Job Description

Role Responsibilities

The Group Chief Information Security Risk Officer (CISRO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank\xe2\x80\x99s data and IT systems by managing information and cyber security (ICS) risk across the enterprise.

As a critical function reporting into the Group Chief Risk Officer (CRO), Group CISRO serves as the second line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Type Framework and for instilling a positive culture of cyber security within the Bank.

As part of the function, the team of Information Security Risk Officers (ISRO) performs a pivotal role as an extension of the CISRO in supporting the ICS risk management strategy, governance, advisory and assurance roles that face off to the Client Businesses, Regions, and Functions.

Strong technical knowledge in ICS controls domains \xe2\x80\x93 Identity Access Management (IAM), Privileged Identity, Authentication, Authorisation technologies

Responsibilities*

Strategy*

The Information Security Risk Officer for Group Transformation, Technology & Operations (TTO) is a permanent strategic role that requires strong business acumen and deep knowledge and in depth experience of Information and Cyber Security (ICS), in particular in Identity and Access Management domain. The successful candidate will have a strong understanding of operating in a second line capacity within an ICS or risk management organisation, and can respond flexibly and collaboratively to evolving business, regulatory and threat requirements. The role reports directly to the Global Head, ISRO TTO. The ISRO for TOO will work with the CISRO and others to address ICS as a principal risk type for the Bank and support its integration into the Bank\'s overall Enterprise Risk Management strategy. The role will provide oversight and challenge of ICS risk management and control effectiveness as a risk partner to TTO as defined in the Bank\xe2\x80\x99s ICS Risk Type Framework and under delegation from the Group CISRO.

Business*

The role delivers services that continually monitor the ICS threat landscape, undertake constructive and robust oversight of the effectiveness of ICS controls and risk remediation strategies, and ensure accurate, insightful and transparent ICS risk reporting is provided to senior management to provide them appropriate assurance and confidence on the TTO ICS risk profile.

We are seeking an information and cyber security risk specialist to deliver a range of activities associated with the discharging of CISRO second line responsibilities. This role will have considerable engagement with all business units, risk committees, and other stakeholders across the bank, but especially those in TTO covering Identity and Access Management domain.

Processes*

The major functional activities that the ISRO for TTO will lead and manage are:

• Overseeing and challenging 1st line ICS risk proposals and risk-taking activities for IAM domain;

• Intervening in 1st line activities if they are not in line with existing or adjusted Risk Appetite;

• Monitoring of ICS risks and associated remediation plans across business lines using the CISRO Governance Risk Type Framework;

• Assuring the 1st line implements controls to comply with applicable laws and regulations as defined by the CISRO Policy team and escalate significant regulatory non-compliance matters and developments to the Group CISRO;

• Promoting a healthy ICS risk culture and good conduct within Transformation, Technology & Operations IAM domain.

People & Talent*

\xc2\xb7 Lead through example and build the appropriate culture and values.

\xc2\xb7 Employ, engage and retain high quality people, with succession planning for critical roles.

\xc2\xb7 Uphold and reinforce the independence of the second line ICS Risk function.

Risk Management*

\xc2\xb7 Support the assessment of ICS risk and reporting by TTO 1st line teams.

\xc2\xb7 Support the ISRO TTO team in the use of the ICS RTF and other techniques from a 2nd line perspective.

\xc2\xb7 Raise visibility of ICS weaknesses to drive ICS improvements and uplift.

\xc2\xb7 Highlight gaps or control weaknesses against security standards and regulations in the key ICS domains (Identity Access Management (IAM), Application Security, Vulnerability Management, Malware Protection, Network Security, API security, Cloud and Container Security

\xc2\xb7 Create risk mitigation plans calling out where these are ineffective or insufficiently followed.

\xc2\xb7 Perform thematic reviews as required by the ISRO team.

Governance*

\xc2\xb7 Work with teams within TTO and participate in work groups and other meetings to understand, advise, and challenge on ICS matters

\xc2\xb7 Report any ICS risks/issues during TTO NFRC which require attention and support

\xc2\xb7 Ensure consistency of reporting and production of high-quality documentation and materials.

\xc2\xb7 Provide recommendations and feedback to CISRO teams based on experience with TTO

Regulatory & Business Conduct*

\xc2\xb7 Display exemplary conduct and live by the .

\xc2\xb7 Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.

\xc2\xb7 Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key stakeholders*

\xc2\xb7 Group CISRO Leadership Team

\xc2\xb7 Group ISRO Leadership Team

\xc2\xb7 Group TTO Risk Management and Cloud Governance Heads and teams

\xc2\xb7 Group CISO

\xc2\xb7 ISROs for Functions, Businesses and Regions

\xc2\xb7 Other CISRO teams

\xc2\xb7 Group Internal Audit

\xc2\xb7 Identified business stakeholders

Other Responsibilities*

Embed Here for good and Group\xe2\x80\x99s brand and values in ISRO TTO team; Perform other responsibilities assigned under Group, Country, Business or Functional policies and procedures withing ISRO TTO covering other domains beyond IAM.

Our Ideal Candidate

Cyber Security frameworks, standards and principles Advanced

Identity and Access Management Expert

Privileged Identity Management Advanced

Cloud and Container Security Core

About Standard Chartered

We\'re an international bank, nimble enough to act, big enough for impact. For more than 160 years, we\'ve worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you\'re looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can\'t wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you\'ll see how we value difference and advocate inclusion. Together we:

Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do

Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well

Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations

Time-off including annual, parental/maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with with minimum global standards for annual and public holiday, which is combined to 30 days minimum

Flexible working options based around home and office locations, with flexible working patterns

Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits

A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning

Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.

Recruitment assessments - some of our roles use assessments to help us understand how suitable you are for the role you\'ve applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.

Visit our careers website

Standard Chartered