Associate Director, CSS Risk & Control, AMDP

Job Description

The Role ResponsibilitiesSignificant transformation is underway within the Cyber Security Services (CSS), under the overall purview of COO Trust, Data and Resilience, to rapidly improve the control environment, along with digitization and innovation. The role is to perform risk and control activities for the CSS service under Access Management and Data Protection. As of 1st April 2020, this team has been integrated into the wider TDR Risk & Control function. This team will provide governance, oversight and assurance, as well as advocating and imparting lessons and good practice to shape the design and implementation of cyber security controls. In addition, determining whether these controls are operating effectively.Key responsibilities include:

• Perform all risk and control activities related to all people, processes and assets within the CSS function.
• Act as a risk and ICS SME to drive a multi-year and complex controls transformation agenda.
• Deliver risk focused, timely and re-performable deep dive reviews following TDR Control methodology.
• Design and maintain internal processes that allow CSS to dynamically monitor risk and controls.
• Maintain all ORTF based CSS controls and corresponding CSTs, KCIs and KRIs.
• Support the delivery of the overall COO TDR Conduct Risk Management plan.
• Provide timely and accurate risk & control MI to the management.
• Drive compliance with the Bank s risk framework and policies (e.g. ERMF, ORTF and ICS RTF).
• Support the design, build, and implementation of effective processes and controls to effectively mitigate ICS risks.
• Support the CSS Function to be First to Know its risks & issues, and to deliver on its commitments.
• Support stakeholders in defining remediation actions to address identified control weaknesses and issues.
• Act as the confidant to the CSS Process Owner(s) responsible for developing, prioritizing and implementing controls.
• Maintain accurate and timely data within EORP and any other agreed repositories for risk & control data and issues.
• Track issue remediation, check and challenge delivery status and escalate delays.
• Validate that remediation activities completed by CSS address the risk in the issues (e.g. Audit issues and deep dive findings).

Risk Management

• Support liaison with Group Internal Audit and any third party or regulatory inspections.
• Adopt an anticipatory approach to risk assessment through stakeholder engagement and monitoring of the external environment.
• Work with other control assurance teams to drive efficiency, effectiveness and reduce duplication.

• Support CSS Process owners in the execution of their accountabilities related to:
  • Identification and management of the end to end processes as defined by the Process Universe and associated risks for the activities carried out.
  • Implementing the RCSA to monitor the effectiveness of the controls and standards governing the end to end process.
  • Being accountable to the Group Process Universe Owner, framework and policy owners and implementing the control requirements applicable to the process.
  • Escalating significant risks and issues to the Process Universe Owners, relevant Risk Framework Owners or Policy Owners.
• Perform review of the control self-assessment outcomes, monthly control testing results and adequacy of the related remediation actions.
• Support activities related to control design, assessment, testing processes and drive continuous improvement in ORFT and ICS RTF.
• Execute deep dive reviews and consistent, efficient and meaningful CSTs / KCI tests for CSS processes.
• Provide robust challenge and escalation to senior management to ensure activities achieve risk reduction.
• Manage and drive continuous improvement of the CSS control environment through proactive risk management (e.g. technical deep dive and issue validation).
• Execute assessments against controls that underpin an organisation s Cyber/Information Security Management System primary for Access Management and Data Protection.
• Provide good technical input and challenge on assignment to steer team member in producing high quality output which address the risk.

Strategic

• Build effective relationships with leaders to facilitate:
  • Growing trust with clients and regulators by supporting the CSS Function to be First to Know its risks & issues, and to deliver on its commitments; and
  • The provision of timely, expert advice and assurance;
  • Partnerships with other functions to provide professional advice and assurance

• Work closely with the TDR key strategic initiatives to provide delivery assurance and assessments of key deliverables.

Governance

• Provide timely and accurate reporting to appropriate committees.
• Ensure appropriate oversight and facilitate resolution of high impact risk and issues.
• Tracking and reporting of risk assessments (e.g. audits, risk assessments etc) and their outputs to ensure oversight and escalation mechanisms are in place to provide MI on obligations.
• Work with the CSS Service Lines to identify emerging risks and ensure they are appropriately addressed and subjected to formal governance.
• Support continuous improvement of the CSS internal risk profile reporting, issue management processes and supporting tools.

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank.
• Provide timely and accurate risk & control information to support regulatory meetings and RFIs.

Key Stakeholders

• Global Head Operations - Trust, Data and Resilience
• Global Head Cyber Security Services
• Service Heads Cyber Security Services
• Trust, Data & Resilience MT
• Cyber Security Services MT
• Group Operational Risk
• Group CISRO
• Group Internal Audit T&I and Operations and Cyber

Other Responsibilities

• Perform other responsibilities as assigned by the Service Director.

Our Ideal CandidateRequired:

• Bachelor / Honours Degree in Information Technology, Computer Science, Cyber Security or other technology related qualifications or 6+ years of experience in cyber/IT security, technology audit or assurance, which must include some element of experience in a first line security or assurance team.
• Fluency in English.

Preferred (but not essential):

• Background in the information and cyber security domain within international financial services organisations.
• Demonstrated ability to support a first line function in responding to external/regulatory audits.
• Up to date with key regulation / developments in Information and Cyber Security Management Framework (including Technology Risk Management), Data, Privacy and Automation.
• Professional Qualifications (i.e. CISSP, CCNA and CCNP).
• Risk and control related certification in security domain (i.e. CISA, CRISC).
• Risk & control, assurance or audit experience.
• Ability to challenge the status quo.
• Ability to commit up to 10% business travel.
• Excellent organisation skills with ability to manage multiple deadlines and effectively prioritise workload.
• Strong interpersonal skills to foster positive relationships with internal and external stakeholders.
• Highly effective oral and written communication skills, with an ability to influence and to gain the respect of senior stakeholders and peers.
• Ability to exercise good judgment and objectivity.
• Demonstrates ability to work with limited direction and multi-task without loss of quality.
• Confident and courageous to raise/escalate issues in a pro-active, professional and timely manner.
• Demonstrate understanding of and commitment to the Group s core values.

,

Keyskills :
financeadvisorycompliancereportingcustomer relationsservice linesinternal auditcyber securitycontrol designrisk managementrisk assessmentcontrol testingtechnology riskcomputer science