Job Description

Job Summary

• The Associate Director, Third Party Security Risk (TPSR) role sits within the Third-Party Security Risk team. The Associate Director, TPSR will play a vital role in protecting the Bank through a deployment of robust cyber security controls across the entire supply chain process. The individual will be primary responsible for maintaining and enhancing the Third-Party Security Risk governance framework, elevating the risk assessment methodology to cover both existing and emerging threats and developing comprehensive risk reporting mechanisms. Key responsibilities include process simplification and automation to build scalable and sustainable operations across third party landscape.
• This position reports directly to the Head of Third-Party Security Risk and Purple Team focusing on strategic oversight and implementation of Third-Party cyber security protocol.
• Deep understanding of information and cyber security, Third-Party Risk Management and Supply Chain management is required.
• In addition, the role will work closely with other functions with the Bank to ensure policies and procedures related to Third Party Security Risk are compliant with applicable internal policies, external laws and regulations. The role requires senior stakeholder engagement skills.

Key Responsibilities
Strategy*

• Support implementation of a comprehensive third-party cyber security strategy aligned with the organisation's overall security goals,
• Identify emerging trends, technologies and threats to enhance third-party risk management practices,
• Collaborate with senior leadership to integrate third-party security profile into broader business risk appetite and strategy,
• Lead strategic initiatives to improve the maturity of the third-party security controls.

Business*

• Act as the trusted advisor between the security team and Business Units to ensure alignment of third-party security initiatives with business objectives,
• Support Business in understanding and managing their third-party security landscape,
• Facilitate further integration of third-party security requirements into procurement and vendor management processes,

Processes*

• Ownership of Third-Party Security Risk toolset, including managing business requirements, technology changes and potential transition to new technology solutions,
• Lead the monitoring and reporting of mitigation and remediation actions to track progress against audit and other assessment findings,
• Support proactive third party incident response and built long term collaboration with other Threat Intelligence teams across the organisation,
• Continuously improve processes based on feedback, audits, and evolving security threats,
• Automate and streamline third party risk management processes to ensure efficiency and accuracy.

Risk Management*

• Monitor and evaluate Third Party Security Risk process compliance with global regulatory framework,
• Support and promote a Threat Based Risk Assessment approach,
• Articulate in a timely fashion the project risks and corresponding mitigation and contingency plans,
• Ensure that issues are identified, escalated, and addressed as appropriate.

Governance*

• Develop, document, and maintain process documentation,
• Represent Third Party Security Risk team at various Risk Boards and Committees (including material preparation),
• Enhance and build upon existing reporting mechanisms to properly articulate Bank's third-party security risk profile.

Skills and Experience

• 8+ years of experience in information security, IT auditing, risk management, project management.
• Understanding of auditing standards, compliance, risk assessment and internal control frameworks.
• Ability to foster positive relationships with internal and external stakeholders at appropriate level ensuring open cooperative environment.
• Strong sense of personal ownership and responsibility in accomplishing organisational goals,

Strong time management skills. * Strong stakeholder engagement skills, and ability to interact at all levels across an organisation,
Ability to multitask and ensure that all key priorities are delivered as per agreed timelines. * Knowledge of security frameworks (e.g. COBIT, ISF, COSO), standards (e.g. ISO, NIST, CIS), information security principles, security architecture and regulatory requirements will be a plus,
Project Management certifications is a plus. * Excellent written, oral communication, reporting and presentation skills.
Qualifications
Add relevant qualifications, if required for the role.
About Standard Chartered
We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.
Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.
Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer
In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.

26310