Information Security Risk Officer, COO

Job Description

*About Standard Chartered We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East. To us, good performance is about much more than turning a profit. Its about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good. Were committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.The Role Responsibilities

• The Group Chief Information Security Risk Officer (CISRO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank s data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the CISRO function serves as the second line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Framework and for instilling a culture of cyber security within the Bank. The Group CISRO is responsible for ICS governance, strategy, policy, risk assessments, industry partnerships, and regulatory engagement. In addition, the team of Information Security Risk Officers (ISRO) report to Global Head, Information Security Risk Officer and perform a pivotal role as an extension of the CISRO in supporting the ICS risk management strategy, governance, advisory and assurance roles that face off to the Client Services, Regions, and Functions.
• This specific role is a senior Band 5 role who will report directly to Head ISRO, COO. The role provides independent ICS risk advice, oversight and thought leadership to support the successful execution of the COO business operating plans and strategies. This includes oversight of the TDR function within COO which execute approximately 60% of the Banks cyber controls.
• The role delivers services that continually monitor the ICS threat landscape, undertake constructive and robust oversight of the effectiveness of ICS controls and risk remediation strategies, and ensuring accurate, insightful and transparent ICS risk reporting is provided to senior mgmt. to provide them appropriate assurance and confidence on the COO ICS risk profile.
• We are seeking an information and cyber security risk specialist to deliver a range of activities associated with the discharging of CISRO second line responsibilities. This role will have considerable engagement with all business units, risk committees, and other stakeholders across the bank, but especially those in COO. The successful candidate will be expected to lead and deliver a range of complex activities in the following fields:

Risk Management

• Support the assessment of ICS risk and reporting on it COO 1 st line teams.
• Support the ISRO team in the use of the ICS RTF and other techniques from a 2nd line perspective.
• Raise visibility of ICS weaknesses to drive ICS improvements and uplift.
• Highlight gaps or control weaknesses against security standards and regulations in the key ICS domains (Identity Access Management (IAM), Application Security, Vulnerability Management, Malware Protection, Network Security, API security, Cloud and Container Security
• Create risk mitigation plans calling out where these are ineffective or insufficiently followed.
• Perform thematic reviews as required by the ISRO team.

Governance

• Work with teams within COO and participate in work groups and other meetings to understand, advise and challenge on ICS matters
• Collaborate with Head of ICS in the preparation of Group ICS update for COO TDR NFRC using the material from ICS RTF profile and centrally produced by the CISRO Governance team.
• Report any ICS risks/issues during COO TDR NFRC which require attention and support
• Ensure consistency of reporting and production of high-quality documentation and materials.
• Provide recommendations and feedback to CISRO teams based on experience with COO

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key Stakeholders

• Group COO teams
• Security services teams within Group COO
• Head of ICS for Group COO
• ISROs for Functions, Businesses and Regions
• Other CISRO teams
• Group Internal Audit
• Identified business stakeholders

Our Ideal Candidate

• A degree in Information and Cyber Security or Technology or equivalent
• Professional Certifications such as CISSP, CISA, CISM or equivalent is desirable
• Minimum 10 years experience in information security or risk management, preferably in Banking and Financial sector, with 5 years hands-on experience in information security risk assessments
• Strong knowledge of cybersecurity frameworks, standards and principles
• Strong technical knowledge on Security Monitoring, Security Analytics, Identity Access Management, Network Security, Data Privacy, Third Party risk, Application Security, Vulnerability management, Cloud and Container Security
• Must be a self-starter who is able to initiate and successfully drive initiatives to completion with little or no management supervision.
• Excellent written and oral communication and reporting skills

Domain Knowledge

• Strong technical knowledge in ICS controls domain Identity Access Management (IAM), Application Security, Vulnerability Management, Security Monitoring, Malware Protection, Network Security, Cloud and Container environment, API security

Experience Qualification:

• Personal authority based on established trusted relationships and ability to provide advice and direction which is respected amongst peers
• Good knowledge of the businesses, markets and operations of Standard Chartered Bank and the policies, procedures and processes through which information and cyber security risks are addressed throughout the Group
• Proven ability to respond to complex challenges and deliver practical solutions and direction which reflect a balanced view of the operation of the bank
• Ability to both assess priorities and to focus on work in a structured fashion which delivers results
• Sound judgement and anticipation
• Strong integrity, independence and resilience

Apply now to join the Bank for those with big career ambitions. To view information on our benefits including our flexible working please visit our career pages . We welcome conversations on flexible working.,

Keyskills :
riskbankingreportingbasismis3rd party relationshipsidentity access managementenvironmental impact assessmentdata privacysecurity riskinternal audit