About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It%26#39;s about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We%26#39;re committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.The Role ResponsibilitiesMake an impact every day with Trust, Data and Resilience (TDR)
Our TDR team sits within the Group Operations function and is responsible for mission-critical areas including cyber, information, data, privacy and resilience. These are challenges that impact our clients globally. Our TDR team develops the platforms, drives the processes and builds partnerships to benefit millions of people every day. They thrive in providing solutions to complex issues, devote time and energy to designing new and innovative solutions, and all in an environment that demands being risk-aware, not risk-averse. TDR chooses progress over perfection and aims to always participate with a constructive purpose. The team makes an impact wherever they are based, be it in our offices around the world, our Global Business Solution centres in China, India, Malaysia and Poland, or even from our home.
Now you have an opportunity to make a meaningful impact with a diverse and passionate team of creators, innovators and achievers. With us, you%26rsquo;ll learn, be inspired, and make an impact every day. The success of our work hinges on how we use the unique diversity of our people to realise the effects we seek to achieve: Always on. Always safe. Always Simple.
Information and Cyber Security (%26ldquo;ICS%26rdquo;) aims to improve the Bank%26rsquo;s cyber framework/controls, cyber security services and products, and remediate and continuously improve Bank%26rsquo;s cyber security posture in today%26rsquo;s ever evolving cyber security landscape. The key deliverables of the role are:
- Lead Information and Cyber Security (%26ldquo;ICS%26rdquo;) in the respective business / function / region.
- Lead risk mitigation and remediation in the respective business / function / region in line with the ICS agenda.
- Interface with respective Group Business, Function and / or Country for effective implementation.
- Understand in the respective business / function / region specific requirements including regulatory driven requirements. Support the management of these requirements within risk appetite.
- Provide leadership over the operational delivery, controls, and governance of the ICS agenda. Face off to the Group ICS subject matter experts in Group Business lines.
- Support in the respective business / function / region Heads to manage ICS risk including in Non-Financial Risk Committees.
- Identify and independently drive strategic change initiatives to deliver on the ICS agenda with a forward-looking view.
- Develop insightful strategies for engaging business on information security matters, ensure investments are prioritized and funding is approved.
- Support delivery of the Bank%26rsquo;s enterprise wide risk management plan and strategy.
- Work with application development organizations to assist in the development of strategies and plans for improving both architecture and application security.
- Ensure ICS risks in the respective business / function / region are proactively managed and effectively controlled, mitigated and remediated with senior stakeholder%26rsquo;s support and buy-in, in line with Group, Region, Country, Business / Function risk appetite and regulatory driven requirements.
- Establish priorities in partnership with the COO function and take responsibility for resolving security issues.
- Ensure that the management of ICS risk is effective and operating efficiently in the respective business / function / region
- Drive security culture / awareness and help improve readiness for a cyber event.
- Ensure information risks are identified, assessed, mitigated and controlled.
- Ensure Critical Information Assets are identified and graded appropriately. Monitor changes in the risk profile of the highly critical systems.
- Work with IT to validate the resilience of data and IT systems.
- Support Group initiatives ensuring the respective business / function / region needs are represented effectively.
People and Talent:
- Drive the continuous improvement of practices.
- Agree and drive the implementation of the ICS agenda for the respective business / function / region by working with the respective Business / Function Heads, Region / Country Management Team, COO/CIO teams, ISOs, and senior T%26amp;I leadership.
- Lead ICS risk remediation initiatives and activities including incident responses, crisis exercises, risk assessments, stress testing, regulator engagement.
- Drive the implementation of the ICS in the respective business / function / region with a focus on key countries. The plan will incorporate digital footprint discovery, threat / risk assessment, definition and implementation of controls.
- Maintain strong stakeholder engagement and serve as the business-facing lead with Group, Regional and Country IT, Business / Function, COO, ISOs, Risk %26amp; Control stakeholders to bring alignment across stakeholder groups in conjunction with ICS risk management.
- Collaborate with Corporate Communications, threat intelligence and other functions to lead and coordinate the information security change management effort around branding, communications, staff awareness and training.
- Maintain relationships with key service and product owners within Security Technology Services / Cyber Security Services to keep abreast of changes that may affect the risk landscape.
- Help to interpret and translate the ICS requirements of the ICS programmes into technical requirements when needed.
- Engage external agencies / third parties to understand the threat environment and reported events; assess impact for the respective business / function / region.
- Drive compliance with Group policies standards, and local regulatory requirements.
- Work closely with CISRO, Regional ISO, Country ISO, Head of ICS Governance, TISO, Business and COOs to provide oversight, governance and monitoring.
- Understand and assess the impact of changes in the policy or procedures on the respective business / function / region and engage with the respective business / function / region Heads to ensure the impact is understood.
- Recommend additions/enhancements/changes to the ICS policy, procedures, and RTF.
Regulatory %26amp; Business Conduct:
- Monitor ICS risk profile and posture and report any non-compliance to senior management or governance committees.
- Participate and represent the respective business / function / region in Risk Committees, ICS working groups, Programme Steer Committees, etc. to provide updates and influence positive outcomes for the Business/Function/Region/Country.
- Validate the accuracy and consistency of KRIs, KCIs and other risk ratings/assessments, as well as process designs using available MI.
- Support the Third-Party Security Assessment team during 3rd party reviews.
- Help design and embed ICS controls in ORF across the respective business / function / region.
- Display exemplary conduct and live by the Group%26rsquo;s Values and Code of Conduct.
- Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
- Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
- Engage key stakeholders including Legal and Compliance on interpreting local laws and regulations pertaining to information security.
- Degree in Engineering, Computer Science/Information Technology or its equivalent.
- Experience in Information Security in Banking and Financial services.
- One or more of the following certifications will be preferred:
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- SANS Global Information Assurance Certifications (GIAC)
- Certified in Risk %26amp; Information Systems Control (CRISC)
- Certified Information Systems Auditor (CISA)
- Strong knowledge of ICS products and operations will be preferred.
- Strong knowledge of cyber security frameworks, information security principles and architecture.
- Knowledge of Business Resilience, IT Service Resilience, Operational Resilience and Third-Party Resilience would be an advantage.
- Ability to articulate gross and residual risk with specific ability to clearly, concisely and accurately communicate complex technology and process risk to non-technical stakeholders in a lucid way.
- Strong interpersonal and stakeholder management skills, across various levels in the organisation including senior leadership teams, in influencing key decisions taken in the business and in support teams.
- Strong communication skills %26ndash; oral, written and presentation. Sound knowledge of Microsoft Excel, PowerPoint, and Word.
- Must be a self-starter who is able to initiate and successfully drive programs and projects to completion with little or no management supervision.
- Strong analytical skills and ability to prioritise, make decisions, and work to tight timeframes.
- Strong business acumen and deep knowledge and experience in the ICS field.
- Proven ability to lead highly complex, global activities through influence and credibility rather than command and control.
- Ability to both assess strategic priorities and to focus on detailed aspects of a function in order to drive effective delivery.
- Strong integrity, independence and resilience.
Apply now to join the Bank for those with big career ambitions.
To view information on our benefits including our flexible working please visit our . We welcome conversations on flexible working.