Engage domain service owners, process owner, service leads, SMEs (Domain Stakeholders) to prepare / conduct risk assessment, risk treatment plan, to seek risk acceptance with appropriate risk officers.
Manage and drive Risk Treatment Plan, Risk and Control Self-Assessment.
Onboarding key control indicator (KCI) and key risk indicators (KRI). Advise on the design of key controls, key control indicator (KCI) and key risk indicators (KRI).
Monitor and report KCI and KRI as per metric defined. Review trend of material exceptions, identify systemic failures, escalate and drive control improvements. Review and agree changes or new KCI / KRI with Second Lines, UORM, T&I RC, etc
Identify Potential Failures in processes, advise and drive risk treatment / risk mitigation and risk monitoring
Conduct control sample testing (CST) on key control to attest the control operating effectiveness (COE).
Plan and drive risk and control reviews on new and in-flight projects
Track all material risks and drive remediation actions to reduce the risk
Provide support and guidance on risk remediation, control design to Domain Stakeholders. Review and approve proposed change in controls
Represent the Domain as the Single Point of Contact (SPoC) on internal and external audits
Ensure that the affected Domain (and units within) are sufficiently prepared for upcoming audits
Stay current of regulatory requirements, threats and leading industry practice and advise ET Head in risk management and control design
Review the adequacy and effectiveness of policies, standards, guidelines, process. Identify any material gaps, advice on control improvement
Conduct monthly Domain Risk Forum (DoRF) to drive risk discipline, risk awareness, risk reduction actions. Ensure attendance of Management Team (MT) members. Provide challenge to ensure robust risk management
Work with Awareness and Communication team to promote staff awareness on risk, compliance, audit support and remediation
Compliance
Plan, drive and/or perform control adequacy review to identify risk, non-compliance, control gap, vulnerabilities and advise remediation, preventive, corrective controls to Service Owners
Management Information
Ensure that MT (and any other stakeholder as required) is kept aware of the key risk, control & audit issue of the Domain through periodical risk forum and reporting
Prepare and provide management report on risk, compliance audit or remediation to MT, Risk Forum
Ensure that all management information is produced in line with the defined schedule and quality and should support management decision and action
Ensure integrity of source and the processing of data to deliver accurate representation in management information
Audit Management
Serve as single point of contact (SPoC) to handle information request from, and provide responses to regulators, external or internal auditors. Attend audit meetings, clarification, review.
Facilitate the review and verification on audit findings for accuracy, risk rating and remediation management action plans (MAP) with service owners. Review adequacy of management response to audit findings
Facilitate or mange the audit remediation to provide timely update on process and timely completion. Review remediation to ensure risks are significantly mitigated
Review progress and timely remediation of audit findings
Share thematic risk & audit findings across Domains and Units
Stakeholder Management
Manage stakeholder expectations and influence stakeholders in understanding risk and impacts, importance and priorities on threat and vulnerabilities of the Bank to be remediated, regulatory compliance gap to be addressed
Attend to any issue contention and resolve them including remediation ownership contention, remediation scope creep or challenge arising that may delay the remediation closure
Process
Lead Annual Technology Process Refresh for existing Process in the Domain as per the Bank Technology Governance framework. Drive Process Onboarding for New Process in the Domain
Advise on RCSA design as part of the Process Refresh. Advise the KCI / KRI required for the Process. Onboarding the KCI / KRI as part of RCSA.
Incidents
SPoC for the Domain on major incident review, drive risk and control review and control improvement required on Domain
Drive implementation and adoption of agreed initiatives across the Domain including communication, control design and control monitoring.
Key Stakeholders
Global Head, Enterprise Technology
Global Head, Core Infra Services
Global Head, Network Services
Head, Storage and Backup
Head, Service Management
Head, Data Center Services
Global Head, Enterprise Technology Risk and Control
Head, Onsite Technology Services (OTS)
Second Line (Group Operation Risk, CISRO Risk Officers)
Service Heads and Operation Risk Managers (ORMs) in other Domains (Cyber Security Services, Security Technology Services, Technology Operations, Cloud & DevOp Services)
Group Internal Audit and external auditors
Other Responsibilities
Lead and drive cross domain risk reduction initiative as required
QUALIFICATIONS
- 5 years and above of experience in IT or Operation risk management in either Banking and Financial services sector, global IT shared service organization, or IT audit organization. In-depth understanding of control design and operation in IT Risk
- Advanced knowledge and experience in infrastructure technology such as compute, storage, virtualisation, cloud, network, etc
- Advanced knowledge and experience in Risk and Control Self-Assessment, Risk Monitoring (KCI, KRI) and Control Self Testing
- Good understanding of regulatory requirements, IT risk and controls. Knowledge of methods, tools, techniques for anticipating, identifying, assessing and responding to technology risks and issues.
- Experience in engaging auditor and managing technology audit engagement. Experience in writing management response to audit issue. Minimum 2 years of hands-on experience in audit engagement and remediation
- Strong people management capabilities. Confident and self-motivated leader with experience in effectively negotiating with and influencing others in a matrix environment. Ability and confidence to engage and drive risk objectives across a wide range of seniority levels, functional divides, locations and businesses
- Possess a pro-active and resilient posture, stay focus and committed to deliver risk objectives and book of work across complex, global environments
- Ability to gather and analyse facts and data in complex, global environment, provide value-added analysis and recommendation to management, make quality judgement and support critical decision in investment or risk response
- Excellent written and oral English skills. Good risk writing competency
- CRISC or CISA or CISM or CISSP certified is definite advantage
- Bachelor Degree in Computer Science / Information Technology, Engineering, Finance or equivalent
ROLE SPECIFIC TECHNICAL COMPETENCIES
Risk Management (risk identification, analysis, risk and monitoring, risk and control self-assessment) Expert
Risk Remediation Advanced
Audit Engagement Support Core
Regulatory Compliance Core
Information and Cyber Security Core
IT Infrastructure Technology Advanced
Compliance Assessment (self-assessment, control review) Advanced
Process Management (process writing, process improvement) Core
Risk Committee / Risk Forum facilitation Core
About Standard Chartered
We\'re an international bank, nimble enough to act, big enough for impact. For more than 160 years, we\'ve worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you\'re looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can\'t wait to see the talents you can bring us.
Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you\'ll see how we value difference and advocate inclusion. Together we:
Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term
In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.
Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations
Time-off including annual, parental/maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with with minimum global standards for annual and public holiday, which is combined to 30 days minimum
Flexible working options based around home and office locations, with flexible working patterns
Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning
Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.
Recruitment assessments - some of our roles use assessments to help us understand how suitable you are for the role you\'ve applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.