Job Description

Role Responsibilities The Information and Cyber Security [ICS] Policy Framework is the core component within the Group ICS Risk Type Framework in protecting and ensuring the resilience of Standard Chartered Bank&rsquos data and IT systems by managing Role Responsibilities The Information and Cyber Security [ICS] Policy Framework is the core component within the Group ICS Risk Type Framework in protecting and ensuring the resilience of Standard Chartered Bank&rsquos data and IT systems by managing ICS risk across the enterprise. The ICS Policy is as a critical function it reports into the Global Head of ICS Governance and Policy. This function sits within the Office of the CISRO which serves as the second line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Type Framework [RTF] and for instilling a culture of cyber security within the Bank. The ICS Policy function is responsible for ensuring that the ICS Policy is, at all times valid, relevant and effective together with the ICS Standards that support the Policy. Strategy The ICS Standards, Methodologies Manager is a permanent role that requires a good understanding and knowledge of ICS risk governance, frameworks, policies, standards, and procedures. The successful candidate will be able to understand the requirements of an ICS Policy framework and will be able to respond knowledgably to evolving business, regulatory and threat requirements. As part of the ICS Policy Framework we are required to have a thorough understanding of the Regulatory environment within the jurisdictions in which the Group operates. Legal, Regulatory and Mandatory requirements need to be aligned to the ICS Policy Framework in order for the Group to ensure it is compliant with the relevant requirements. Business The successful candidate will work closely with the Head of ICS Policy as well as engaging with other key stakeholders across the bank including Security Operations, in-country Heads of Information and Cyber Security, Technology and Innovation [T&I] and will input into various Group and Country risk committees and forums. Processes Policy and Standards Management Provide support and clarity to customers and users of the Information and Cyber Security Policy framework answering complex related questions and challenges as they arise. Ensure that all applicable regulatory requirements for critical and non-critical countries are mapped to the ICS Policy framework. Identify and align key industry standards to the ICS Policy framework. Provide detailed gap analysis and metrics of potential breaks in Policy to be managed. Provide and support innovative solutions for the communication of compliance to Policy and LRM. Risk Management Review and assimilate the Information & Cyber Security Risk Type Framework, including its key domains, controls and key roles and responsibilities. Assess and apply the ICS RTF within a complex business environment, adopting the Group&rsquos key principles to review, monitor, guide and challenge business areas in the adoption of key practices. Demonstrate and utilise depth of knowledge and capability, relating own subject matter expertise to support the implementation of the ICS RTF. Governance Ensure the ICS Policy Framework is appropriately aligned to the LRM environment as required as part of the delivery of the ICS Risk Type Framework. Ensure that key Industry standards are incorporated and aligned to the ICS Policy Framework [i.e. NIST 800, ISO27001, FIPS-140-2, PCI-DSS, SWIFT] Support the creation of reports as required relating to the management of information and cyber security risk in the bank QUALIFICATIONS TRAINING, LICENSES, MEMBERSHIPS AND CERTIFICATIONS Bachelor degree or above from an accredited college/university in an appropriate field. Strong communication skills in English At least 6+ years of experience in Information Security / IT auditing including one of the following: Information and Cyber Security policy, procedure, standards development, documentation, Information and Cyber Security policy communication Base understanding of information security risk business alignment, risk framework, risk management process e.g. risk definition, risk tolerance, reporting metric, set up risk controls, risk monitoring, risk mitigation plan, etc. Creation of complex new Information and Cyber Security policy content aligned to Regulation. Production of materials for governance meetings relating to Information and Cyber Security. Experience in conducting gap analysis against ICS related Legal Regulatory and Mandatory requirements Professional qualifications: CISA/CISSP/CISM/CRISC/ISO27001 lead auditor or lead implementer is preferred but not mandatory Personal authority based on established trusted relationships and ability to provide advice and direction which is respected amongst peers Proven ability to respond to complex challenges and deliver practical solutions and direction which reflect a balanced view of the operation of the bank Ability to both assess priorities and to focus on work in a structured fashion which delivers results Sound judgement and anticipation Strong integrity, independence and resilience Knowledge of security frameworks (e.g. COBIT, ISF, COSO), standards (e.g. ISO, NIST, CIS), information security principles, security architecture and Regulatory requirements Advanced competency with Microsoft Office Suite (Word, PowerPoint, Excel, SharePoint). About Standard Chartered We\'re an international bank, nimble enough to act, big enough for impact. For more than 160 years, we\'ve worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you\'re looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can\'t wait to see the talents you can bring us. Our purpose, todrive commerce and prosperity through our unique diversity, together with our brand promise, to behere for goodare achieved by how we each live ourvalued behaviours. When you work with us, you\'ll see how we value difference and advocate inclusion. Together we: Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing. Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations Time-off including annual, parental/maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with with minimum global standards for annual and public holiday, which is combined to 30 days minimum Flexible working options based around home and office locations, with flexible working patterns Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills,global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential. Recruitment assessments - some of our roles use assessments to help us understand how suitable you are for the role you\'ve applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process. Visit our careers website

Monster