Chief Information Security Officer (CISO)

Chief Information Security Officer (CISO)

Location: London

Salary: Negotiable  

Hybrid Working

About GLAS

GLAS is an international provider of institutional debt administration services, serving lenders, borrowers, issuers, and advisers offering a global platform across Loan Agency and related services, Capital Markets and Restructuring. 

GLAS’ vision is to be recognised as the best-in-class independent, non-creditor, conflict-free provider of institutional debt administration services, enabling global clients and counterparties to achieve successful outcomes on their transactions.  

The business currently comprises c.500 employees who deliver a solution-based, innovative service, ensuring GLAS is the preferred global partner of choice. GLAS has a blue-chip customer base developed over many years; select clients include Apollo, Blackstone, CVC, Deutsche Bank and Goldman Sachs. GLAS has been recognised as the premier independent provider of loan agency and bond trustee services with a portfolio of over $800 billion assets across its global platform. The company is headquartered in London with offices in Paris, Frankfurt, Madrid, New York, New Jersey, Sydney, Melbourne, Brisbane, Singapore, Dubai, Hong Kong, Milan and Rome.

Role Summary

The Chief Information Security Officer (CISO) at GLAS is responsible for leading the global information security strategy, governance, and operations to ensure the confidentiality, integrity, and availability of GLAS systems and data. As a senior executive, the CISO shapes security initiatives aligned with the firm’s cloud-first strategy, regulatory compliance (including ISO 27001 and DORA), and business continuity objectives. The role demands technical acumen, strong leadership, and close collaboration with technology, risk, operations, legal, and executive stakeholders globally.

Key Responsibilities

• Strategic Leadership
  • Own and evolve GLAS’s global Information Security Management System (ISMS) in line with ISO 27001, Cyber Essentials, and DORA requirements
  • Direct global security governance and risk management initiatives, including oversight of security KPIs, KRIs, and CAPA tracking
    
    
    
    
• Security Operations
  • Lead threat detection, prevention, and response, including management of security incidents, red-teaming, phishing simulations, and vulnerability remediation
  • Oversee outsourced SOC operations, SIEM tools, and endpoint protection, including tools such as SentinelOne, Cisco Meraki, and Microsoft Defender
    
    
    
    
    
    
• Compliance and Audit
  • Manage internal and external audits (ISO 27001, ISO 14001, SOC 1) and address audit findings and recommendations
  • Ensure adherence to legal and regulatory cybersecurity standards, especially DORA, by maintaining policies, procedures, and audit trails
    
    
    

• Security Architecture and Risk
  • Evaluate and approve security design for new technologies and third-party services (e.g., SWIFT, SaaS applications)CISO DPO Update end of …GLAS - AUDIT REPPORT - ….
  • Oversee asset classification, secure configurations, and vendor risk assessments

• Training and Awareness
  • Champion security awareness and behavioral change initiatives such as “escape room” training, phishing exercises, and ongoing staff educationC
    
    
    
    
• Business Continuity and Crisis Management
  • Collaborate with the Resilience team and participate in CMT (Crisis Management Team) to ensure alignment between security, DR, and BCP planning

Skills and Experience

• Proven experience as a CISO or senior cybersecurity leader in financial services or regulated environments.
• In-depth knowledge of ISO 27001, NIST, DORA, GDPR, and related frameworks.
• Familiarity with global risk management, business continuity, and cyber resilience practices.
• Strong understanding of enterprise IT, cloud environments (Azure preferred), network security, and identity management.
• Experience managing cross-border teams, external vendors, and regulatory bodies.
• Demonstrated ability to handle complex incidents and lead through crisis situations

Qualifications

• Bachelor’s or Master’s degree in Information Security, Computer Science, or a related field.
• Professional certifications such as CISSP, CISM, CISA, or ISO 27001 Lead Implementer/Auditor.
• Strong leadership, communication, and stakeholder engagement skills.

Benefits

• Competitive base salary + bonus
• 28 days annual leave + bank holidays
• Private medical insurance & pension
• Life insurance
• Employee Assistance Programme (EAP)
• Eye care support
• Gym membership discounts
• Ongoing career development and study support