Manage and support to deliver CPBB strategy on Sustainability of ICS controls to maintain and improve ICS security risk posture by proactive risk identification and remediation together with governance of CPBB ICS controls risk posture.
Drive strategy and execution on embedding secure by design of new application or enhancements by ensuring control validation and governance are done effectively across various process in the bank such as SACA, SIA and ADO.
Governance of group managed ICS controls and sustaining ongoing control hygiene across the CPBB application estate. Governance of dispensation and CRISP tool and uplift of processes ensuring the right gaps are identified and managed effectively.
Responsible to manage control exception and work with various teams such as CSS and IAM, vendor and business to implement compensating and mitigating controls which can be implemented to achieve similar risk target.
Support control analysis that required by relevant internal audit and external regulatory for CPBB ICS controls. or from external (COSMOS, Regulatory). Identify improvement and changes required to meet specific requirements resulting from technical gaps or regulatory requirement or cyber incidents.
Proven ability to lead on initiatives to embed a sustainable ICS Controls status in CPBB. Includes gap findings, understanding solution and driving changes by collaborating with different functions, regional teams, businesses, and countries.
ICS control assurance by collaborating and managing various teams such as Purple Team, Testing Team, and take input from tool such KCI/BRAM in the bank. Manage remediation and exemption management accordingly with business risk appetite.
Business
Focal point for control related gaps for the business and management team in CPBB across group and country, working with respective regional leads as well.
Manage ICS Control exception process to ensure exceptions are managed effectively and any impact to the risk target for the business to be highlighted. Team will lead and manage these exceptions and advise on next course of actions based on the severity of these issues.
Processes & Risk Management
Responsible for all control related risk assessment which is critical in understanding ICS risk posture especially on ICS gaps to ensure the right decision and escalation can be done. To manage the remediation or acceptance with various functions in CPBB from tech, CISRO and business.
Responsible for identifying and reporting ICS controls limitations, control adoption challenges and escalating to relevant teams. Collaborating with relevant CIO teams and ICS teams on remediation plans and ensuring they are documented accordingly in bank risk management tool. Oversight the remediation of the limitations.
Ensure all the non-compliances are recorded (CRISP, dispensations etc), managed, and adhered to the remediation timelines
Support audit/COSMOS reviews, drive and document any self-identified issues, effectively oversight and provide regular input to risk assessment team
Ensure controls gaps introduced by Third Parties are understood and managed accordingly to the risk appetite. Provide regular inputs to risk assessment team on the status
Manage hygiene towards CPBB scorecard and metrics such as managing KCIs/BRAMs metrics, Audits, COSMOS findings and Self-Identified Issues. including Third Parties such as vendors and partners.
Incidents and RCAs support and follow up to closure
ORA, CRA, CRISPs and dispensations management.
BAU /Ad-hoc requests for support from business / technology
People & Talent
Excellent organisation and leadership skills with ability to manage multiple deadlines and effectively prioritise. Continuously upskill to remain current with the cyber threats and security
Collaborate well with various teams across the bank
Governance
Drive efficient oversight of group managed ICS controls and highlight and effectively manage any deficiency that could impact CPBB ICS risk position. Establish ICS controls effectiveness requirements, purple testing scenarios and govern adherence to the process.
Establish and run oversight forums for CPBB ICS processes to effectively oversight any reported non compliances (i.e. data movement to non-production environment, SIA non-compliances review, CRISP, ADO, SACA etc)
Establish and run oversight forum over controls gaps and remediation progress within Third Party. Collaborate with CISO MT team to improve TPSA process when/if required
Regulatory & Business Conduct*
Display exemplary conduct and live by the
. * Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
Lead the CISO CPBB function to achieve the outcomes set out in the Bank\xe2\x80\x99s Conduct Principles
Effectively and collaboratively identify, escalate, mitigate, and resolve risk, conduct and compliance matters.
Key stakeholders.
ICS Management team
CISO teams
Technology teams,
CPBB Business teams
Group Hive Leads \xe2\x80\x93 Business and Technology
Qualifications
Training, licenses, memberships and certifications
Experience in ICS Risk Framework within banking industry - MUST
Experience in various ICS security Domain and delivery experience \xe2\x80\x93 MUST
Minimum of 8 years professional experience with 2-3 years\xe2\x80\x99 experience in banking industry. - Must
Experience in risk management and remediation. - MUST
At least Bachelor\xe2\x80\x99s degree (Management, Engineering, IT) \xe2\x80\x93 Must
Advantage for any other related security certificates such as CISSP, CISM, CRISC, CISA, CCSP
Our Ideal Candidate
At least 8 years of related experience in the Cyber Security domain
Very good knowledge of at least 2 ICS domains
Experience in technology or cyber security risk assessment
Experience in supporting Audit examination and remediation plan
Excellent writing, presentation, and communication skills
Understanding of cyber threat landscape
About Standard Chartered
We\'re an international bank, nimble enough to act, big enough for impact. For more than 160 years, we\'ve worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you\'re looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can\'t wait to see the talents you can bring us.
Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you\'ll see how we value difference and advocate inclusion. Together we:
Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term
In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.
Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations
Time-off including annual, parental/maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with with minimum global standards for annual and public holiday, which is combined to 30 days minimum
Flexible working options based around home and office locations, with flexible working patterns
Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning
Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.
Recruitment assessments - some of our roles use assessments to help us understand how suitable you are for the role you\'ve applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.