About Standard Chartered Bank
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
The Role Responsibilities
Risk and Control
- To perform assigned risk and control work in information and cyber security space across the Group. This will entail working closely with team members on the assignment to assess key risk, key controls, identification of control gaps with remediation to address the risk, regulatory requirements and internal policies/standards (e.g. Operational Risk Framework, Information & Cyber Security Risk Framework)
- To take responsibility for delivering high-quality assignment in an efficient and effective manner, within the given budget and timelines and in line with defined standards
- To provide guidance and support to team members through technical/ product knowledge and expertise for their assignment relating to the individual's area of responsibility
- To provide good technical input and challenge on assignment in producing high quality output which address the risk
- To oversee, track and validate all remediation completion to address the risk
- To lead continuous monitoring of assigned focus areas, and to build and maintain engagement with domain management and internal stakeholders
- To promote early identification and escalation of risks, issues, trends and developments to relevant domains
- To support the consolidation of insightful risk posture of assigned focus area(s) through thematic and accurate risk profile and risk reporting including corelating relevant controls and associated risks/controls gaps (regulatory, internal and external audit issues, and self-identified gaps).
Control Assessment and Testing
- To manage and test the adequacy of the security control environment across the Domains
- To provide input on control design, assessment, testing processes and drive continuous improvement
- To perform review of the control self-assessment outcome, monthly control testing results and adequacy of the related remediation actions
- To manage/ perform functional involvement and deliverables in the annual regulatory/ industry attestations and the continuous control monitoring and exception remediation
Audit Management (Regulatory, Internal and External Audits)
Together with the Heads and Risk Specialists in Domain:
- To support audit engagement to better manage relationship with GIA Stakeholders
- To facilitate all scheduled Audits end-to-end for Domain
- To support and facilitate the audit remediation lifecycle ensuring action plans resolve the root cause, quality ICPs and support GIA in issue validation activities (where applicable).
- To provide ongoing reporting to Heads, Risk Owner, etc. on progress to date of Audit Issues and Remediation
- Support the Head where required, in the development and implementation of the risk assessment framework and/or standards
- Support the Head to perform all assignments address the key risks identified in each domain and meet relevant regulatory and internal requirements and expectations
- Support the Head to assess the risk and control environment to confirm that it remains relevant throughout the year as the risk profile of the business changes. Propose changes as appropriate
- Collaborate and work closely with team members to operate in line with the defined framework, standards, practice and remain close collaboration with stakeholders
- Support the Head to identify and implement opportunities for cost savings and optimal productivity of risk and control environment assessment.
- Establish and maintain effective working relationships with the management of domains and internal stakeholders under the focus area(s) and responsibility. They include Security Domain Heads, Security Domain Risk Teams, Chief Information Security Office SMEs, T&I Risk and Control team, TS Risk & Control and Group Internal Audit.
People and Talent
- Demonstrate proactivity and positive engagement during team sessions
- Influence change within the department by highlighting potential enhancements
- Identify and successfully complete key internal training for self-development
- Support the Head to proactively spot talent for the function.
Regulatory & Business Conduct
- Display exemplary conduct and live by the Group's Values and Code of Conduct.
- Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
- Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
- Perform other responsibilities as assigned by the Head and/or Leads.
Our Ideal Candidate
The successful candidate should have at least 10 years of experience in Technology Risk Management, Information Security or other related roles. The preferred candidate will have an in-depth understanding of controls required to manage Information and Cyber Security risk and preferable experience with tools that have been used in the industry. Further, experience in Financial Services or other heavily regulated industries (e.g. Pharmaceuticals, Healthcare, etc.) is preferable. Clear, Concise and Articulate communication of complex and conceptual topics is required for success.
In addition, the following qualifications are preferred:
- Relevant professional recognised industry certifications (e.g. CISSP, CISA, CISM, CRISC etc.)
- SWIFT Certification (eg. SWIFTNet Security Officer)
- Experience with audit, governance, risk or technology Implementation/operations
- Process Design and Analysis
- Data Analytics
Apply now to join the Bank for those with big career ambitions.
To view information on our benefits including our flexible working please visit our career pages.
Apply on company website