Job Description

Role Responsibilities Job Summary As part of the global UK Audit and Corporate Governance (UK ACG) programme, the purpose of the role is to support the Global IT & Third Party Lead to oversee / successfully complete the work in relation to Third Party controls for outsourced IT systems &/ or services. This includes the strategic design, workstream plans, design of testing procedures, performing SOX testing for in-scope third parties (including the review of SOC1 & SOC2 reports), and review / agreement of findings (including QA review and challenge) to drive subsequent remediation activities where required. The Director, Third Party Controls role sits within the UK ACG Third Party Controls sub-stream. The main responsibility of the Director will be to support the Global IT & Third Party Lead in delivering the third party SOX compliance programme by performing an assessment of controls at external Third Parties who fall within the scope of the UK ACG programme This work will involve extensive stakeholder liaison and engagement across KPMG (external advisors), Group, Businesses & Functions, including TTO risk and control teams, third party information security teams, contract managers and supply chain management. The candidate will need to have a good understanding of control requirements, preparation of test scripts, SOC1 & SOC2 or other industry standard control report and the ability to design & test controls and prepare workpapers. The Director Third Party Controls will plan and execute any third-party onsite reviews, as required, and highlight any control exceptions / arrange meetings with the third-party &/or application or business teams to discuss potential findings / observations as required Facilitates communication and information sharing across teams and senior stakeholders to ensure alignment across stakeholder groups in and outside of the programme. Responsibilities Work with the Global IT & Third Party Lead to support the Third Party Controls SOX strategic roadmap, milestone plan and sprints In conjunction with the Executive Director, prepare the Third Party Controls testing sprint plans (including key dependencies) which support the broader Strategy & Approach Prepare inputs to agree test strategy for each in-scope third party Define and execute Third Party Control Testing related activities including the gathering and assessment of industry standard control reports (taking into account any available artefacts previously obtained through other departments such as TPSR), engage the third party to discuss remediation activities / control report findings, to plan & action virtual or onsite reviews Act as lead point of contact for any onsite reviews Support the UK ACG third party controls reviews across the scope of both phase 1 and phase 2 of the programme Extensive stakeholder liaison required: Work closely with the TTO, Group, Business and Functions teams associated with the in-scope third parties to investigate any existing external certifications already gathered and coordinate with their Third (& where applicable fourth) Parties to complete the SOX testing reviews If there are controls in which the third party has relied upon SCBs controls (known as complimentary user controls), check whether these controls exist and that they have been tested / are satisfactory Manage and resolve outputs arising from the KPMG QA review of the Third Party controls testing review Business Manage relationships with relevant stakeholders. Work closely with impacted businesses and functions to solve issues and spot opportunities as they arise. Processes Map the outcomes of phase 1 to the roadmap for phase 1 third party testing, and update to incorporate phase 2 outcomes when available Provide support and guidance to the senior manager / manager third party controls as needed to support timely delivery of testing work Responsible for ensuring All control exceptions identified are documented in an exception tracker and updated following distribution of final report to relevant stakeholder group Diligently provide weekly and ad hoc reporting on the status of assessments Responsible for ensuring a complete register of third party control reports and tests Lead role when engaging with KPMG during sprint QA review. People and Talent Be an example for others to follow with regard to implementation of control testing Lead through example and build the appropriate culture and values. Work in collaboration with risk and control partners. Ensure active communication of workstream priorities and progress to stakeholders to foster engagement, awareness, and motivation The candidate must have strong interpersonal and communication skills: networking, negotiation, influencing and written communication and a strategic mindset. Maintain a positive attitude with the capability to work under pressure and deliver on multiple deadlines. Foster good relationships with the TTO function and third party contract managers across the bank Risk Management Responsible for accurate risk reviews / identification of SOX control gaps / risks associated with in-scope third party reviews Identify project and business risks, escalating to the Executive Director, Third Party Controls (as appropriate) with strategies to mitigate that risk. Governance Adhere to SCB Programme Management good practice and governance. Regulatory & Business Conduct Display exemplary conduct and live by the Group\'s Values and Code of Conduct. Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct. Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters. Compliance with UK Companies Act and UK Corporate Governance requirements relating to internal controls Key Stakeholders Global IT & Third Party Lead Executive Director Third Party Controls UK ACG Project and Programme Managers ITAC application teams & associated business leaders TTO stakeholders, including those within Risk & Controls function Our Ideal Candidate Education - Bachelor\'s Degree. Ideally, with 8+ years in banking, specifically experience in working on large multi-dimensional programmes / projects across business and functions. Ability to review, understand and map IT controls that supports business processes and an ability to define key IT controls that support the business process. Previous experience of process mapping, controls identification and a deep understanding of US SOX (COSO13, COBIT) control environments would be an advantage. Previous experience of reviewing SOC1 / 2 reports essential. Able to work in a flexible, independent, and agile way Effective communicator and collaborator with the ability to clearly and concisely articulate ideas, concepts, and proposals to engage team, peers, and management Good eye for detail and with a strong focus on Controls and compliance to policies and procedures. Strong team player and has the capacity to build good working relationships Proven ability to perform under pressure and to adjust plans to meet changing needs and requirements. Strong verbal and written communication and presentation skills i.e. PowerPoint, Excel, MS Project. Strong relationship management skills Good understanding of governance and risk management. Role Specific Competencies Strong programme project management and analytical skills with good understanding of Clarity Good understanding of the banking industry and regulatory environment Experience in managing and delivering regulatory programmes / projects preferred, particularly prudential regulation Strong analytical capability Exceptional relationship management skills Exceptional verbal and written communication and presentation skills i.e. PowerPoint, Excel, MS Project Good understanding of governance and risk management Ability to influence, negotiate and constructively challenge at a variety of levels Ability to manage multiple deliverables in a timely and effective manner High level of responsiveness, sense of urgency ability to operate in a highly pressurised and dynamic environment Strong drive for results, ability to plan, track and follow through to deliver an aggressive project plan agenda Ability to review, understand and map IT controls that supports business processes and an ability to define key IT controls that support the business process. Previous experience of process mapping, controls identification and a deep understanding of US SOX (COSO13, COBIT) control environments would be an advantage About Standard Chartered We\'re an international bank, nimble enough to act, big enough for impact. For more than 160 years, we\'ve worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you\'re looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can\'t wait to see the talents you can bring us. Our purpose, to , together with our brand promise, to be are achieved by how we each live our . When you work with us, you\'ll see how we value difference and advocate inclusion. Together we: Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing. Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations Time-off including annual, parental/maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with with minimum global standards for annual and public holiday, which is combined to 30 days minimum Flexible working options based around home and office locations, with flexible working patterns Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential. Recruitment assessments - some of our roles use assessments to help us understand how suitable you are for the role you\'ve applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.

foundit