About Standard Chartered We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base. Make an impact every day with Trust, Data and Resilience (TDR) Our TDR team sits within the Group Operations function and is responsible for mission-critical areas including cyber, information, data, privacy and resilience. These are challenges that impact our clients globally. Our TDR team develops the platforms, drives the processes and builds partnerships to benefit millions of people every day. They thrive in providing solutions to complex issues, devote time and energy to designing new and innovative solutions, and all in an environment that demands being risk-aware, not risk-averse. TDR chooses progress over perfection and aims to always participate with a constructive purpose. The team makes an impact wherever they are based, be it in our offices around the world, our Global Business Solution centres in China, India, Malaysia and Poland, or even from our home. Now you have an opportunity to make a meaningful impact with a diverse and passionate team of creators, innovators and achievers. With us, you'll learn, be inspired, and make an impact every day. The success of our work hinges on how we use the unique diversity of our people to realise the effects we seek to achieve: Always on. Always safe. Always Simple.
The Role Responsibilities Overview: Information and Cyber Security (ICS) is a critical function within the Bank. Business ICS Risk Director is well established role and is instrumental in ensuring business has the ability to meet cyber security commitments to multiple internal and external stakeholders as well as to maintain an appropriate risk profile for the business we conduct. Further, protecting and enabling the bank it is a significant part of the Banks 'Here For Good' vision and brand promise. The need for Business ICS officer capacities within the business has strengthened as Cyber risk management has over time become a principle concern for the bank, our regulators and the communities we operate in. Our success as a Bank is dependent on precisely managing this risk to position and enable Cyber security capabilities for the Bank to meet it's objectives in a timely and secure manner. Given these requirements, there is even greater support from Senior Risk, Technology and Business management for multiple streams of work across the group. The Business ICS Risk Manager reports to the Head of ICS TB. The ICS Risk Director supports the Head of ICS TB for delivering an appropriate level of Risk Management to the Transaction Banking (TM) and CCIB-DCDA portfolio within the Bank. They will liaise with these business streams to ensure that the technology, initiatives and processes used by the TB and DCDA products and operations are deployed and run with an informed, clear, concise and accurate view of their cyber risk. Any identified risk would require a presentation of options or strategy to manage risk. This work is broad and requires identification, measuring and monitoring of risk, trending and assessing adherence to regulations and internal cyber security policy/s and advising teams to execute and implement. This is a group-wide role and services the needs of TB and DCDA business units and operations globally. Additionally, the role is also responsible for engaging with the Cyber Security Services, Security Technology Support teams and TB COO / CIOs / delegates ensuring that the strategic needs of TB and DCDA are known and understood. The candidate will also be responsible for establishing a strong working relationship with second Line risk, Compliance, Legal and Operational Risk regularly engaging on joint issues. The role also requires maintenance of the ICS Risk Frameworks which involves updating risk registers, liaising with the 2LOD (Operations Risk and ICS Risk) to ensure updates are appropriate and compliant. Where non-compliance is identified, the appropriate dispensations and treatment plans require formalization. Duties:
Support Head of ICS TB with TB COO / CIO teams to engage and advise on Information Security issues affecting TB and DCDA
As a delegate of Head of ICS TB, drive security program/projects as per treatment plans agreed as well as advise on major initiatives following secure by design
Build and foster relationships with key stakeholders across TB business and operations. Advise on key risk areas and processes to these business groups and work to reduce their risk exposure
Risk analysis of high profile or high-risk projects / proof of concepts and provide guidance on secure architecture.
Analyse proposed design of security mechanisms and feedback changes to project teams
Highlight potential synergies from common security requirements across projects
Assist both business and technology to develop appropriate architecture strategies and standards in response
Proactively identify risks covering Confidentiality, Integrity and Availability domains and work with appropriate areas to manage and mitigate them
Support the Head of ICS represent the business on Cyber Security matters at product refinement and TB Risk Committees with reports / data and research.
Support the Head of ICS review Group / Business initiative compliance to internal ICS Standards and Procedures.
