Vice President, Security Operation Centre (SOC) in London

About CLS: CLS is the trusted party at the centre of the global FX ecosystem. Utilized by thousands of counterparties, CLS makes FX safer, smoother and more cost effective. Trillions of dollars' worth of currency flows through our systems each day. Created by the market for the market, our unrivalled global settlement infrastructure reduces systemic risk and provides standardization for participants in many of the world's most actively traded currencies. We deliver huge efficiencies and savings for our clients: in fact, our approach to multilateral netting shrinks funding requirements by over 96% on average, so clients can put their capital and resources to better use. CLS products are designed to enable clients to manage risk most effectively across the full FX lifecycle – whether through more efficient processing tools or market intelligence derived from the largest single source of FX executed data available to the market.

Our ambition to make a positive difference starts with our people. Our values – Protect, Improve, Grow – underpin everything that we do at CLS and define and shape a supportive and inclusive working environment in which everyone is encouraged to be open and forward-thinking.

Job information:

• Functional title – VP, Security Operation Centre (SOC)
• Department – IT Security
• Corporate level – Vice President
• Report to – UK Director, Cyber Operations
• Location – London

What you will be doing:

• SME Consultancy: As part of the IT Security team, develop and enrich CLS IT Strategy in consultation with the CLS IT teams, ensuring that all initiatives are mirrored in respective strategies including the overall CLS Strategy. Provide security advice and support for information technology projects as Security Operations Centre subject matter expert (SME). Research new security related products and services to ensure that CLS is equipped with appropriate industry best tools and solutions.
• Security Operations Centre: Subject Matter Expert (SME) for the Security Operations Centre within the Cyber Operations Team. Lead and develop the 24x7 SOC including L1 MSP and 2-3 analysts, threat hunters, and incident responders, with clear progression paths, on-call rotations and shift handovers. Service owner for the L1 MSP including relationship building, ensuring accountability and direct management to align internal expectations with third parties. Practical experience evaluating and integrating AI and ML capabilities into SOC operations, including LLM-assisted triage, alert summarisation, detection engineering and threat intelligence enrichment. Build, develop and maintain SOC procedures, Standard Operating Procedures and other in line documentation to ensure consistency of approach across the team. Work closely with engineering teams to ensure adequate pipelining, log source validation and detection engineering. Set the SOC strategic direction in line with management's expectations and the overarching enterprise security strategy. Establish and report on operational KPI's and SLA's (MTTD, MTTR, False Positive Rates, Coverage Metrics) to leadership. Collaborate with Cyber Threat Intelligence & threat hunting to facilitate threat intelligence lead proactive defence. Facilitate purple team activities, correlate findings and drive key security enhancements. Implement and optimise detection and response workflows in cloud-native/hybrid environments. Monitor, investigate, and triage security alerts from SIEM and cloud native tools. Create and maintain detection rules and playbooks in collaboration with incident response and detection engineering. Support compliance efforts through evidence gathering, control validation, and reporting. Participate in security reviews for existing integrations and new services etc. Investigate and respond to security incidents escalated.
• Regulatory Compliance & Reporting: Ensure incident response efforts and documentation comply with industry standards and best practices (GDPR, SOC, NIST, ISO etc.). Maintain detailed documentation and reporting for audits and compliance reviews.
• Process Improvement & Risk Mitigation: Develop and refine SOC standard operating procedures and playbooks. Conduct root cause analysis and post incident reports to identify areas for improvement. Recommend and implement process improvements to enhance detection, response and recovery capabilities.
• Operational: Operate and maintain controls related to SIEM, DLP, Vulnerability Management, Cyber Threat Intelligence, Endpoint Protection, etc with an emphasis on cloud deployments and implementations. Conduct IT Security risk assessments for all high impact projects, defining security mitigating controls that impact the technology architectures of CLS, service providers, and business partners. Review and update IT Security procedures to reflect best practice and mitigate current and emerging threats. Assigned ownership of IT Security Monitoring and Response related FRB and Internal Audit finding(s) and effective /timely resolution with IT Security. Maintain relationships with third-party IT security vendors and strategic partners.

