Head,Information & Cyber Security Risk Mgt Strategy
STANDARD CHARTERED BANK
Banking and Finance, Information Technology, Risk Management
Permanent, Full Time
S$15000 - S$30000
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
The Role Responsibilities
The Group Chief Information Security Risk Officer (CISRO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank’s data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the CISRO function serves as the second line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Framework and for instilling a culture of cyber security within the Bank. The CISRO is responsible for ICS governance, strategy, policy, risk assessments, red teaming, industry partnerships, and regulatory engagement. In addition, the team of Information Security Risk Officers (ISRO) reports to the CISRO and performs a pivotal role as an extension of the CISRO in supporting the ICS risk management strategy, governance, advisory and assurance roles that face off to the Client Services, Regions, and Functions. The CISRO is central to ensuring the Bank’s ability to meet its ICS commitments to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board.
The Head, ICS Risk Management Strategy is a permanent strategic role that requires strong business acumen, and detailed knowledge and experience developing ICS risk management frameworks and governance. This role owns the development and ongoing refinement of the strategy for the Group ICS Risk Management Framework. This role reports directly to the Global Head of ICS Risk Framework and Policy.
The primary purpose of this position is to create and implement an end-to-end (E2E) approach to ICS risk management, an essential and regulatory committed deliverable for 2021.
The successful candidate will work closely with the Global Head of ICS Risk Framework and Policy and 1LOD ICS teams to drive an aligned approach to risk management (including integration with Threat Index ).
At a high level, the resource will:
• Actively input into the creation of the new E2E approach, from conceptualisation to implementation;
• Ensure strong local stakeholder buy in and support;
• Ensure a successful roll-out in implementing the approach across the Group.
It is critical therefore, for the successful candidate to:
• Have a finely tuned understanding of the challenges of ICS risk management;
• Be responsive in a flexible and collaborative manner, addressing ICS as an identified “top risk” for the Bank;
• Possess knowledge and know-how in integrating an ICS Risk Framework with an existing Enterprise Risk Management Framework (ERMF);
• Have senior stakeholder engagement, liaison and negotiation experience, along with strong communication skills, and an ability to create a compelling, yet simplistic vision, for others to follow.
Head, ICS Risk Management Strategy
We are seeking an experienced Information and Cyber Security (ICS) Expert who will lead in the following areas:
• Support the Global Head of ICS Risk Framework and Policy, working in coordination with the Head of Policy & Standards, and Head of Risk Framework, in the transformation of the sub-function.
• Take key learnings from regulator findings, relating to ICS policy, standards, and the risk framework, to improve thematically the approach to ICS End to End Risk Management, ensuring it meets industry best practice.
• Ensure ICS End to End Risk Management approach is aligned to existing frameworks and programmes, including alignment and integration with the threat index (TI)
Risk Committee Input
• Support and embed practices for the effective and timely reporting to appropriate risk committees on the evolution and progress of ICS risk framework and regular status updates for reporting to the CISRO.
Stakeholder Management and Business Alignment
• Build trusted working relationships with other security functional heads, risk and compliance counterparts, and business unit stakeholders.
• Understand the impact of our deliverables on the business including ensuring a cost / benefit analysis is conducted to ensure service value add is understood.
People & Talent
• Ensure appropriate culture is established in the team, paying attention to diversity and inclusion, fairness and embody principles laid out in the CISRO Leadership Contract.
• Ensure the ICS risk management function and its component parts are adequately resourced, in line with headcount budgets and staffed by an appropriate number of competent staff.
• Exercise good people management in the areas of resourcing, talent development, performance management, learning and development and engagement.
• Establish constructive relationships with key stakeholders including
o Group CISRO team.
o Group CISO
o Head, ICS Governance, Risk and Policy.
o RMFI Programme Manager
o Enterprise architecture leads
o ICS TRP program Enterprise security architecture lead
o Group STS team
o Group Cyber Security Services Leader
o Global Head Technology Services Core Management
o Head, Information Security Risk Officers
o Key Business Stakeholders including: All CIOs; Business and Function COOs
o Head, Audit – Information Security & Cyber
o Head Operational Risk – Information Security & Cyber
o Group Risk and Compliance
• Actively participate in team’s lessons learned or experience sharing sessions.
Regulatory and Business Conduct
• Display exemplary conduct and live by the Group's Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
• Demonstrate leadership ability to ensure that the team achieves the outcomes set out in the Bank's Conduct Framework and Principles.
• Provide ongoing reporting of risk exposure into governance meetings and to key stakeholders and escalate any blockages to progress to ensure Group MT, R&C, and CISRO Scorecard objectives are met.
• Establish and ensure the operational controls in ICS Risk Reporting and Governance are documented, diligently followed and timely reported into Operational Risk framework.
• Perform other responsibilities assigned under Group, Country, Business or Functional policies and procedures
• Ability to create effective work relationships across functions & borders
• Understanding of the regulatory environment and developments related to the financial services industry
• Strong change management, stakeholder and relationship management experience, ideally from within financial services industry
• Sound knowledge of risk governance frameworks & processes
• Analytical / critical thinking skills
Qualifications & Skills
• 3 years’ experience in a similar role, responsible for the ICS risk framework strategy with 10 years of overall experience.
• 5 years’ experience in a senior director level role in ICS risk and/or governance
• At least one cyber security certification, CISM, CISSP or similar
• An understanding of high-level cyber threat scenarios and how they can contribute to the development of a threat focused cyber risk framework
• Politically aware, able to facilitate outcomes where priorities and personalities are in conflict.
• Ability to communicate and explain complicated risk issues to business stake holders in across the Bank in a simple and business-friendly way
• Ability to construct and produce complex risk reporting governance materials in a business-friendly way
• A self-starter, able to take initiation, to navigate within the approved parameters to work out a sensible and practical recommendation or decision
• Embrace the value of cultural diversity
Apply now to join the Bank for those with big career ambitions.
To view information on our benefits including our flexible working please visit our career pages. We welcome conversations on flexible working.
Closing on 11 Nov 2021orview more job listings from this company