Job Description

The Role Responsibilities Job Role As part of the global UK Audit and Corporate Governance (UK ACG) programme, the purpose of the role is to support the Global IT and Third Party Lead to oversee / successfully complete the work in relation to Third Party controls for outsourced IT systems & / or services. This includes the strategic design, workstream plans, design of testing procedures, performing SOX testing for in-scope third parties (including the review of SOC1 and SOC2 reports), and review / agreement of findings (including QA review and challenge) to drive subsequent remediation activities where required. The Senior Manager, Third Party Controls role sits within the UK ACG Third Party Controls sub-stream. The main responsibility of the Senior Manager will be to support the Global IT and Third Party Lead in delivering the third party SOX compliance programme by performing an assessment of controls at external Third Parties who fall within the scope of the UK ACG programme. The candidate will need to have a good understanding of control requirements, preparation of test scripts, SOC1 and SOC2 or other industry standard control report and the ability to design and test controls and prepare workpapers. The Senior Manager will plan and execute any third-party onsite reviews, as required, and highlight any control exceptions / arrange meetings with the third-party & / or application or business teams to discuss potential findings / observations as required. This work will involve extensive stakeholder liaison and engagement across KPMG (external advisors), Group, Businesses and Functions, including TTO risk and control teams, third party information security teams, contract managers and supply chain management. Strategy Understand the workstream objectives and roadmap. Understand the control objectives and test procedures. Identify in-scope third parties supporting in-scope IT applications or in-scope business processes, e.g. financial reporting. Gather any existing industry standard control report (e.g. SOC1, SOC2, ISAE3402) previously obtained in relation to the third party or engage the third party to gather evidences or plan for a virtual or onsite review (in the absence if any supporting SOX report). Agree test strategy for each in-scope third party. Responsible for review control documentation, understand the SOC report coverage and time period, check controls, assessing gaps. Responsible, where applicable, for performing a remote or onsite audit of the third party. Responsible for preparing SOX supporting documentation for each third party to include details of the control coverage, risks, deficiencies. Coordination activities across the Third Party control testing team and liaise with other related stakeholders as required during the planning and scheduling of reviews. If there are controls in which the third party has relied upon SCBs controls (known as complimentary user controls), document these for subsequent checks to confirm that SCB has those controls and that they have been tested / are satisfactory. Arrange meetings to facilitate Control testing / validation. Diligently provide weekly and ad hoc reporting on the status of assessments. Maintain a register of third party control reports. Manage and resolve outputs arising from the KPMG QA review of the Third Party controls testing review. Business Manage relationships with relevant stakeholders on related projects, collaborating closely. Work closely with businesses and functions impacted by relevant projects to solve issues and spot opportunities as they arise. People and Talent Be an example for others to follow with regard to implementation of control testing. Lead through example and build the appropriate culture and values. Work in collaboration with risk and control partners. Ensure active communication of workstream priorities and progress to stakeholders. Maintain a positive attitude with the capability to work under pressure and deliver on multiple deadlines. Foster good relationships with the TTO function and third party contract managers across the bank. Risk Management Responsible for accurate risk reviews / identification of SOX control gaps / risks associated with in-scope third party reviews. Identify project and business risks, escalating to the Executive Director, Third Party Controls (as appropriate). Regulatory and Business Conduct Display exemplary conduct and live by the Group\'s Values and Code of Conduct. Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct. Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters. Lead the team to achieve the outcomes set out in the Bank\'s Conduct Principles: [Fair Outcomes for Clients Effective Financial Markets Financial Crime Compliance The Right Environment]. Exercise authorities delegated by the Board of Directors and act in accordance with Articles of Association. Key Stakeholders Global IT and Third Party Lead Executive Director Third Party Controls UK ACG Project and Programme Managers Project / programme steering committee stakeholders ITAC application teams TTO stakeholders, including those within Risk and Controls function Our Ideal Candidate A Bachelor\'s degree in Computer Science, Management Information Systems or Business (e.g. Accounting, Business Administration, Economics, Finance, Management, Statistics preferred) Working knowledge of process mapping, controls identification and an understanding of SOC1, SOC2 industry reports and a deep understanding of US SOX (COSO13, COBIT) control environments is essential. Experience of reviewing SOC1 / 2 reports preferable. Ability to draft reports that clearly communicate observations and risks would be required. Able to work in a flexible and agile way. Effective communicator and collaborator with the ability to engage team, peers, and management. Good eye for detail and with a strong focus on Controls and compliance to policies and procedures. Self-motivated individual and able to drive results. And able to work independently. Strong team player and has the capacity to build good working relationships. Ability to multi-task, meet agreed timelines and respond quickly to management requests. Strong verbal and written communication and presentation skills i.e. PowerPoint, Excel, MS Project. Good understanding of governance and risk management. Role Specific Technical Competencies Spot Opportunities Solve Problems Take the Lead Build Resilience Collaborate Communicate Deliver Sustainably Achieve Results Manage Conduct Manage Risk Manage People Manage projects Manage change About Standard Chartered We\'re an international bank, nimble enough to act, big enough for impact. For more than 160 years, we\'ve worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you\'re looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can\'t wait to see the talents you can bring us. Our purpose, to , together with our brand promise, to be are achieved by how we each live our . When you work with us, you\'ll see how we value difference and advocate inclusion. Together we: Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing. Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations Time-off including annual, parental / maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with with minimum global standards for annual and public holiday, which is combined to 30 days minimum Flexible working options based around home and office locations, with flexible working patterns Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential. Recruitment assessments - some of our roles use assessments to help us understand how suitable you are for the role you\'ve applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.

foundit