Job Description

Job Summary*

Define key responsibilities to reflect the duties and responsibilities of this role.

\xc2\xb7 Oversee all risk and control activities related to risk management processes within the ICS IAM-PIM function.

\xc2\xb7 Drive compliance with the Bank\xe2\x80\x99s risk framework and policies (e.g. ERMF, ORTF and ICS RTF).

\xc2\xb7 Design and maintain internal risk processes that allow PIM to dynamically monitor risk and controls.

\xc2\xb7 Support the ICS Function to be \xe2\x80\x98First to Know\xe2\x80\x99 its risks & issues, and to deliver on its commitments.

\xc2\xb7 Deliver risk focused, timely and re-performable deep dive reviews on PIM controls following ICS Control methodology.

\xc2\xb7 Internal assessment over identifying thematic trends amongst existing issues and ensure action plans are driven to address overall root cause.

\xc2\xb7 Work with IAM Gov team to perform PIM process reviews (including Standard Operating Procedure) to uplift quality of standard.

\xc2\xb7 Maintain all operational risk framework (ORTF) based PIM controls and corresponding CSTs, KCIs and KRIs.

\xc2\xb7 Provide timely and accurate risk & control MI to the respective risk forums.

\xc2\xb7 Support stakeholders in defining remediation actions to address identified control weaknesses and issues.

\xc2\xb7 Track issue remediation, check and challenge delivery status and escalate delays.

\xc2\xb7 Validate that remediation activities completed by PIM Service teams address the risk in the issues (e.g. Audit issues and deep dive findings).

Strategy*

Significant transformation is underway within the Information & Cyber Security (ICS) function to rapidly improve the Group\xe2\x80\x99s Cyber Security, Identity Access Management and Threat Management control environment, along with digitisation and innovation.

Business*

This role is to perform risk and control activities for the ICS Service under Identity and Access Management (IAM) \xe2\x80\x93 Privilege Identity Management (PIM) domain. This team will provide governance, oversight and assurance, as well as advocating and imparting lessons and good practice to shape the design and implementation of PAM controls. In addition, determining whether these controls are operating effectively.

Processes*

Support PIM Process owners in the execution of their accountabilities by:

\xc2\xb7 Acting as the confidant to the ICS \xe2\x80\x98Process Owner(s)\xe2\x80\x99 responsible for developing, prioritizing and implementing controls.

\xc2\xb7 Implementing the Risk & Controls Security Assessment (RCSA) to monitor the effectiveness of the controls and standards governing the end-to-end process.

\xc2\xb7 Being accountable to the ICS \xe2\x80\x98Process Owner(s)\xe2\x80\x99, framework and policy owners and implementing the control requirements applicable to the process.

\xc2\xb7 Escalating significant risks and issues to line manager

Risk Management*

\xc2\xb7 Support liaison with Group Internal Audit and any third party or regulatory inspections (only if applicable and related to thematic issues cutting across both AM&DP domains).

\xc2\xb7 Adopt an anticipatory approach to risk assessment through stakeholder engagement and monitoring of the external environment.

\xc2\xb7 Work with other control assurance teams to drive efficiency, effectiveness and reduce duplication.

\xc2\xb7 Support PIM Process owners in the execution of their accountabilities related to:

o Identification and management of the end to end processes as defined by the Process Universe and associated risks for the activities carried out.

o Escalating significant risks and issues to the Process Universe Owners, relevant Risk Framework Owners or Policy Owners.

\xc2\xb7 Perform review of the key control indicators for PIM to identify potential control deficiency / gaps and work with relevant domain risk lead and/or service team on the remediation actions.

\xc2\xb7 Support activities related to control design, assessment, testing processes and drive continuous improvement in ORFT and ICS RTF.

\xc2\xb7 Support control testing / attestations that are related to PIM, but not limited to, the following:

o ICS Control Testing;

o SWIFT Attestation;

o PCI-DSS Attestation;

o Cyber Stress Testing;

o Red Team Testing;

\xc2\xb7 Provide good technical input and challenge on assignment to steer team member in producing high quality output which address the risk.

Governance*

\xc2\xb7 Provide timely and accurate reporting to appropriate committees, most specifically the ICS-IAM and ICS Risk & Control Forum.

\xc2\xb7 Ensure appropriate oversight and facilitate resolution of high impact risk and issues.

\xc2\xb7 Tracking and reporting of risk assessments (e.g., audits, risk assessments etc) and their outputs to ensure oversight and escalation mechanisms are in place to provide MI on obligations.

Regulatory & Business Conduct*

\xc2\xb7 Display exemplary conduct and live by the .

\xc2\xb7 Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.

\xc2\xb7 Lead the ICS Risk & Control Function team to achieve the outcomes set out in the Bank\xe2\x80\x99s Conduct Principles: The Right Environment.

\xc2\xb7 Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key stakeholders*

\xc2\xb7 Global Head Identity Access Management (IAM)

\xc2\xb7 Service Heads, ICS \xe2\x80\x93 IAM, Privilege Identity Management

\xc2\xb7 Information & Cyber Security MT

\xc2\xb7 ICS Control Testing

\xc2\xb7 Legal & Regulatory Management Centre of Excellence (CoE)

\xc2\xb7 Group Operational Risk

\xc2\xb7 Group CISRO

\xc2\xb7 Group Internal Audit

Other Responsibilities*

\xc2\xb7 Embed Here for good and Group\xe2\x80\x99s brand and values in ICS Risk & Control Function Team.

\xc2\xb7 Perform other responsibilities assigned by the Head, ICS Risk and Controls, IAM

Ideal Candidate*

\xc2\xb7 Bachelor / Honours Degree in Information Technology, Computer Science, Cyber Security or other technology related qualifications

\xc2\xb7 5+ years of experience in IT Technology audit or assurance which must include some element of experience in a \xe2\x80\x98first line\xe2\x80\x99 security or assurance team.

\xc2\xb7 Good experience in Control testing

Preferably knowledge/experience in IAM/PID domain

\xc2\xb7 Background in the information and cyber security domain within international financial services organisations.

\xc2\xb7 Demonstrated ability to support a \xe2\x80\x98first line\xe2\x80\x99 function in responding to external/regulatory audits.

\xc2\xb7 Professional Qualifications (i.e. CISSP, CCNA and CCNP).

\xc2\xb7 Risk and control related certification in security domain (i.e. CISA, CRISC).

\xc2\xb7 Ability to challenge the status quo.

\xc2\xb7 Excellent organisation skills with ability to manage multiple deadlines and effectively prioritise workload.

\xc2\xb7 Strong interpersonal skills to foster positive relationships with internal and external stakeholders.

\xc2\xb7 Highly effective oral and written communication skills, with an ability to influence and to gain the respect of senior stakeholders and peers.

\xc2\xb7 Ability to exercise good judgment and objectivity.

\xc2\xb7 Demonstrates ability to work with limited direction and multi-task without loss of quality.

\xc2\xb7 Confident and courageous to raise/escalate issues in a pro-active, professional and timely manner.

About Standard Chartered

We\'re an international bank, nimble enough to act, big enough for impact. For more than 160 years, we\'ve worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you\'re looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can\'t wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you\'ll see how we value difference and advocate inclusion. Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations
• Time-off including annual, parental/maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with with minimum global standards for annual and public holiday, which is combined to 30 days minimum
• Flexible working options based around home and office locations, with flexible working patterns
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.
• Recruitment assessments - some of our roles use assessments to help us understand how suitable you are for the role you\'ve applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.

Visit our careers website

Standard Chartered