ICS Risk Manager

Job Description

*About Standard Chartered We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.To us, good performance is about much more than turning a profit. Its about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.Were committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.Purpose

• The RTF is based upon core ICS risk management and industry best practice frameworks and standards. The Technology ICS risk manager will support to drive the adoption and implementation of the framework. This role will require hands on approach to understand, embed and guide the technology delivery teams on the ICS RTF to maximise risk reduction and capability improvement.
• A significant focus of this role will be on establishing the compliance with Country Regulations.
• The role will require to have end-to-end view of all ICS activities with regular risk assessment, tracking, follow up and reporting at the relevant forums.
• The Technology ICS risk manager will provide leadership and strong security risk framework knowledge to mobilise effort and commitment.
• They will maintain highly constructive and effective relationships with senior stake holders from various departments (i.e. Business, Technology, Compliance).
• This is an Individual contributor role is based in Bangalore, India and will need to work closely with the technology delivery teams within the CIO domain collaborating with Business operations/ ICS heads (where required) to holistically address ICS risk.

Core Competencies:

• Executing a robust and efficient plan to rollout ICS RTF by working with key stakeholders including ICS RTF Implementation Programme teams, COOs/CIOs direct teams, Operations, Office of the CISO and Security technology teams. The plan will incorporate risk assessment, definition and implementation of controls as guided by the ICS RTF and tailored to the relevant applications.
• Supporting the Programme / Project Manager ICS in the implementation of the ICS Risk framework including working with stakeholders to identify, assess and rate the information assets, build out the risk profile per the framework, initiate risk assessments and put together treatment plans
• Use qualitative and quantitative data sources to validate Key Control Domains (KCD) and associated controls, accelerate risk assessment process, validate business risk profile and develop action plans to remediate to bring ICS risk back into appetite.
• Representing Global Banking, Commercial Banking, Client Enablement & Corporate Finance and Lending in various meetings and also provide the ICS related information for any regulatory submissions, as applicable.
• Interfacing with the group business heads to assist with sharing of risk profiles, advising on cyber risk issues and addressing areas of concern in forums like Business NFRCs.
• Interfacing with Technology forums (CIO Risk Forums) to ensure security technologies are being adopted with input from business and be actively involved in the roadmap for adoption of these technologies by aligning with business inputs and priorities.
• Adapting to emerging and horizon risks and address issues to maximize outcomes. Urgent and timely action for risks and issues which adversely impact cyber risk profiles
• Re-planning and prioritising as required to maximise impact of risk reduction initiatives and projects
• Coordinating and planning for cyber crisis management exercises, build response and recovery capabilities, workarounds, ensure up to date playbooks etc.

Domain Knowledge & Skills

• Solid hands on experience working across multiple security frameworks (e.g. NIST, ISO 27001, PCI-DSS) and clear understanding and exposure to Technology platform requirements.
• Hands on experience in one or more key technology domains Identity and Access Management (IAM), Data Protection, Vulnerability and Compliance Management, Cloud Security, Network security, Security Incident Management etc.
• Extensive experience within information security or risk function, with assessment, treatment plan and governance, ideally gained in the financial industry
• Experience in Cyber Crisis management, Response and Recovery activities etc.
• Excellent organisation and leadership skills with ability to manage multiple deadlines and effectively prioritise
• Ability to work independently to effect change across the business lines and manage multiple deliverables simultaneously
• Ability to execute on strategy with plan to influence senior stakeholders and decision makers to adopt cyber capabilities across their business lines
• Ability to foster positive relationships with internal and external stakeholders at appropriate level ensuring open cooperative environment
• Stakeholder management, Negotiation skills, Conflict management, Decision-making and Team work
• Possess one or more security certifications such as CISSP, CISA, CISM, CRISC, PCI-QSA, CSX etc.

StrategySupport effective prioritisation and application of industry best practice with feedback into the ICS RTF and technology/Operations riskIdentify changes to plan required in terms of additional components, reprioritisation to anticipate and respond to changesLearn from the recent regional and global cyber events and see fitment into strategy to address current and emerging risks GovernanceSupport the Programme / Project Manager ICS on running periodic working groups and ensuring proper rollout of the ICS RTFManage actions coming out of various risk and compliance forums/Regulatory bodies.Establish and maintain working groups to progress the framework roll out.Escalate appropriately to ensure Programme Manager ICS and Head ICS Risk are briefed and necessary decisions are made in a timely mannerRisk ManagementSupport the rollout of the ICS RTF professionally and efficiently, closely tracking timeline commitments for provision of information and action plans, and for validation of actions takenEnsure adoption of security tooling and capability to address ICS risk tactically and strategicallyAddress and adopt response and recover capabilities and assist with cyber crisis management exercises, playbooks etc.Regulatory and Business ConductDisplay exemplary conduct and live by the Groups Values, Valued Behaviours, and Code of ConductTake personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the Bank.Effectively and collaboratively identify, escalate, mitigate, and resolve risk, conduct and compliance matters.Key StakeholdersProgramme and Project Managers ICS related projectsHead ICS Risk - GB, CB, CE&CF and LendingCIO and Technology streams - GB, CB, CE&CF and LendingCOO office and Teams - GB, CB, CE&CF and LendingICS RTF TeamsChief Information Security Office and teamsSecurity Technology Services teamsOperational RiskCompliance RiskOther ResponsibilitiesKeep abreast of any new developments in the ICS risk frameworks globally, participate in industry and external discussions,

Keyskills :
riskmanagement customerrelations securityrisk cloudsecurity tatementsofw ksow netw ksecurity