Job : Risk
Primary Location : Asia-Malaysia-Kuala Lumpur
Schedule : Full-time
Employee Status : Permanent
Posting Date : 17/Mar/2023, 4:22:56 AM
Unposting Date : Ongoing


The Role Responsibilities Job Role The Group Chief Information Security Risk Officer (CISRO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank\xe2\x80\x99s data and IT systems by managing Information and Cyber Security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the Group CISRO team serves as the second line of defence for assuring ICS controls are implemented effectively, in accordance with the ICS Risk Framework, and for instilling a culture of cyber security within the Bank. Group CISRO is responsible for the development of ICS framework, which includes all aspects of end-to-end risk identification, assessment, management, and mitigation to stay with approved risk appetite thresholds; ICS policy, assurance and red team activities, cyber resilience, and stress testing, third party security risk, industry partnerships, and regulatory engagement. The team of Information Security Risk Officers (ISRO) have delegated authority for risk approval from the Group CISRO and support the implementation of the ICS risk management strategy, providing oversight, governance, and advisory across the Group\xe2\x80\x99s Business, Regions, and Functions. Group CISRO is central to ensuring the Bank is able to meet its ICS commitments to internal and external stakeholders, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board. Group CISRO is proud to have a diverse workforce with a global presence in over 10 countries. More than a third of our global workforce are women and almost half represent our senior leadership roles. We also have a great ethic and generational balance in our teams and are committed to promote a workplace environment that is consciously inclusive, respects and celebrates the variety of opinions and diverse views, and where every voice is heard and acknowledged. We embrace our differences and know that our diverse and inclusive approach is a strength that drivers our success. We want all applicants to feel able to perform at their best throughout the hiring process and we\xe2\x80\x99ll support you with any reasonable adjustments you need. No matter who you are, where you come from, you are welcome to CISRO. In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial, and social wellbeing. Some of the highlights:

• New Ways of Working, with flexible working arrangement that helps you balance your personal life and create a positive employee experience.
• Recognition and reward to show our appreciation in supporting you for achieving significant milestones and growth or aspirational goals.
• We offer 18 types of leave benefits that covers annual and block leave, health, and wellness, starting a family such as marriage leave, maternity, family care etc. and time off which provides great flexibility opportunities to our employees.
• Exciting work-related benefits such as Loyalty Award to celebrate every 5-year milestone with you and Professional Associations related benefits.
• We invest in our people with a continuous learning culture to support your growth, with opportunities to reskill and upskill with access to physical, virtual, and digital learning.
• We offer access to various sports and recreational facilities.

Strategy The Senior Information and Cyber Security (ICS) Risk Manager is a permanent role that requires knowledge and experience in ICS risk management, and information and cyber security risk. This role reports directly to the Head of ICS Risk. Business

• The primary purpose of this position is to support the embedding of ICS Risk management and governance across the Group while also managing and co-ordinating responses to regulatory requests in line with the ICS RTF.
• The successful candidate will work closely with the Head of ICS Risk and the wider Group 2LOD team to lead the interaction with relevant stakeholder groups across the organisation to ensure the effective discharge of the Group 2LOD\xe2\x80\x99s obligations as defined within the ICS RTF.

Processes The major functional activities that the role will lead and manage are

• Builds awareness and understanding of the regulatory framework, in which the Group operates, and the regulatory requirements and expectations relevant to the role.
• Receive and understand regulatory requirements and ensure all relevant stakeholders have a clear understanding on delivery status.
• Provide SME input to support operationalisation and ensure adherence to the RTF\xe2\x80\x99s risk management methodology.
• Assist in drafting regular reports to the 2LOD Leadership Team and others as required.
• Provide support to the maintenance of the ICS Risk Type Framework (RTF).
• Supports regulatory requests pertaining to the embedding of ICS RTF.

People and Talent

• Leads through example by upholding high standards of excellence, ethics and code of conduct, governance and risk awareness, and stakeholder partnership and collaboration.
• Collaborate with the wider 2LOD team and share knowledge where relevant.
• Lead through example and build the appropriate culture and values locally.

Risk Management

• Review and assimilate the Information and Cyber Security Risk Type Framework and Policy, including its key domains, controls and key roles and responsibilities.
• Ensure early identification and escalation of risks, issues, trends, and developments to 2LOD and relevant stakeholders.
• Ensure that all activities are in line with and support of the ICS principal risk type under the Bank\xe2\x80\x99s ERMF.

