deployments using WSUS, SCCM, or Ansible which are critical for automating and streamlining the update process across large networks, reducing the risk of security breaches, and ensuring compliance with industry standards.
6. Assist in investigating and resolving security incidents, providing expertise on vulnerability exploitation and mitigation.
7. Generate detailed reports on vulnerabilities, their impact, and the status of remediation efforts. Communicate findings to stakeholders.
8. Ensure compliance with relevant security standards, policies, and regulations.
9. Develop and maintain vulnerability management documentation, including policies, procedures, and playbooks, including creating response plans for critical vulnerabilities or emerging threats.
10. Engage in vulnerability management program reviews and continuous improvement initiatives, providing input on enhancements to scanning and reporting processes.

Responsibilities:

Vulnerability Identification:

• Scanning Systems: Use automated tools to perform regular scans on all systems including Networks, Application and endpoints.
• Threat Intel: Stay updated with the latest vulnerability databases (e.g CVE – Common Vulnerability and Exposure) and emerging threats to identify new vulnerabilities that could affect the organization.

Vulnerability Identification:

• Risk Rating: Assign severity ratings to vulnerabilities (e.g. Critical, High, Medium, low) using risk assessment frameworks like CVSS (Common Vulnerability Scoring System)
• Business Impact: Access the potential impact of each vulnerability on the business including the like hood of exploitation, potential data loss and possible operational disruptions.

Vulnerability Remediation:

• Patch Management: Work with IT and development teams to ensure that patches or updates are applied to systems and applications to fix vulnerabilities.
• Configuration Changes: Where applicable, make configuration changes to systems or applications to reduce exposure to Vulnerabilities

What we’re looking for:

• ‘Hands-on’ IT Security Vulnerability Management and engineering experience including securing systems, networks and infrastructure; operational support, including on-call experience
• Proven experience including combination of intrusion detection, malware analysis, forensics and incident response, particularly in cloud/hybrid environments. 
• Working knowledge of cloud environments such as AWS. 
• Monitor, tune and develop technical IT Security controls and frameworks to ensure appropriate preparation, monitoring and response to threats
• Ensure a risk-based approach to IT Security is adopted in every part of the business and solutions
• Work with members of the IT Security team to help design, implement and maintain security
• Prepare for, identify (hunt) and remediate cyber threats
• Operate and maintain IT Security controls related to SIEM, DLP, Vulnerability Management, Cyber Threat Intelligence, Endpoint Protection, etc.
• Deliver IT Security projects from concept, approval, design, and implementation to operation
• Ability to collaborate effectively with others to drive forward key security objectives 
• Strong documentation and report writing skills (to both technical and business audiences)
• Excellent time management and organizational skills combined with technical IT Security acumen
• Expert knowledge of Firewalls, TCP/IP, IPS, DLP, proxies, SIEM, & Endpoint Protection software
• Financial and/or Banking industry experience preferred
   

Qualifications / certifications:

• Virtualized and Cloud platforms experience such as Amazon Web Services, Microsoft Azure or Office 365
• S. in a technology discipline (Computer Science, Computer Engineering, Cybersecurity or equivalent);
• Security certifications such as CISSP and at least one GIAC GSEC, GCED, GCIA, GCIH, GREM, GCFR or equivalent is preferred 
• Knowledge of incident handling life cycle based on an established framework: ISO 27035, SANS, NIST SP 800-61, CERT, ENISA
• Experience with security and automation: Python, Powershell, Windows OS, Linux OS, VMware, Puppet, Chef / Ansible desirable

Our commitment to employees:

At CLS, we celebrate diversity and consider this to be one of our strongest assets. We are committed to fostering an environment in which everyone feels comfortable to be who they are, and inclusion is valued. All employees have access to our inclusive benefits, including:

• Holiday - UK/Asia: 25 holiday days and 3 ‘life days’ (in addition to bank holidays). US: 23 holiday days.
• 2 paid volunteer days so that you can actively support causes within your community that are important to you.
• Generous parental leave policies to ensure you can enjoy valuable time with your family.
• Parental transition coaching programmes and support services.
• Wellbeing and mental health support resources to ensure you are looking after yourself, and able to support others.
• Affinity Groups (including our Women’s Forum, Black Employee Network and Pride Network) in support of our organisational commitment to embrace and always be learning more about DE&I.
• Hybrid working to promote a healthy work/life balance, enabling employees to work collaboratively in the office when needed and work from home when they don’t.
• Active support of flexible working for all employees where possible.
• Monthly ‘Heads Down Days’ with no meetings across the whole company.
• Generous non-contributory pension provision for UK/Asia employees, and 401K match from CLS for US employees.
• Private medical insurance and dental coverage.
• Social events that give you opportunities to meet new people and broaden your network across the organisation.
• Annual flu vaccinations.
• Discounts and savings and cashback across a wide range of categories including health and retail for UK employees.
• Discounted Gym membership – Complete Body Gym Discount/Sweat equity program for US employees.
• All employees have access to Discover – our comprehensive learning platform with 1000+ courses from LinkedIn Learning.
• Access to frequent development sessions on a number of topics to help you be successful and develop your career at CLS.