Job Description

Role Responsibilities Role Context The Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank&rsquos data and IT systems by managing information and cyber secu Role Responsibilities Role Context The Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank&rsquos data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Operating Officer (COO), the Group CISO serves as the first line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Framework and for instilling a culture of cyber security within the Bank. The Group CISO is central to ensuring the Bank&rsquos ability to meet its ICS commitment to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board. The Global Head of TPSR is accountable for leading the third-party security risk assessment program within the Bank. The program plays a central role across the Bank in managing vendor risk by implementing a standardized data risk security assessment to third parties. Significant transformation is underway within the Third Party Security Risk function to rapidly improve the Group&rsquos Cyber, Data, Privacy and Automation control environment, along with digitization and innovation, and to collaborate with different areas of the bank that are responsible for vendor management to build integration of third party data security risk into the wider bank vendor management process. To support the TPSR transformation agenda in growing trust with clients and regulators, this is a role within the Third Party Security Risk (TPSR) team and member of the TPSR Operations management team who will be primarily accountable for the global function responsible for working with all business and functions in the bank in determining the initial risk assessment, applicability of TPSA and annual Due Diligence for all in-scope third party relationships. This role reports directly to the Regional or Global Account Head TPSR Stakeholder will include operational leads within TPSR, Supply Chain Management (SCM) and Third-Party Risk Management (TPRM) and central vendor management functions within businesses and functions across the bank. Key Responsibilities Support the Regional or Global Account Head in delivering the third-party security risk program within assigned portfolio Interact with all levels of management within the Bank while performing third party security activities Establish strong relationships with identified stakeholders across the portfolio and understand their strategic goals, to ensure ICS alignment. Business Execution and Delivery Effectively perform Third Party Security Assessments and ensure quality and timely execution. Articulate Information and Cyber Security Threats and risks clearly including impact that the risk may have on the business. Make timely and sound judgments, and identify clear solutions from broad, complex or ambiguous situations. Recommend efficient solutions, both in terms of procedures and technical implementations, to address identified Cyber and Information Security risks. Evaluate and determine if remediation evidence sufficiently addresses the risks within documented observations Provide reporting / visibility to stakeholders on the status of assessments & observations to drive compliance Support training and awareness initiatives relating to third party security risk Contribute to continuous improvement initiatives People and Talent N/A This is not a managerial role. Regulatory & Business Conduct Display exemplary conduct and live by the Group&rsquos Values and Code of Conduct. Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct. Follow the Leadership of Global Head of TPSR to achieve the outcomes set out in the Bank&rsquos Conduct Principles: Fair Outcomes for Clients Effective Operation of Financial Markets, Financial Crime Prevention Creating the Right Environment. Effectively and collaboratively identify, escalate, mitigate, and resolve risk, conduct and compliance matters. Key Stakeholders Supply Chain Management / Global Sourcing Business Unit stakeholders & Third Party ICS Contacts PMO of Third-Party Assessors TPSR Regional Heads and Global Account Head Head of Third-Party Privacy REAM team RAR team HICS CISRO Our Ideal Candidate Bachelor&rsquos degree or above from an accredited college/university in an appropriate field. Strong communication skills in English Ideally 8 years of experience in information security / IT auditing, with Big 4 and/or Banking & Financial services experience Experience in third party audits is a plus, but understanding of auditing standards, compliance, risk assessment and internal control frameworks is a requirement. Relevant certificates (e.g. CISSP, CISA, CRISC, CIA) is a plus Excellent written and interpersonal skills. Strong time management skills. Ability to draft reports that clearly communicate observations and risks would be required. Strong stakeholder engagement skills, and ability to interact at all levels across an organisation. Strong audit project organisation and management skills. Ability to multitask and ensure that all key priorities are delivered as per agreed timelines. Knowledge of security frameworks (e.g. COBIT, ISF, COSO), standards (e.g. ISO, NIST, CIS), information security principles, security architecture and regulatory requirements will be a plus. Competency with Microsoft Office Suite (Word, PowerPoint, Excel, Visio, SharePoint). About Standard Chartered We're an international bank, nimble enough to act, big enough for impact. For more than 160 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can't wait to see the talents you can bring us. Our purpose, to drive commerce and prosperity through our unique diversity , together with our brand promise, to be here for good are achieved by how we each live our valued behaviours . When you work with us, you'll see how we value difference and advocate inclusion. Together we: Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing. Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations Time-off including annual, parental/maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with with minimum global standards for annual and public holiday, which is combined to 30 days minimum Flexible working options based around home and office locations, with flexible working patterns Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills,global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential. Recruitment assessments - some of our roles use assessments to help us understand how suitable you are for the role you've applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process. Visit our careers website