Senior Information Manager

Job Description

The successful candidate will have strong experience leading and / or implementing information security programme in a large international institution. The TPSR program plays a central role across the Bank in managing third party risk by implementing a standardized end to end data risk security assessment to third parties. The key responsibilities of this role is to perform the thirty party security assessments and lead process improvement initiatives.Business The primary purpose of this position is to perform critical third-party security risk assessment program for the Bank. The successful candidate will assist with the Head of Risk Identification TPSR; other supply chain and vendor management functions within the bank (Global Sourcing, Legal, Compliance, etc.) and other risk functions (Cloud, Privacy, Resiliency etc.) and integrate third party data security risk processes into the wider bank vendor management process. The role will assist the Head of Risk Identification TPSR to develop and improve the process for engagement of the TPSR team by the business for all new third party entities across all markets, and for ongoing periodic review requirements. The successful candidate will have a deep understanding of third party risk management and supply chain management. In addition, the successful candidate will assist the Head of Risk Identification TPSR to work closely with the Head of Policy and Governance to ensure policies and procedures related to TPSR are compliant with current regulations and with the Operational Risk Officer to ensure effective management of operational risks within the TPSR field and compliance with applicable internal policies, and external laws and regulations. The successful candidate will have strong senior stakeholder engagement skillsProcess The major functional activities are to support the Head of Risk Identification TPSR to deliver the following:
• Run a third party consolidation process to review the existing third party risk service line and implement programs of work to improve and expand coverage of the service across the Bank;
• Work closely with the other supply chain and vendor management functions within the bank (Global Sourcing, Legal, Compliance, etc.) and other risk functions (Cloud, privacy, resiliency, CSS) integrate third party data security risk processes into the wider bank vendor management process;
• Develop and improve the process for engagement of the third party security risk team by the business for all new third party entities across all markets, and for ongoing periodic review requirements;
• Ensure compliance to measurement, tracking and reporting third party security risk assurance metrics.
• Provide regular updates on the third party security risk program, including KPIs, KCIs, and metrics status for delivery to relevant operational, Group, and Board committees.
• Move the one size fits all vendor security assessment checklist to a more mature assessment framework that is tailored to common third party services (i.e., check printing, card embossing, etc);
• Lead the monitoring and reporting of mitigation and remediation actions to track progress against audit and other assessment findings.
• Develop relationships with multiple local consultancies in different markets to supply onsite and offsite third party security assessment services;
• Lead the third party assessor team to facilitate the third party risk governance process.
• Build trusted working relationships with other security functional heads, risk and compliance counterparts, and business unit stakeholders.
• Maintain sufficient and appropriate evidence of work performed for review by Group Internal Audit and others.
• Work with the relevant Operational Risk Officer to ensure effective management of operational risks within the TPSR field and compliance with applicable internal policies, and external laws and regulations
Risk Management
• Ensure that this role is managed in accordance with the defined CISO views on policies and standards, and that issues are identified, escalated, and addressed as appropriate.
• Manage the Third Party Security Risk professionally and efficiently, closely tracking deliverables and commitments.
Governance
• Establish strong ties into the relevant business lines governance, risk and control committees to ensure adequate monitoring, tracking and governance of Third Party Security Risk
• Work with CISO Policy team to coordinate, integrate and represent the Bank s views on evolving regulations, policies and standards related to Third Party Security Risk.
• Drive integration of ICS Risk Type Framework into Third Party Security Risk Program
Regulatory & Business Conduct
• Display exemplary conduct and live by the Group s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
Other Responsibilities
• Establish strong relationships with identified stakeholders across the regions and countries and understand their strategic goals, in order to ensure ICS alignment.
• Articulate the views of the Bank on ICS TPSR regulatory and resiliency matters in various organisations and with regulators.
• Prepare, present and challenge in a 2nd line capacity at relevant risk committees, steering groups and cross-business opportunities.
• Measure efficient and effective management of ICS risk for the business lines.
• Validate the accuracy of KRI s and KCI s and other risk ratings, as well as process designs, to meet policy requirements.
• Ensure that Process Owners are escalating risk, control, and process deficiencies appropriately in accordance with the relevant risk frameworks.
• Build trusted working relationships with other security functional heads, risk and compliance counterparts, and business unit stakeholders.
• Utilise appropriate risk management tool(s) to manage, track and monitor ICS risks across the client facing business lines.
• Maintain sufficient and appropriate evidence of work performed for review by Group Internal Audit and others.
• Monitor, assess and advise business lines on acceptable risk tolerances based on policy and control environment and the evolving regulatory and threat landscape.
Our Ideal Candidate
• Bachelor degree or above from an accredited college/university in an appropriate field.
• Strong communication skills in English
• Ideally 8-12 years of experience in IT / Information Security / IT auditing / ICS Risk, with Big 4 and/or Banking & Financial services experience
• Experience in understanding of auditing standards, compliance, risk assessment and internal control frameworks.
• Familiarity with working in a MNC or cross-cultural setting.
• Excellent written and interpersonal skills.
• Strong time management skills.
• Ability to draft reports that clearly communicate observations and risks would be required.
• Strong stakeholder engagement skills, and ability to interact at all levels across an organisation.
• Ability to multitask and ensure that all key priorities are delivered as per agreed timelines.
• Knowledge of security frameworks (e.g. COBIT, ISF, COSO), standards (e.g. ISO, NIST, CIS), information security principles, security architecture and regulatory requirements will be a plus.
• Competency with Microsoft Office Suite (Word, PowerPoint, Excel, Visio, SharePoint).
• Advanced skillset for Microsoft Excel (macros, scripts etc) will be good to have
• Certifications (CISSP, CISA, CRISC, CCSP) will be a plus
Apply now to join the Bank for those with big career ambitions. To view information on our benefits including our flexible working please visit our career pages . We welcome conversations on flexible working.,

Keyskills :
3rd party relationshipsenvironmental impact assessmentsupply chaindata securitysecurity riskinternal auditrisk assurance