Head Information Cyber Security

Job Description

*Role ResponsibilitiesThe Country Head of Information Security (HICS), Pakistan is a permanent role that requires strong business acumen and deep knowledge and experience in the ICS (Information and Cyber Security) field.This role will require hands on approach to understand and support Pakistan on the ICS Risk Type Framework to maximize risk reduction and capability improvement, while meeting compliance and legal obligations, and minimising client impact. The role will require to have end-to-end view on all ICS activities with support to regular risk assessment, tracking, follow up and reporting at the relevant forums. The role reports directly to the Regional Chief Information Security Officer.The Pakistan CISO will provide exceptional leadership, maintain highly constructive relationships with key stakeholders, and possess strong security risk framework knowledge to mobilize effort and commitment.BusinessThe primary purpose of this position is to ensure that the management of ICS risk is operating effectively and efficiently and to provide assurance that ICS risk is appropriately managed within the country in accordance to regional and global bank standards.Pakistan CISO will execute a robust and efficient plan to rollout ICS RTF by working with key stakeholders including COOs/CIOs direct teams, ICS RTF Implementation Programme teams, Office of the CISO and Security technology teams. The plan will incorporate digital footprint discovery, risk assessment, definition and implementation of controls as guided by the ICS RTF and tailored to the relevant areas.Supporting the Regional CISO in the implementation of the ICS Risk framework including working with stakeholders to identify, assess and rate the information assets, build out the risk profile per the framework, initiate risk assessments and put together treatment plans.Use qualitative and quantitative data sources to validate Key Control Domains (KCD) and associated controls, accelerate risk assessment process, validate business risk profile, and develop action plans to remediate to bring ICS risk back into appetite.Perform Threat-led scenario-based assessment (TSRA) for country to identify key threats and assess risks accordingly.Follow up on identified thematic cyber issues, develop processes to address issues from re-occurrence and ensure cyber hygiene across the whole portfolio.Provide regular status updates including progress, top risks and issues to the respective country and regional forums for the relevant domains. Track regulatory status, key milestones, risks, dependencies and issues.Interface with the Business and Country ICS Leads to assist with sharing of risk profiles, advising on cyber risk issues and addressing areas of concern.Interface with Technology forums to ensure security technologies are operating with input from countries and be actively involved in the roadmap of these technologies by providing regional/country input.Development of risk treatment plans for the assigned areas in conjunction with the business and technology teams. Interface with other areas to ensure dependencies are known and prioritised. Negotiate timelines to ensure proper remediation by maintaining support and organizational alignment.Adapt to emerging and horizon risks and address issues to maximize outcomes. Urgent and timely action for risks and issues which adversely impact cyber risk profiles.Re-planning and prioritising as required to maximise risk reduction.Coordinate and plan for cyber crisis management exercises, build response and recovery capabilities, workarounds, ensure up to date playbooks etc.Conduct periodic information security assessment.Periodically informing the Board on latest developments in the cyber security universe.Ensuring security and protection of the banks information assets.Assessing the controls on the IT infrastructure and suggesting improvement.Assure that process owners are performing data sanitization at the time of decommissioning of servers.Take appropriate actions based on cyber threat intelligence received from SC Group and other in-country sources like SBP/PBA etc.Creating awareness among staff on cyber threats and their controls.Assist with other cyber activities underwayPeople and TalentLead through example and build the appropriate culture and valuesSet appropriate tone and expectations from team and work in collaboration with risk and control partnersEnsure the provision of ongoing training and development of people, and ensure that holders of all critical functions are suitably skilled and qualified for their roles ensuring that they have effective supervision in place to mitigate any risksEmploy, engage and retain high quality people, with succession planning for critical roles.Responsibility to review team structure/capacity plansManage team of country ISOs that is aligned and scaled to the ICS risk control needs of Standard Chartered Bank PakistanSet and monitor job descriptions and objectives for direct reports and provide feedback and rewards in line with their performance against those responsibilities and objectivesUphold and reinforce the independence of the second line ICS Risk functionRisk ManagementDeliver the defined aspects of the Country ISO, Pakistan role to support the Group ICS risk management approach and objectivesEnsure that the Country HICS, Pakistan role is managed in accordance with the defined CISO Governance Risk Type Framework and associated Policy and Standards; and that issues are identified, escalated, and addressed as appropriateGovernanceEstablish strong ties into the relevant regional and country leadership, governance, risk and control committees to ensure adequate monitoring, tracking and governance of ICS risk. Drive integration of ICS Risk Type Framework into all businesses and functions in the country and utilise for the ongoing governance of region and country riskRegulatory & Business ConductDisplay exemplary conduct and live by the Group s Values and Code of Conduct.Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.Lead to achieve the outcomes set out in the Bank s Conduct Principles.Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.Key StakeholdersCOO, PakistanGroup CISOHead of Global ICS OperationsRegional CISO and Regional ICS teamCIO, PakistanCEO, PakistanBanking RegulatorsHead of ICS GovernanceHead of ICS PolicyHead of ICS Assurance and TestingHead of ICS Training, Awareness & ExercisesHead of ISO RegionsOther ResponsibilitiesEstablish strong relationships with identified stakeholders across the business and functions in country, and understand their strategic goals, to ensure ICS alignmentArticulate the value of ICS controls and their bottom line impact to the region and country security and resiliencyPrepare, present and challenge in a 2nd line capacity at relevant risk committees, steering groups and cross-business opportunitiesPerform Delegation of Authority (DoA) responsibilities for CISO as defined for the region and countriesMeasure efficient and effective management of ICS risk for the countryUtilise appropriate risk management tool(s) to manage, track and monitor ICS risks in PakistanMaintain required and appropriate evidence of work performed for review by Group Internal Audit and othersQualifications:Possess one or more technical certifications such as CISSP, CCISO, CISM, CRISC,PMP, RMP, SANS.University Degree in Computer Science, Information Systems, Engineering or other related field from reputable university.Master s degree in a related field as Information Security, Risk Management and Project Management10-15 years of work experience in similar relevant position,

Keyskills :
keeping things simplestrong business acumen3rd party relationshipsrisk controlhuman skillsmusic makingsecurity riskinternal audit