Asist in resolving risk raised by Audit and Regulators
Identify opportunities for strategic initiatives to effectively and efficiently reduce risk across multiple business units
Take ownership of TB specific Information Security Incidents when necessary / required by Head of ICS TB to ensure investigations are completed appropriately and stakeholders informed. Where necessary ensure improvement, plans are in place to prevent re-occurrence
Skills Requirement: The key skills and experience required for the role can be summarised as:
Extensive exposure and experience in Cyber risk analysis, risk management methodologies, Cyber frameworks and reporting
Developing and delivering cyber security projects/programs involving complex technology using agile project management
Ability to simply and communicate complex technical/cyber subjects effectively to stakeholders across all spectrums of technology and business
Can be fully conversant with the business and be considered a credible, trusted ICS business advisor
Demonstrated ability to build ties with other areas of risk, services and technology and leverage these to solve complex issues.
Can understand business drivers and put risk in the correct and balanced context
Has held a similarly business facing role and used to a multi-cultural environment
Perform BAU tasks reliably with a continuous improvement mindset.
Takes initiative to identify new risk and keep up with the industry
Can demonstrate courage and creativity in a challenging environment and prioritise in a highly dynamic decentralised work environment.
Ensure business strategy is incorporated and represented into the ICS strategy.
Identify changes to plan required in terms of additional components, reprioritisation to anticipate and respond to changes
Learn from the regional and global cyber events and build into strategy to address current and emerging risks
Strong to moderate understanding of Transaction Banking - Cash Management and Trade Finance processes.
SWIFT and local clearing gateways to manage a global payment operations
Emerging thirds party platform and services, API Banking and digital transformation to support business and products.
Identify, assess and develop treatment plans to mitigate the business risks manifesting from ICS. Comply with groups policy and standards
Adopt a threat-led Security Risk assessment to ensure timely and relevant threats are assessed and plans drawn to mitigate.
Apply agile methodology practices and support the business New Ways of Working to prioritise actions required to mitigate the risks.
Drive the adoption control program with CIO and control and services owners. Closely track timeline from the action of treatment plans
Address and adopt response and recover capabilities and assist with cyber crisis management exercises, playbooks etc.
Support the Head ICS Risk in assessing periodic inherent and residual risks, using quantitative and qualitative information
Write risk papers and represent ICS in the technology working groups, refinement meeting for the products
Manage actions coming out of various risk and compliance forums
Assess and co-ordinate the regulatory requirements with regional and country ICS teams
Escalate appropriately to ensure Head ICS Risk is briefed and necessary decisions are made in a timely manner
Regulatory & Business Conduct
Display exemplary conduct and live by the Group's Values, Valued Behaviours, and Code of Conduct
Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the Bank.
Effectively and collaboratively identify, escalate, mitigate, and resolve risk, conduct and compliance matters
Head ICS Risk, TB
Technology Working Groups across TB Products - cash, Trade finance, and Digital channels.
Product Operations - TB and CCIB-DCDA COO
ICS TRP Implementation Programme
Chief Information Security Risk Office and teams
Security Technology Services and Cyber Security Service
Our Ideal Candidate
A degree in Computer Sciences / Engineering / Business Management
At least 8 years of relevant work experience within the Information Security or Risk function, with assessment, treatment plan and governance, ideally gained in the financial industry.
Extensive experience in implementing one of the security frameworks (e.g. NIST, ISO 27001, PCI-DSS) across businesses with global footprint.
In-depth knowledge and exposure to various regulatory requirements across global regulators (e.g. PRA, FCA, MAS, HKMA, RBI, NESA etc.)
Extensive experience within information security or risk function, with assessment, treatment plan and governance, ideally gained in the financial industry
Proven ability to deliver complex cyber security projects/programs, global, pan-bank initiatives by driving collaboration and participation across diverse set of stakeholders
Hands on experience in one or more key technology domains - Identity and Access Management (IAM), Data Protection, Vulnerability Management, Cloud Security, Network security, Security Incident Management etc.
Experience in Cyber Crisis management, Response and Recovery activities etc.
Excellent organisation and leadership skills with ability to manage multiple deadlines and effectively prioritise
Ability to work independently to effect change across the business lines and manage multiple deliverables simultaneously
Ability to execute on strategy with plan to influence senior stakeholders and decision makers to adopt cyber capabilities across their business lines
Strong knowledge of the Transaction banking businesses, markets and operations and relevant policies, procedures, and processes
Possess one or more security certifications such as CISSP, CRISC, PCI-QSA, CSX etc
Apply now to join the Bank for those with big career ambitions.
To view information on our benefits including our flexible working please visit our career pages . We welcome conversations on flexible working.