What we're looking for:

• 'Hands-on' IT Security analysis and engineering experience including securing systems, networks and infrastructure; operational support, including on-call experience.
• Proven experience including combination of intrusion detection, malware analysis, forensics and incident response, particularly in cloud/hybrid environments.
• Extensive knowledge of cloud environments such as AWS & Azure.
• Monitor, tune and develop technical IT Security controls and frameworks to ensure appropriate preparation, monitoring and response to threats.
• Ensure a risk-based approach to IT Security is adopted in every part of the business and solutions.
• Work with members of the IT Security team to help design, implement and maintain security.
• Prepare for, identify (hunt) and remediate cyber threats.
• Operate and maintain IT Security controls related to SIEM, DLP, Vulnerability Management, Cyber Threat Intelligence, Endpoint Protection, etc.
• Deliver IT Security projects from concept, approval, design, and implementation to operation.
• Ability to collaborate effectively with others to drive forward key security objectives.
• Strong documentation and report writing skills (to both technical and business audiences).
• Excellent time management and organizational skills combined with technical IT Security acumen.
• Expert knowledge of Firewalls, TCP/IP, IPS, DLP, proxies, SIEM, & Endpoint Protection software.
• Financial and/or Banking industry experience preferred.

Qualifications / certifications:

• 7+ years' experience in security operations and/or incident response type roles including 2+ years in leadership or team lead role.
• B.S. in a technology discipline (Computer Science, Computer Engineering, Cybersecurity or equivalent); Security certifications such as CISSP and at least one GIAC GCIH, GSEC, GCFA, GCIA, GREM, GCFR or equivalent is preferred.
• Proven track record with SIEM technologies including Splunk with accompanying certifications preferred i.e. Splunk Certified Cybersecurity Defence Analyst.
• Knowledge of incident handling life cycle based on an established framework: ISO 27035, SANS, NIST SP 800-61, CERT, ENISA.
• Experience with security and automation in hybrid native environments.

Our commitment to employees: We are a small company with a big mandate, so every person is essential to our success. We are also committed to employing and retaining the most talented and dedicated people. What makes us interesting goes beyond our competitive salaries and great benefits. Our work environment is designed around quality outcomes, not output. The FX market would cease to function without our services, and we take pride in being responsible for keeping it running smoothly. We are different from other financial institutions in that we have a flatter and more transparent structure with accessible leadership. You will be seen, heard and empowered to develop your career. We are a purpose-driven organization, with an inclusive culture that focuses on doing what is right. The well-being of our people is as important to us as the resilience of our systems. In addition to encouraging our people to 'locate for their day,' we run a range of initiatives that support employees' sense of belonging and physical, emotional and mental well-being.

Our extensive benefits for employees typically include:

• Vacation/annual leave: 25 days in UK/Asia + 3 life days, 23 in US + 3 life days.
• Private medical and dental cover and life insurance.
• Generous pension contributions in the UK and Asia; matching 401(k) in the US.
• Paid volunteer days.
• 'Locate for your day' hybrid working – 2 days a week in office.
• Access to Discover – our learning platform with 1000+ courses from LinkedIn Learning.
• Paid parental leave / Coaching and support services.
• Career development / LinkedIn Learning.
• 'Heads down days' with no meetings on the last Friday of every month.
• Wellbeing / Mental health support.
• Diversity Council / Affinity groups (Women's Forum, Black Employee Network, Pride Network, Parents & Caregivers Network, Sustainability Network).
• Social events.

Awards: The Sunday Times Best Places to Work 2023 & 2024 / Big Company / The Sunday Times Awards. Third place in Britain's Healthiest Workplace 2022 / Medium Company / Vitality Awards.