Job Description

Role Responsibilities Risk Management * Engage domain service owners, process owner, service leads, SMEs (Domain Stakeholders) to prepare / conduct risk assessment, risk treatment plan, to seek risk acceptance with appropriate risk officers. Role Responsibilities Risk Management Engage domain service owners, process owner, service leads, SMEs (Domain Stakeholders) to prepare / conduct risk assessment, risk treatment plan, to seek risk acceptance with appropriate risk officers. Manage and drive Risk Treatment Plan, Risk and Control Self-Assessment. Onboarding key control indicator (KCI) and key risk indicators (KRI). Advise on the design of key controls, key control indicator (KCI) and key risk indicators (KRI). Monitor and report KCI and KRI as per metric defined. Review trend of material exceptions, identify systemic failures, escalate and drive control improvements. Review and agree changes or new KCI / KRI with Second Lines, UORM, T&I RC, etc Identify Potential Failures in processes, advise and drive risk treatment / risk mitigation and risk monitoring Conduct control sample testing (CST) on key control to attest the control operating effectiveness (COE). Plan and drive risk and control reviews on new and in-flight projects Track all material risks and drive remediation actions to reduce the risk Provide support and guidance on risk remediation, control design to Domain Stakeholders. Review and approve proposed change in controls Represent the Domain as the Single Point of Contact (SPoC) on internal and external audits Ensure that the affected Domain (and units within) are sufficiently prepared for upcoming audits Stay current of regulatory requirements, threats and leading industry practice and advise ET Head in risk management and control design Review the adequacy and effectiveness of policies, standards, guidelines, process. Identify any material gaps, advice on control improvement Conduct monthly Domain Risk Forum (DoRF) to drive risk discipline, risk awareness, risk reduction actions. Ensure attendance of Management Team (MT) members. Provide challenge to ensure robust risk management Work with Awareness and Communication team to promote staff awareness on risk, compliance, audit support and remediation Compliance Plan, drive and/or perform control adequacy review to identify risk, non-compliance, control gap, vulnerabilities and advise remediation, preventive, corrective controls to Service Owners Management Information Ensure that MT (and any other stakeholder as required) is kept aware of the key risk, control & audit issue of the Domain through periodical risk forum and reporting Prepare and provide management report on risk, compliance audit or remediation to MT, Risk Forum Ensure that all management information is produced in line with the defined schedule and quality and should support management decision and action Ensure integrity of source and the processing of data to deliver accurate representation in management information Audit Management Serve as single point of contact (SPoC) to handle information request from, and provide responses to regulators, external or internal auditors. Attend audit meetings, clarification, review. Facilitate the review and verification on audit findings for accuracy, risk rating and remediation management action plans (MAP) with service owners. Review adequacy of management response to audit findings Facilitate or mange the audit remediation to provide timely update on process and timely completion. Review remediation to ensure risks are significantly mitigated Review progress and timely remediation of audit findings Share thematic risk & audit findings across Domains and Units Stakeholder Management Manage stakeholder expectations and influence stakeholders in understanding risk and impacts, importance and priorities on threat and vulnerabilities of the Bank to be remediated, regulatory compliance gap to be addressed Attend to any issue contention and resolve them including remediation ownership contention, remediation scope creep or challenge arising that may delay the remediation closure Process Lead Annual Technology Process Refresh for existing Process in the Domain as per the Bank Technology Governance framework. Drive Process Onboarding for New Process in the Domain Advise on RCSA design as part of the Process Refresh. Advise the KCI / KRI required for the Process. Onboarding the KCI / KRI as part of RCSA. Incidents SPoC for the Domain on major incident review, drive risk and control review and control improvement required on Domain Drive implementation and adoption of agreed initiatives across the Domain including communication, control design and control monitoring. Key Stakeholders Global Head, Enterprise Technology Global Head, Core Infra Services Global Head, Network Services Head, Storage and Backup Head, Service Management Head, Data Center Services Global Head, Enterprise Technology Risk and Control Head, Onsite Technology Services (OTS) Second Line (Group Operation Risk, CISRO Risk Officers) Service Heads and Operation Risk Managers (ORMs) in other Domains (Cyber Security Services, Security Technology Services, Technology Operations, Cloud & DevOp Services) Group Internal Audit and external auditors Other Responsibilities Lead and drive cross domain risk reduction initiative as required QUALIFICATIONS - 5 years and above of experience in IT or Operation risk management in either Banking and Financial services sector, global IT shared service organization, or IT audit organization. In-depth understanding of control design and operation in IT Risk - Advanced knowledge and experience in infrastructure technology such as compute, storage, virtualisation, cloud, network, etc - Advanced knowledge and experience in Risk and Control Self-Assessment, Risk Monitoring (KCI, KRI) and Control Self Testing - Experience in writing Risk Assessment Paper, Risk Acceptance paper, Risk Treatment Plan. - Good understanding of regulatory requirements, IT risk and controls. Knowledge of methods, tools, techniques for anticipating, identifying, assessing and responding to technology risks and issues. - Experience in engaging auditor and managing technology audit engagement. Experience in writing management response to audit issue. Minimum 2 years of hands-on experience in audit engagement and remediation - Strong people management capabilities. Confident and self-motivated leader with experience in effectively negotiating with and influencing others in a matrix environment. Ability and confidence to engage and drive risk objectives across a wide range of seniority levels, functional divides, locations and businesses - Possess a pro-active and resilient posture, stay focus and committed to deliver risk objectives and book of work across complex, global environments - Ability to gather and analyse facts and data in complex, global environment, provide value-added analysis and recommendation to management, make quality judgement and support critical decision in investment or risk response - Excellent written and oral English skills. Good risk writing competency - CRISC or CISA or CISM or CISSP certified is definite advantage - Bachelor Degree in Computer Science / Information Technology, Engineering, Finance or equivalent ROLE SPECIFIC TECHNICAL COMPETENCIES Risk Management (risk identification, analysis, risk and monitoring, risk and control self-assessment) Expert Risk Remediation Advanced Audit Engagement Support Core Regulatory Compliance Core Information and Cyber Security Core IT Infrastructure Technology Advanced Compliance Assessment (self-assessment, control review) Advanced Process Management (process writing, process improvement) Core Risk Committee / Risk Forum facilitation Core About Standard Chartered We\'re an international bank, nimble enough to act, big enough for impact. For more than 160 years, we\'ve worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you\'re looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can\'t wait to see the talents you can bring us. Our purpose, to drive commerce and prosperity through our unique diversity , together with our brand promise, to be here for good are achieved by how we each live our valued behaviours . When you work with us, you\'ll see how we value difference and advocate inclusion. Together we: Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing. Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations Time-off including annual, parental/maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with with minimum global standards for annual and public holiday, which is combined to 30 days minimum Flexible working options based around home and office locations, with flexible working patterns Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills,global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential. Recruitment assessments - some of our roles use assessments to help us understand how suitable you are for the role you\'ve applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process. Visit our careers website

Monster