About Standard Chartered We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
The Role Responsibilities
The Director, Data Management & Privacy Assurance is part of the '1 st line' assurance centre of excellence, and will safeguard the businesses and functions' delivery, through the provision of high-quality assurance on the effectiveness of Data Privacy capabilities. Working with business and function colleagues, will provide assurance and advice, and advocate and impart lessons and good practice to shape the design and implementation of Data Privacy capabilities, and determine whether these capabilities are operating effectively in BAU to achieve and maintain risk reduction.
Key responsibilities of the role include:
Providing Expert Assurance
Define and maintain an efficient technical assurance methodology which delivers risk focused, timely and re-performable assurance.
Analyse business & functional processes to identify risks and control weaknesses. For example, the adequacy and effectiveness of internal controls over how data is collected, created, received, transmitted, maintained and disposed of.
Evaluate the adequacy and effectiveness of IT and systems controls regarding the reliability and integrity of information, effectiveness and efficiency of operations, safeguarding of assets and compliance with policies and procedures
Recommend process improvements to address control gaps and to enhance efficiency where possible.
Support stakeholders in defining remediation actions / solutions to address identified assurance findings.
Validate that the completed remediation activities address the risk in the identified assurance findings
Support liaison with Group Internal Audit and any regulatory inspections as required.
Assist in identifying, assessing, monitoring, controlling and mitigating data management, data governance, data quality & privacy risks to the Group.
Adopt an anticipatory approach to risk assessment through stakeholder engagement and monitoring of the external environment to improve assurance planning.
Work with other control assurance teams to drive efficiency, effectiveness and reduce duplication.
Supporting Strategic Delivery and Risk Reduction Build effective relationships with leaders to facilitate:
The provision of timely, expert advice and assurance.
Partnerships with other functions to provide professional advice and assurance.
Grow trust with clients and regulators by delivering best practice cybersecurity solutions and protecting data and privacy.
Developing Capability and Supporting Success
Facilitate the learning from previous experience by identifying and communicating transferable lessons, helping to embed these lessons, and encouraging best practice.
Business, Functions and Regions
Provide robust challenge and escalation to senior management and all relevant business/function/region stakeholders to ensure activities achieve risk reduction.
Maintain strong stakeholder engagement with Chief Data Protection Officer, Heads of Operations for Data Management, Privacy & Automation, ICSTRP Accountable Executive, Chief Information Security Office, Technology Services MT, T&I MT, Risk & Compliance, and Group Internal Audit and COOs to ensure alignment across stakeholder groups
Provide timely and accurate reporting to appropriate committees
Ensure appropriate oversight and facilitate resolution of high impact risk and issues
Leadership, People and Talent
Provide proactive self-orienting and self-motivating leadership, and work with limited direction
Provide strong leadership, management and coaching
Lead through example and build the appropriate culture and values. Set appropriate tone and expectations, and work in collaboration with risk and control partners.
Regularly share lessons learnt and best practice in a timely manner across a wide-ranging stakeholder group within businesses/functions
Regulatory and Business Conduct
Display exemplary conduct and live by the Group's Values, Valued Behaviours, and Code of Conduct
Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the Bank.
Effectively and collaboratively identify, escalate, mitigate, and resolve risk, conduct and compliance matters.
Global Head Operations- Trust, Data and Automation
Chief Data Protection Officer
Head Operations, Automation
Head Operations, Data Management & Privacy
Client Journey leads
Security Technology Services MT
Global Head Governance & Change, CIO
Chief Information Security Office
Group Operational Risk
Head, Audit - Information Security & Cyber
Our Ideal Candidate Essential
Essential · Risk management or audit professionals, with experience in executing deep control assurance/audit reviews. · Strong IT knowledge/experience. · Highly effective and structured verbal and written communication skills. · The ability to influence senior leaders & peers, and build strong relationships is critical for this role · Excellent organisation and leadership skills with ability to manage multiple deadlines and effectively prioritise · Ability to exercise good judgment and objectivity. · Independent - demonstrates the ability to work with limited direction and multi-task without loss of quality · Ability to perform the role of 'Change Leader' · Confident and courageous to raise/escalate issues in a pro-active, professional and timely manner · Demonstrate understanding of and commitment to the Group's core values · Fluency in English Preferred - but NOT essential: · Deep understanding of global data management, governance & privacy frameworks and standards Demonstrate deep knowledge of data governance, data quality management, data privacy, data handling and data classification including (but not limited to): Data and application protection, cross border data restrictions, data classification, data discovery, data governance, data loss prevention, back-up/recovery and retention etc. · Expertise in global data protection laws and practices with an in-depth understanding of any of the following: Personal Data Protection Act, General Data Protection Regulation, Cybersecurity Act, Safe Harbour and Multi-Jurisdictional IT / Privacy regulations and requirements such as cross-border data transfer. · Financial services experience · University degree and professional certification (such as CIPP, CIA, CISA, CISSP, or CISM) · Ability to commit up to 10% business travel