Job Description

The Role Responsibilities Strategy Manage and deliver CPBB strategy on Control Adoption and Sustainability of ICS risk to maintain and/or improve CPBB ICS security risk posture. Defines the forward-looking view of cyber security risk landscape along with strategically required ICS controls and processes create a multi-year Roadmap to drive and achieve CPBB ICS goals. Proven ability to lead on strategy to embed a sustainable ICS posture including managing control landscape, identify improvements, understanding emerging solution and driving ICS changes by collaborating with different functions, regional teams, business, and countries. ICS foundational control adoption and remediation strategy based on defined the forward-looking view of cyber security risk landscape across the estate of CPBB applications (including Cloud). As well as prioritization of coverage based on defined, risk-reduction targets, regulatory commitments and other enterprise commitments (e.g. KCD risk reduction, COSMOS/Audits, etc). Sustaining ICS security is an integral part of managing ICS risk. Identify areas of priority to sustain and improve risk posture in various areas of risk management, embedding secure by design approach, Governance of ICS controls and embedding healthy risk culture in CPBB. Pro-active risk identification and remediation in landscape ensuring CPBB ICS posture is maintained. Including vulnerabilities management, control gap remediation and managing emerging threats in the market. Drive strategy and execution on embedding secure by design of new application or enhancements by ensuring control validation and governance are done effectively across various process in the bank such as SACA, SIA and ADO. Governance of group managed ICS controls and sustaining ongoing control hygiene across the CPBB application estate. Governance of dispensation and CRISP tool and uplift of processes ensuring the right gaps are identified and managed effectively. Embedding risk culture across CPBB, ensuring joint accountability on risk across CISO, CIO and businesses. Alignment to Bank wide strategy of increasing ROTE by driving sustainability and efficiency of Information Security and Cyber controls operations across CPBB portfolio. Thought leadership in ICS, bring in subject matter expertise in ICS prioritization and management across the business. Partner with business and other ICS functions in the bank to deliver ISC strategy successfully. Coordination with team in different locations especially teams in GBS Malaysia location where the role will interface and collaborate with related teams such CISRO, Application delivery teams, ICS CSS IAM, COE and ICS Programme Governance. This will provide cohesive and seamless coordination which is critical to the success of the CPBB ICS Controls and Sustainability team. Processes Management Establish sustainable process to oversight any non-compliances, data breaches and improvements to remain current against ever changing threat landscape. Establish and govern vulnerability management and remediation in alignment with group program, including ongoing risk assessment of backlog vulnerabilities. Establish Third Party governance strategy to define ICS risk position and improvements requirement Track and align ICS Control adoption and execution to the ICS risk reduction initiatives with key enterprise programmes (Obsolescence remediation, Cloud Adoption, etc.) Continue adoption of ICS foundational controls to secure areas of residual risk of application and systems impacting risk appetite/target of CPBB Governance of CPBB ICS controls such as managing ICS Control exception process to ensure exceptions are managed effectively and any impact to the risk target for the business to be highlighted. Manage hygiene towards CPBB scorecard and metrics such as managing KCIs/BRAMs metrics, including Third Parties such as vendors and partners. Ensure ICS controls effectiveness and continuous control posture identification by working with various teams i.e Purple Team, Control Testing Team. Seamless coordination with various regional teams on the similar responsibilities to ensure ICS risk is managed in markets/regions. Proven ability to oversight and manage highly complex, global, processes by driving collaboration and participation by functions, regions and countries People & Talent Excellent organisation and leadership skills with ability to manage multiple deadlines and effectively prioritise. Ability to manage and develop cross regional teams, attract, and retain the best talent Risk Management Responsible for all control related risk assessment which is critical in understanding ICS risk posture especially on ICS gaps to ensure the business able to do an informed and right decision. To manage escalation for remediation or acceptance with business and various functions in CPBB such CISRO and technology. Responsible for identifying and reporting ICS controls limitations, control adoption challenges and escalating to relevant teams. Collaborating with relevant CIO teams and ICS teams on remediation plans and ensuring they are documented accordingly in bank risk management tool. Oversight the remediation of the limitations. Support risk assessment team and provide regular inputs about the status of ICS processes, deficiencies, and overall risk heatmap potentially impacting risk position Ensure all the non-compliances are recorded (CRISP, dispensations etc), managed, and adhered to the remediation timelines Support audit/COSMOS reviews, drive and document any self-identified issues, effectively oversight and provide regular input to risk assessment team Ensuring CPBB Risk Targets timelines are met Ensure controls gaps introduced by Third Parties are understood and managed accordingly to the risk appetite. Provide regular inputs to risk assessment team on the status. Drive the adoption of \'lessons learnt\' driving consistency and efficiency. Governance Drive efficient oversight of group managed ICS controls and highlight and effectively manage any deficiency that could impact CPBB ICS risk position. Establish ICS controls effectiveness requirements, purple testing scenarios and govern adherence to the process. Establish and run the Control Status, Solution Issues and relevant other meetings, providing governance as required Establish and run oversight forums for CPBB ICS processes to effectively oversight any reported non compliances (i.e. data movement to non-production environment, SIA non-compliances review, CRISP etc.) Ensure relevant ICS risk and issues are monitored and appropriately addressed by key stakeholders (i.e. thematic risk reviews coming from audits, proactive ICS risk assessment, post incidents etc.). Ensure ICS processes and group controls deficiencies are reported Establish and run oversight forum over controls gaps and remediation progress within Third Party. Collaborate with CISO MT team to improve TPSA process when/if required Regulatory & Business Conduct Display exemplary conduct and live by the Group\'s Values, Valued Behaviours, and Code of Conduct Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the Bank. Effectively and collaboratively identify, escalate, mitigate, and resolve risk, conduct and compliance matters. Key stakeholders CPBB CISO MT CPBB COO MT CPBB CIO MT Global Head, Business Risk Management, CPBB COO Group Hive Leads - Business and Technology Our Ideal Candidate Experience in IT and ICS operations execution and management - MUST Experience in ICS Risk Framework within banking industry - MUST Experience in various ICS security Domain and delivery experience - MUST Minimum of 12 years professional experience with 3-5 years\' experience in banking industry. - Must Experience in risk management and remediation. - MUST At least Bachelor\'s degree (Management, Engineering, IT) - Must CISSP - Must Role Specific Technical Competencies Understanding of the Cyber landscape and ICS Controls within the CPBB environment Excellent organisation and leadership skills with ability to manage multiple deadlines and effectively prioritise ICS Security and Risk Assessment Knowledge Extensive change and programme management experience, ideally gained in the financial industry Ability to foster positive relationships with internal and external stakeholders at appropriate level ensuring open cooperative environment. Be a Team player. Process Improvement identification and management. Able to identify and understand issues which process are based About Standard Chartered We\'re an international bank, nimble enough to act, big enough for impact. For more than 160 years, we\'ve worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you\'re looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can\'t wait to see the talents you can bring us. Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you\'ll see how we value difference and advocate inclusion. Together we: Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing. Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations Time-off including annual, parental/maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum Flexible working options based around home and office locations, with flexible working patterns Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential. Recruitment assessments - some of our roles use assessments to help us understand how suitable you are for the role you\'ve applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.

foundit