Job Description

About Standard Chartered We\'re an international bank, nimble enough to act, big enough for impact. For more than 160 years, we\'ve worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you\'re looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can\'t wait to see the talents you can bring us. Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you\'ll see how we value difference and advocate inclusion. Together we: Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing. Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations Time-off including annual, parental/maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with with minimum global standards for annual and public holiday, which is combined to 30 days minimum Flexible working options based around home and office locations, with flexible working patterns Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential. Recruitment assessments - some of our roles use assessments to help us understand how suitable you are for the role you\'ve applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process. Role Responsibilities Strategy To evaluate overall ICS risk, maintain an active view, and report on the actual, mitigated and residual risk in the Security Technology Services Organization. Maintaining an active view of the Risk profile, will include conducting periodic assurance checks on Control Design and control Operating effectiveness and including this as part of the Residual Risk profile for each process. Business Achieving assigned full year objectives as per annual P3 document. Processes Risk Identification, Assessment and Evaluation Identify, assess and evaluate risk to enable the execution of the enterprise risk management strategy. Collect information and review documentation to ensure that risk scenarios are identified and evaluated. Identify potential threats and vulnerabilities for Information Security and technology processes, associated data and supporting capabilities to assist in the evaluation of risk. Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization. Correlate identified risk scenarios to relevant technology processes to assist in identifying risk ownership. Risk Monitoring Monitor risk and communicate information to the relevant stakeholders to ensure the continued effectiveness of the risk management strategy. Collect and validate data that measure control monitors (KCIs / CSTs and KRIs) to monitor and communicate their status to relevant stakeholders. Facilitate independent risk assessments and risk management process reviews to ensure they are performed efficiently and effectively. Information Systems Control Design and Implementation Design information systems controls in consultation with process owners to ensure alignment with process inputs and outputs. Facilitate the identification of resources (e.g. people, infrastructure, information, architecture) required to implement and operate information systems controls at an optimal level. Monitor the information systems control design and implementation process to ensure that it is implemented effectively and within time, budget and scope. Provide progress reports on the implementation of information systems controls to inform stakeholders and to ensure that deviations are promptly addressed. Test information systems controls to verify effectiveness and efficiency prior to implementation. Information Systems Control Monitoring and Maintenance Monitor and maintain information systems controls to ensure they function effectively and efficiently. People and Talent Build a transparent and collaborative culture with stakeholders to provide a broad view of risk profile of the respective domain. To work in partnership with Service team, 2LOD, GIA, regulatory SPOC to address all risk mitigation requirement. Continuously enhance the risk management and stakeholder management skillsets. Risk Management Monitor all major risk issues and concentrations. Where appropriate, direct remedial action and/or ensure adequate reporting to Risk Committees. Governance Promote an environment where compliance with ICS requirements is adhered and meet regulatory requirement is a central priority of the service. Regulatory & Business Conduct Display exemplary conduct and live by the Group\'s Values and Code of Conduct. Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct. Lead the STS Authentication Services Risk and Control to achieve the outcomes set out in the Bank\'s Conduct Principles: [Fair Outcomes for Clients Effective Financial Markets Financial Crime Compliance The Right Environment]. Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters. Key Stakeholders STS - Authentication Services. Our Ideal Candidate Information and Cyber Security Risk Management: at least 10+ years work experience in Information & Cyber Security and technology risk. The candidate should be well versed with core Information and Cyber Security processes like PKI and Digital Certificate Life Cycle Management, Identity & Access, Security Monitoring, Vulnerability Management, Network Security, Data Security. Has experience in practical application of audit methodology, conducting Risk reviews, Threat assessment. Possess good understanding of Risk Management Frameworks, Risk Assessment methodologies. Have good understanding of Information Systems controls and control design. Relevant technical qualifications such as CRISC, CISM, CISA, CISSP, etc. Good knowledge on NIST and other relevant industry frameworks on Cyber Security. Information and Cyber risk must be managed in the context of various other risks, opportunities and challenges facing the organization. Visit our careers website

foundit