Job Description

Role Responsibilities

The Information and Cyber Security (\xe2\x80\x9cICS\xe2\x80\x9d) function aims to improve the Bank\xe2\x80\x99s cyber framework/controls, cyber security services and products and continuously improve the Bank\xe2\x80\x99s cyber security posture in today\xe2\x80\x99s ever evolving cyber security landscape. This role will support the ICS risk reduction agenda in the TTO function.

The key deliverables of the role are:

Lead risk mitigation and remediation in TTO in line with the ICS agenda.

Interface with respective Business / Function / Region / Country for effective implementation.

Understand in the respective function specific requirements including regulatory driven requirements. Support the management of these requirements within risk appetite.

Support the operational delivery, controls, and governance of the ICS agenda. Face off to the ICS subject matter experts in Group Business lines.

Support the respective Function Heads to manage ICS risk including in Non-Financial Risk Committees.

Strategy*

Identify and independently drive strategic change initiatives to deliver on the ICS agenda with a forward-looking view.

Develop insightful strategies for engaging business on information security matters, ensure investments are prioritised and funding is approved.

Support delivery of the Bank\xe2\x80\x99s enterprise wide risk management plan and strategy.

Work with application development organisations to assist in the development of strategies and plans for improving both Architecture and application security.

Business*

Ensure ICS risks in the function are proactively managed and effectively controlled, mitigated and remediated with senior stakeholder\xe2\x80\x99s support and buy-in, in line with Group, Region, Country, Business/Function risk appetite and regulatory driven requirements.

Establish priorities in partnership with the COOs and take responsibility for resolving security issues.

Ensure that the management of ICS risk is effective and operating efficiently in the respective business / function / region

Drive security culture/awareness and help improve readiness for a cyber event.

Ensure information risks are identified, assessed, mitigated and controlled.

Ensure Critical Information Assets are identified and graded appropriately. Monitor changes in the risk profile of the highly critical systems.

Work with IT to validate the resilience of data and IT systems.

Support Group initiatives ensuring the respective business / function / region needs are represented effectively.

Face off to the ICS subject matter experts in Group Business lines.

Processes*

Drive the continuous improvement of practices.

Agree and drive the implementation of the ICS agenda for the function by working with the respective Function Heads, Region / Country Management Team, COO/CIO teams, ISOs and senior TTO leadership.

Lead ICS risk remediation initiatives and activities including incident responses, crisis exercises, risk assessments, stress testing, regulator engagement.

People & Talent*

Maintain strong stakeholder engagement and serve as the business-facing lead with Group, Regional and Country IT, Business/Function, COO, ISOs, Risk & Control stakeholders to bring alignment across stakeholder groups in conjunction with ICS risk management.

Collaborate with Corporate Communications, threat intelligence and other functions to lead and coordinate the information security change management effort around branding, communications, staff awareness and training.

Maintain relationships with key service and product owners within Cyber Security to keep abreast of changes that may affect the risk landscape.

Engage external agencies / third parties to understand the threat environment and reported events; assess impact for the respective business / function / region.

Risk Management*

Drive compliance with Group policies standards, and local regulatory requirements.

Work closely with CISRO, ISO, Business, CIOs and COOs to provide oversight, governance and monitoring, and work with various delivery owners to embed the ICS RTF.

Understand and assess the impact of changes in the policy or procedures on the respective business / function / region and engage with the respective business / function / region Heads to ensure the impact is understood.

Recommend additions/enhancements/changes to the ICS policy, procedures and RTF.

Governance*

Monitor ICS risk profile and posture and report any non-compliance to senior management or governance committees.

Participate and represent the respective business / function / region in Risk Committees, ICS working groups, Programme Steer Cos etc. to provide updates and influence positive outcomes for the Business/Function/Region/Country.

Validate the accuracy and consistency of KRIs, KCIs and other risk ratings/assessments, as well as process designs using available MI.

Support the Third-Party Security Assessment team during 3rd party reviews.

Help design and embed ICS RTF controls in ORF across the respective business / function / region

Regulatory & Business Conduct*

Display exemplary conduct and live by the .

Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.

Lead the TTO team to achieve the outcomes set out in the Bank\xe2\x80\x99s Conduct Principles

Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key stakeholders*

Head of CISO Markets & Functions

TTO CISO

Group Functions CISO

Regional CISOs

TTO and ET MT

TTO and ET CIO

ET Project Implementation teams

TTO Chief Operating Officers

Cyber Security MT

Other Responsibilities*

Embed Here for good and Group\xe2\x80\x99s brand and values in TTO; Perform other responsibilities assigned under Group, Country, Business or Functional policies and procedures

Qualifications*

Training, licenses, memberships and certifications

Degree in Engineering, Computer Science/Information Technology or its equivalent.

Experience in Information Security in Banking and Financial services.

One or more of the following certifications will be preferred:

o Certified Information Security Manager (CISM)

o Certified Information Systems Security Professional (CISSP)

o SANS Global Information Assurance Certifications (GIAC)

o Certified in Risk & Information Systems Control (CRISC)

o Certified Information Systems Auditor (CISA)

Strong knowledge of ICS products and operations will be preferred.

Strong knowledge of cyber security frameworks, information security principles, architecture, and cryptography.

Exposure or hands-on experience in infrastructure / web application penetration testing and vulnerability assessments is preferred.

Ability to articulate gross and residual risk with specific ability to clearly, concisely and accurately communicate complex technology and process risk to non-technical stakeholders in a lucid way.

Strong interpersonal and stakeholder management skills, across various levels in the organization including senior leadership teams, in influencing key decisions taken in the business and in support teams.

Strong communication skills \xe2\x80\x93 oral, written and presentation. Sound knowledge of MS-Excel, PPT, and Word.

Must be a self-starter who is able to initiate and successfully drive programs and projects to completion with little or no management supervision.

Strong analytical skills and ability to prioritise, make decisions, and work to tight timeframes.

Strong business acumen and deep knowledge and experience in the ICS field.

Proven ability to lead highly complex, global activities through influence and credibility rather than command and control.

Ability to both assess strategic priorities and to focus on detailed aspects of a function in order to drive effective delivery.

Strong integrity, independence and resilience.

Role Specific Technical Competencies

• Spot Opportunities

Solve Problems
Take the Lead
Build Resilience
Collaborate
Communicate
Deliver Sustainably
Achieve Results

About Standard Chartered

We\'re an international bank, nimble enough to act, big enough for impact. For more than 160 years, we\'ve worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you\'re looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can\'t wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you\'ll see how we value difference and advocate inclusion. Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations
• Time-off including annual, parental/maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with with minimum global standards for annual and public holiday, which is combined to 30 days minimum
• Flexible working options based around home and office locations, with flexible working patterns
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.
• Recruitment assessments - some of our roles use assessments to help us understand how suitable you are for the role you\'ve applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.

Visit our careers website

Standard Chartered