Head of Cyber Threat Intelligence

About CLS

CLS is the trusted party at the centre of the global FX ecosystem. Utilized by thousands of counterparties, CLS makes FX safer, smoother and more cost effective. Trillions of dollars’ worth of currency flows through our systems each day.

Created by the market for the market, our unrivalled global settlement infrastructure reduces systemic risk and provides standardization for participants in many of the world’s most actively traded currencies. We deliver huge efficiencies and savings for our clients: in fact, our approach to multilateral netting shrinks funding requirements by over 96% on average, so clients can put their capital and resources to better use.

CLS products are designed to enable clients to manage risk most effectively across the full FX lifecycle – whether through more efficient processing tools or market intelligence derived from the largest single source of FX executed data available to the market.

Our ambition to make a positive difference starts with our people. Our values – Protect, Improve, Grow – underpin everything that we do at CLS and define and shape a supportive and inclusive working environment in which everyone is encouraged to be open and forward-thinking.

Job purpose

The Head of Cyber Threat Intelligence (CTI) is the primary security leader focused on effective end-to-end management and communication of the largest cyber threats to CLS Bank and the FX ecosystem. This role ensures that cyber threats are continuously evaluated for risk and impact to CLS Bank, its membership, third parties, infrastructure, and wider ecosystem.

The Head of Cyber Threat Intelligence will act as primary liaison to threat sharing forums, government agencies and industry partners to collect, share, analyze, and interpret security threats to determine the relevance and potential impact to CLS. Using threat insight gained through these channels and other sources, the CTI function will provide contextualized and actionable intelligence that informs CLS risk appetite, strategic security priorities, security assessment scope, and preventive and detective operational controls.

The role requires maintaining an understanding of security threats relevant to CLS business operations to inform the assessment of cyber risks and integrate cyber threat intelligence into all aspects of our security program.

Leadership

  • Threat Management – Maintain and communicate top 5 threats and top 5 vulnerabilities to the company, providing actionable intelligence for security operations and cyber resilience management.
  • Threat Hunting – Generate threat intelligence that informs proactive threat hunting efforts to identify advanced and persistent threats that may not be detected by traditional security measures.
  • Stakeholder Engagement – Build and maintain relationships with senior executives, board members, and other key stakeholders to ensure support for CTI initiatives.
  • External Collaboration – Establish partnerships and collaborations with external organizations, such as threat sharing forums, government agencies and industry partners.
  • Strategic Reporting – Provide strategic threat intelligence reports and briefings to senior management and the board to inform decision-making.

Strategic

  • Strategic Leadership – Provide strategic direction for the organization’s CTI program, aligning it with the overall cybersecurity and business goals.
  • Program Development – Develop and enhance the organization’s CTI program, including the establishment of advanced processes and methodologies.
  • Research and Development – Drive research and development efforts to create innovative tools and techniques for CTI analysis and threat mitigation.

Operational

  • Team Management – Oversee and manage a team of CTI analysts, including recruitment, training, and performance evaluation.
  • Integration with Security Operations – Collaborate closely with the Security Operations / SOC to ensure effective threat detection and response processes.
  • Crisis Management – Provide CTI awareness and actionable intelligence in support of major cybersecurity incidents and coordination of efforts to contain and recover from such incidents.
  • Vendor Management – Evaluate and manage relationships with third-party threat intelligence vendors and service providers.
  • Continuous Evaluation – Stay current with the latest cybersecurity threats and trends. Share knowledge with the CTI team and other cybersecurity professionals.
  • Continuous Learning – Ensure CTI program maintains continuous lessons learnt processes with all security functions and specific technology functions to ensure 360 feedback and improvement both to CTI and other areas.
  • Policy and Standards – Develop and update cybersecurity policies, standards and procedures based on evolving threat intelligence.
  • Budget Management – Advise CISO on budgetary requirement for CTI activities, ensuring cost-effective utilization of resources.
  • Regulatory Compliance – Ensure compliance with relevant cybersecurity regulations and standards and proactively adapt to new compliance requirements.
  • Mentorship – Mentor junior CTI staff and contribute to their professional development.

