About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It’s about showing how you embody our valued behaviours – do the right thing, better together and never settle – as well as our brand promise, Here for good.
We’re committed to promoting equality in the workplace and creating an inclusive and flexible culture – one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
Within the Chief Information Security Office (“CISO”), the Information and Cyber Security (“ICS”) Business teams are responsible for ensuring information and cyber security assessment and risk mitigation plans are in place for Business lines, Functions and Regions.
The role needs to provide Group level thought leadership for Information and Cyber Security risk mitigation activities including technology architecture, third party software, cloud services, cyber threat modelling, cyber controls and resilience. The role needs to establish a mature, simple and effective first line business-as-usual operating model which facilitates information & cyber security risk reduction. The role will support the Head of ICS Operations and the coverage teams to enhance the risk assessment and risk treatment plans.
Key responsibilities include:
Cybersecurity Risk Group Assessment & Investment Planning
• Establish standardised process and procedures for all ICS processes.
• Monitoring and communicate emerging merging risks
• Monitoring and communicate emerging threats
• Group risk profile, understand risks and threats and prioritisation/tracking of treatment plans
• Product ownership of policy and business mapping for risk and controls across businesses within business Control Library.
• Policy review/challenge and process definition for embedding in businesses.
• Application of best in practice external/industry frameworks.
• Agile change mindset to enable continuous improvement.
• Technology & data security regulations for (MAS, HKMA, PRA, FCA, FED)
• Technology risk frameworks (COBIT, ITIL, NIST, ISO27001)
• Ensure effective prioritisation and application of best practice
• Identify changes to plan required in terms of additional components, reprioritisation to anticipate and respond to changes
• Establish process to assess and monitor efficiency of cost and timeliness of risk treatment plans
• Membership of external cybersecurity industry forums
• Representation on industry consultation forums (Mitre, NIST, FS ISAC, etc)
• Manage risk communication with primary ICS Regulators (PRA, FCA, HKMA, MAS)
• Support client marketing and engagement with though-leadership
• Prepare industry whitepapers and research for external stakeholders
Asset Identification & Classification
• Annual Identification of assets and classification process.
• Ensure application of policy and testing to ensure priority assets are identified.
• Quality assurance and challenge of annual review.
Risk Treatment Plan
• Develop ICS risk and control strategy for ICS Operations aligned to Group CISO and Businesses strategy.
• Coordinate control strategy, working with control owners and Group CISO to communicate the priorities and sequencing for the priority risks.
• ICS Policy Assessment and Feedback.
• Remediation utility for key controls.
• Remediation of critical controls.
Governance & Communication:
• Establish ongoing governance for Group risk profile across three lines of defence.
• Govern process for ensuring quality and standardisation within ICS business teams.
• Establish process to prioritise and communicate investment priorities at Group level with the control service providers.
• Establish forum to coordinate across businesses to enable best practice.
People and Talent
• Lead through example and build the appropriate culture and values. Set appropriate tone and expectations across the Programme and work in collaboration with risk and control partners
• Management of risk remediation hub resources
• Display exemplary conduct and live by the Group’s Values, Valued Behaviours, and Code of Conduct
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the Bank
• Effectively and collaboratively identify, escalate, mitigate, and resolve risk, conduct and compliance matters
• Group Chief Information Security Officer (“CISO”) and leadership team
• Group Chief Information Security Risk Officer (“CISRO”) and leadership team
• Group Information Security & Risk Officer Head of Policy & Risk, CISRO
• Group COO & Group CIO
• Business Heads of Information & Cyber Security
• Function Heads of Information & Cyber Security
• Country Heads of Information & Cyber Security
• Group Internal Audit
• University degree
• At least 10 years of IT security and risk experience in the banking environment, with significant experience in IT Security strategy development and execution, stakeholder relationship management, and team management.
• Recognised qualifications/certifications in ICS
• Professional Information & Cyber Security certification (such as CIA, CISA, CISSP, or CISM) desirable
Apply now to join the Bank for those with big career ambitions.
To view information on our benefits including our flexible working please visit our career pages . We welcome conversations on flexible working.