Governance Directly Accountable

• Builds awareness and understanding of the regulatory framework, in which the Group operates, and the regulatory requirements and expectations relevant to the role.
• Support the creation of reports as required relating to the management of information and cyber security risk in the bank.

Regulatory and Business Conduct

• Display exemplary conduct and live by the Group\xe2\x80\x99s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
• Demonstrate leadership ability to ensure that the team achieves the outcomes set out in the Bank\'s Conduct Principles.

Key Stakeholders

• Heads of ICS (Business, Function, Country level)
• Information and Cyber Security Risk Officers
• Wider Risk Framework and Policy Team
• Group 2LOD Leadership team
• Global Process Owners
• Head of ICS Risk

Other Responsibilities

• Perform other responsibilities assigned under Group, Country, Business or Functional policies and procedures.
• Strong stakeholder and relationship management experience, ideally from within financial services industry.
• Understanding of the regulatory environment and developments related to the financial services industry.
• Embed \xe2\x80\x9cHere for Good\xe2\x80\x9d and Group\xe2\x80\x99s brand and values in the Group 2LOD team.
• Ability to create effective work relationships across functions and borders.
• Sound knowledge of risk governance frameworks and processes.
• Analytical / critical thinking skills.

Our Ideal Candidate

• Bachelor\xe2\x80\x99s degree or above from an accredited college/university in an appropriate field.
• Strong communication skill.
• Relevant experience in Information Security / IT auditing, with Big 4 and / or

Banking and Financial services experience including the following

• Information and Cyber Security framework, procedures, standards development, documentation
• Information and Cyber Security methodology communication
• Information security risk business alignment, risk framework, risk management process e.g. risk definition, risk tolerance, reporting metric, set up risk controls, risk monitoring, risk mitigation plan, etc.
• Creation of complex new Information and Cyber Security content aligned to industry standard.
• Production of materials for governance meetings relating to Information and Cyber Security.

Professional Qualifications

• CISA / CISSP / CISM / CRISC / ISO27001 lead auditor or lead implementer is preferred but not mandatory
• Good knowledge of the businesses, markets and operations of Standard Chartered Bank and the policies, procedures and processes through which Information and Cyber Security risks are addressed throughout the Group.
• Knowledge of security frameworks (e.g. COBIT, ISF, COSO), standards (e.g. ISO, NIST, CIS), information security principles, security architecture and Regulatory requirements.
• Proven ability to respond to complex challenges and deliver practical solutions and direction which reflect a balanced view of the operation of the bank.
• Proven ability to respond to complex challenges and deliver practical solutions and direction which reflect a balanced view of the operation of the bank.
• Personal authority based on established trusted relationships and ability to provide advice and direction which is respected amongst peers.
• Ability to both assess priorities and to focus on work in a structured fashion which delivers results.
• Ability to both assess priorities and to focus on work in a structured fashion which delivers results.
• Advanced competency with Microsoft Office Suite (Word, PowerPoint, Excel, SharePoint).
• Good understanding and knowledge of working with Information and Cyber Security risk.
• Sound judgement and anticipation. Strong integrity, independence, and resilience.
• Proven advanced English writing and communication skills.
• Strong integrity, independence, and resilience.
• Sound judgement and anticipation.

Role Specific Technical Competencies

• Platforms and tooling such as Pega, Microstrategy, Hadoop, etc
• Information and Cyber Security Risk Management
• Governance Risk and Control (GRC) frameworks
• GRC Tooling (e.g. MetricStream, ServiceNow)
• Integration architecture and technologies
• Enterprise Security Architecture
• Deliver Sustainably
• Spot Opportunities
• Build Resilience
• Achieve Results
• Solve Problems
• Take the Lead
• Communicate
• Collaborate

About Standard Chartered We\'re an international bank, nimble enough to act, big enough for impact. For more than 160 years, we\'ve worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you\'re looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can\'t wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you\'ll see how we value difference and advocate inclusion. Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations
• Time-off including annual, parental/maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with with minimum global standards for annual and public holiday, which is combined to 30 days minimum
• Flexible working options based around home and office locations, with flexible working patterns
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.

Recruitment assessments - some of our roles use assessments to help us understand how suitable you are for the role you\'ve applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process. Visit our careers website www.sc.com/careers