Information and Cyber Security Risk Manager

Job Description

RESPONSIBILITIESThe Information and Cyber Security [ICS] Policy Framework is the core component within the Group ICS Risk Type Framework in protecting and ensuring the resilience of Standard Chartered Bank s data and IT systems by managing ICS risk across the enterprise.The ICS Policy is as a critical function it reports into the Global Head of Information & Cyber Security Governance, Policy & Risk. This function sits within the Office of the CISRO which serves as the second line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Type Framework [RTF] and for instilling a culture of cyber security within the Bank. The ICS Policy function is responsible for ensuring that the ICS Policy is, at all times valid, relevant and effective together with the ICS Standards that support the Policy.StrategyThe Senior Information Security Officer is a permanent role that requires a good understanding and knowledge of ICS risk governance, frameworks, policies, standards, and procedures. The successful candidate will be able to understand the requirements of an ICS Policy framework and will be able to respond knowledgably to evolving business, regulatory and threat requirements. As part of the ICS Policy Framework we are required to have a thorough understanding of the Regulatory environment within the jurisdictions in which the Group operates. Legal, Regulatory and Mandatory requirements need to be aligned to the ICS Policy Framework in order for the Group to ensure it is compliant with the relevant requirements.BusinessThe primary purpose of this position is to ensure that all Legal, Regulatory and Mandatory [LRM] requirements are understood and that applicable requirements are mapped to the Policy Framework, any gaps assessed and treated so that identified risks are appropriately managed.The successful candidate will work closely with the Head of ICS Policy as well as engaging with other key stakeholders across the bank including Security Operations, in-country Heads of Information and Cyber Security, Technology and Innovation [T&I] and will input into various Group and Country risk committees and forums.ProcessesPolicy Management:Provide support and clarity to customers and users of the Information and Cyber Security Policy framework answering complex related questions and challenges as they arise.Ensure that all applicable regulatory requirements for critical and non-critical countries are mapped to the ICS Policy framework.Identify and align key industry standards to the ICS Policy framework.Provide detailed gap analysis and metrics of potential breaks in Policy to be managed.Provide and support innovative solutions for the communication of compliance to Policy and LRM.People and Talent:Lead through example and build the appropriate culture and values locally.Collaborate with the wider CISRO team and share knowledge where relevant.Risk Management:Review and assimilate the Information & Cyber Security Risk Type Framework, including its key domains, controls and key roles and responsibilities.Assess and apply the ICS RTF within a complex business environment, adopting the Group s key principles to review, monitor, guide and challenge business areas in the adoption of key practices.Demonstrate and utilise depth of knowledge and capability, relating own subject matter expertise to support the implementation of the ICS RTF.Governance :Ensure the ICS Policy Framework is appropriately aligned to the LRM environment as required as part of the delivery of the ICS Risk Type Framework.Ensure that key Industry standards are incorporated and aligned to the ICS Policy Framework [i.e. NIST 800, ISO27001, FIPS-140-2, PCI-DSS, SWIFT]Support the creation of reports as required relating to the management of information and cyber security risk in the bankRegulatory & Business Conduct Display exemplary conduct and live by the Groups Values and Code of Conduct.Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.Key StakeholdersSenior Managers within the Security Technology Services and wider T&I teamsGlobal Process OwnersInformation Security & Risk OfficersInformation and Cyber Security OfficersWider Governance, Policy and Risk TeamKey Business Stakeholders including: All Business and Function COOsIn-Country Operational Risk Information Security & CyberOther ResponsibilitiesEmbed Here for Good and Group s brand and values in the Group CISRO team.Perform other responsibilities assigned under Group, Country, Business or Functional policies and procedures.QUALIFICATIONS:Bachelor degree or above from an accredited college/university in an appropriate field.Strong communication skills in EnglishAt least 6+ years of experience in Information Security / IT auditing, with Big 4 and/or Banking & Financial services experience including the following:1. Information and Cyber Security policy, procedure, standards development, documentation,2. Information and Cyber Security policy communication3. Base understanding of information security risk business alignment, risk framework, risk management process e.g. risk definition, risk tolerance, reporting metric, set up risk controls, risk monitoring, risk mitigation plan, etc.4. Creation of complex new Information and Cyber Security policy content aligned to Regulation.5. Production of materials for governance meetings relating to Information and Cyber Security.6. Experience in conducting gap analysis against ICS related Legal Regulatory and Mandatory requirementsProfessional qualifications: CISA/CISSP/CISM/CRISC/ISO27001 lead auditor or lead implementer is preferred but not mandatoryPersonal authority based on established trusted relationships and ability to provide advice and direction which is respected amongst peersGood understanding and knowledge of working with Information and Cyber Security related LRM in different jurisdictions.Good knowledge of the businesses, markets and operations of Standard Chartered Bank and the policies, procedures and processes through which Information and Cyber Security risks are addressed throughout the GroupProven ability to respond to complex challenges and deliver practical solutions and direction which reflect a balanced view of the operation of the bankAbility to both assess priorities and to focus on work in a structured fashion which delivers resultsSound judgement and anticipationStrong integrity, independence and resilienceProven ability to respond to complex challenges and deliver practical solutions and direction which reflect a balanced view of the operation of the bankAbility to both assess priorities and to focus on work in a structured fashion which delivers resultsSound judgement and anticipation. Strong integrity, independence and resilienceProven advanced English writing and communication skillsKnowledge of security frameworks (e.g. COBIT, ISF, COSO), standards (e.g. ISO, NIST, CIS), information security principles, security architecture and Regulatory requirementsAdvanced competency with Microsoft Office Suite (Word, PowerPoint, Excel, SharePoint).,

Keyskills :
risk managementbankingriskcustomer relationscompliancesubject matter expertisegap analysissecurity riskcyber security