Knowledge, skills and abilities

  • A minimum of 15 years of information security experience with at least 10 years of experience with all-source cyber intelligence and analysis
  • Experience with collecting, analyzing, and interpreting qualitative and quantitative data from multiple sources.
  • Experience with cyber intelligence, computer network operations, information operations, information warfare, or cyber security topics
  • Ability to communicate intelligence and analysis of cyber threats in various forms (written production; briefings) for a senior level audience.
  • Knowledge of current hacking techniques, vulnerability disclosures, data breach incidents, and security analysis techniques
  • Familiarity with link-analysis methods and software (e.g., Maltego, Analyst Notebook)
  • Ability to develop specific expertise, discern patterns of complex threat actor behavior, and communicate an understanding of current and developing cyber threats.
  • Can apply a variety of cyber-related analytic models to identify, track and support analysis of cyber threat actors and events. Examples of these techniques include, but are not limited to Use of the Diamond Model, Kill Chain Methodology, F3EAD, MITRE ATT&CK Framework
  • Considerable working knowledge in one or more of the following topics APT, Cybercriminals, financially motivated cyber groups, Hacktivism, DDoS attack methods, malware variants, Mobile and Emerging Threats, Social Engineering, Insider Threats
  • Monitor, tune and develop technical IT Security controls and frameworks to ensure appropriate preparation, monitoring and response to threats.
  • Broad network and technology awareness, with the ability to convey complex or technical topics in a clear and concise manner.
  • Understanding of foundational principles of intelligence and incident response
  • Ability to collaborate effectively with others to drive forward key security objectives.
  • Strong documentation and report writing skills (to both technical and business audiences)
  • Excellent time management and organizational skills combined with technical IT Security acumen.
  • Financial and/or Banking industry experience preferred.

Qualifications / certifications

  • Active TS/SCI clearance desired.
  • Knowledge of the intelligence community, US Government, and federal cyber centers.
  • S. in a technology discipline (Computer Science, Computer Engineering, Cybersecurity or equivalent)
  • Industry recognized security qualification in cybersecurity (e.g. GCTI, GCFE, GCHI or equivalent)
  • Industry recognized security qualification as a general security practitioner (e.g. CISSP, GSEC, GCED or equivalent)
  • Knowledge of incident handling life cycle based on an established framework: ISO 27035, SANS, NIST SP 800-61, CERT, ENISA
  • A relevant advanced degree would enhance the candidate’s credentials
Expected full-time salary range between $230,000 – $290,000 + variable compensation + 401(k) match + benefits.
*Note: Disclosure as required by NY Pay Transparency Law of the expected salary compensation range for this role

Our commitment to employees

At CLS, we celebrate diversity and consider this to be one of our strongest assets. We are committed to fostering an environment in which everyone feels comfortable to be who they are, and inclusion is valued. All employees have access to our inclusive benefits, including:

  • Holiday – UK/Asia: 25 holiday days and 3 ‘life days’ (in addition to bank holidays). US: 23 holiday days.
  • 2 paid volunteer days so that you can actively support causes within your community that are important to you.
  • Generous parental leave policies to ensure you can enjoy valuable time with your family.
  • Parental transition coaching programmes and support services.
  • Wellbeing and mental health support resources to ensure you are looking after yourself, and able to support others.
  • Affinity Groups (including our Women’s Forum, Black Employee Network and Pride Network) in support of our organisational commitment to embrace and always be learning more about DE&I.
  • Hybrid working to promote a healthy work/life balance, enabling employees to work collaboratively in the office when needed and work from home when they don’t.
  • Active support of flexible working for all employees where possible.
  • Monthly ‘Heads Down Days’ with no meetings across the whole company.
  • Generous non-contributory pension provision for UK/Asia employees, and 401K match from CLS for US employees.
  • Private medical insurance and dental coverage.
  • Social events that give you opportunities to meet new people and broaden your network across the organisation.
  • Annual flu vaccinations.
  • Discounts and savings and cashback across a wide range of categories including health and retail for UK employees.
  • Discounted Gym membership – Complete Body Gym Discount/Sweat equity program for US employees.
  • All employees have access to Discover – our comprehensive learning platform with 1000+ courses from LinkedIn Learning.
  • Access to frequent development sessions on a number of topics to help you be successful and develop your career at CLS.

More Information

Apply for this job
Share this job

13th Anniversary Global InfoSec Awards for 2025 now open for super early bird packages! Winners Announced during RSAC 2025...

X