The Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank's data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the Group CISO team serves as the second line of defence for assuring ICS controls are implemented effectively, in accordance with the ICS Risk Type Framework, and for instilling a culture of cyber security within the Bank. The Group CISO is responsible for ICS governance, strategy, policy, awareness, training, risk assessments, cyber stress testing, third party security risk, industry partnerships, and regulatory engagement. In addition, the team of Information Security Officers (ISO) reports to the CISO and performs a pivotal role as an extension of the CISO in supporting the ICS risk management strategy, governance, advisory and assurance roles that face off to the Business Lines, Regions, and Functions. The Group CISO is central to ensuring the Bank's ability to meet its ICS commitments to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board.
The Head, ICS Assurance and Attestation is a permanent role that requires in-depth knowledge of technology, ICS control assurance and attestation. The individual will also have a good understanding of global legal, regulatory and industry regulations, frameworks and standards as well as sound business acumen and strong stakeholder management. This role reports directly to the Global Head ICS Assurance & Testing ("A&T").
The role is responsible for · Supporting the Global Head ICS A&T to define and deliver the ICS Assurance framework and execution of assurance activities in support of centralised risk activities of Group CISO. · Attestation reviews for Crisis Management Group countries and payments security (such as PCI, SWIFT). · Technical assurance of first line activities involving new technology, technology enhancements and technical assurance over transformation program activities. · Supporting the wider Group CISO activities including the ICS Risk Type Framework, regulatory ICS filing assurance and ISO activities. · Supporting the Global Head ICS A&T to direct staff engaged in ICS Assurance & Attestation activities
The individual will support the Global Head ICS A&T to ensure that ICS risk across the group is identified and managed through robust ICS assurance activities and provide advisory services across the Group when required. As ICS is a principal risk type and top priority for the Bank, ICS assurance and testing is pivotal to ensuring that the Bank is managing cyber risk in an effective manner in line with the expectations of the Board, Management Team, and regulators.
Strategy · Support the Global Head of ICS A&T to define, develop and operationalise an ICS assurance and attestation strategy that aligns and integrates with the risk management strategy for ICS Risk Type Framework ("RTF") as a principal risk type and wider enterprise risk management strategy for the Bank Enterprise Risk Management Framework ("ERMF"). · Develop specialist assurance and attestation capabilities focused on high risk domains including, but not limited to, payments security (e.g. PCI, SWIFT). · Provide risk assurance perspective and advisory to the Group CISOs on implementation of initiatives generated by the Groupwide ICS Transformation and Remediation Program. · Support the Global Head ICS A&T to provide thought leadership and contribute to the development of the broader ICS risk management strategy for the Bank. · Work closely with ICS Governance, Risk and Policy team, Security Technology Services (STS) team, ICS Operational Risk team, ICS Audit team, and the Information Security Officers (ISO) team to ensure that all assurance and testing activities are in alignment with and support the activities of stakeholders.
Business · Maintain strong stakeholder engagement with T&I, ISOs, the wider CISO organisation, Group Internal Audit and Risk & Compliance stakeholders to ensure alignment across stakeholder groups. · Effective management of stakeholder expectations and deliverables to allow for timely identification, communication and management of risk assurance and attestation engagements across the Bank. Support the Global Head ICS A&T to represent the Group CISO and evangelise ICS risk management and ownership across businesses and countries as appropriate.
Processes · Follow and further develop the ICS Assurance and Attestation methodology and ensure that the assurance and Attestation deliverables meets the quality standards set out in the methodology. Set up the annual plan for the ICS Assurance and Attestation exercises. Lead and manage the execution of the plan to achieve the target on quality, timeline and budget.
People & Talent · Lead and direct the continued development of team members through effective mentoring and guidance. Exercise good people management in the areas of resourcing, talent development, performance management, learning and development and engagement.
Risk Management · Proactively provide leadership and direction, where and when appropriate, to the Bank's overall risk management activities for ICS as a principal type. · Ensure that all assurance and attestation work is in line with and supports the ICS principal risk type under the Bank's ERMF. This requires the identification of risk through comprehensive and pragmatic operating effectiveness testing of the Bank's ICS control ecosystem. · Ensure early identification and escalation of risks, issues, trends and developments to the Group CISO and relevant stakeholders.
Governance · Ensure compliance with relevant operational and people risk controls, and employment legislation. · Support the Global Head ICS A&T to lead the effectiveness of ICS risk management through timely identification of ICS risk and escalation to appropriate risk governance forums. · Support the Global Head ICS A&T to provide direction and leadership in the development of appropriate governance oversight, including Project Steering Committees, Project Working Groups etc to provide a structured way of running all assurance and testing engagements. · Support the Global Head ICS A&T to provide direction and leadership in the establishment of strong programme management controls for assurance activities. · Exercise good governance over team costs, project spend and ad-hoc spending in line with budget and cost control expectations.
Regulatory and Business Conduct · Display exemplary conduct and live by the Group's Values and Code of Conduct. · Demonstrate leadership ability to ensure that the team achieves the outcomes set out in the Bank's Conduct Principles. · Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct. · Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
Other Responsibilities · Support the Global Head ICS A&T to deliver additional responsibilities aimed at ensuring the overall reduction and effective management of the Bank's ICS risk posture may be delegated.
Key Stakeholders Group CISO team Group STS team Global Head Technology Services Core Management Global Head, Information Security Officers for Regions Global Head, ICS Governance, Policy and Risk Key Business Stakeholders including: CIOs; Business and Function COOs, etc Head, Audit - Information & Cyber Security Head Operational Risk - Information & Cyber Security Group Risk and Compliance
Qualifications & Experience · Proven experience in ICS assurance and attestation, ICS audit, information security officer, senior ICS governance, policy or risk management role · Thorough understanding of IT security business processes, risks, threats and internal controls. · Experience working in or with the financial services industry with keen understanding of business and operational environments. In-depth knowledge of payment security e.g. PCI DSS, SWIFT. · Strong knowledge of the businesses, markets and operations of Standard Chartered Bank and its ICS risk policies, procedures and processes. · Good understanding of global legal, regulatory and industry regulations, frameworks and standards and the ability to adapt to the changes accordingly. · Good understanding of the latest ICS threat development. · Able to communicate complex ICS risks/issues precisely and effectively. Able to construct recommendations in a factual and persuasive manner. Excellent communication skills in both written and oral form. · Proven ability to lead highly complex, global activities through influence and credibility rather than command and control. Strong senior stakeholder management. Ability to liaise with all parts of the Bank, including senior security, risk and business stakeholders. · Ability to both assess strategic priorities and to focus on detailed aspects of a function to drive effective delivery. · Strong integrity, independence and resilience. · Graduate degree (Master's) and/or professional certifications have an advantage (e.g., CISA, CISSP, CISM, ITIL, ISO 27001, CIPP, EC Council ). · Any other platform/technology experience across various systems and platforms.
Our Valued Behaviours Do the right thing: Be brave, be the change; Think client; Live with integrity Never Settle: Continuously improve and innovate; Simplify; Learn from your successes and failures Better together: See more in others; How can I help? Build for the long term
About Standard Chartered We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
Apply now to join the Bank for those with big career ambitions.
Internal Number: 6115480
About Standard Chartered Bank
eFinancialCareers is a career site specializing in financial services.