Job Description

Job : Trust, Data & Resilience
Primary Location : Asia-Singapore-Singapore
Schedule : Full-time
Employee Status : Permanent
Posting Date : 26/Feb/2023, 9:36:29 PM
Unposting Date : 13/Mar/2023, 6:59:00 PM


Role Responsibilities

• The Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank\xe2\x80\x99s data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Technology, Operations and Transformation Officer, the Group CISO serves as the first line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Framework, Policy and Standard, and for instilling a culture of cyber security within the Bank.
• The Group CISO is central to ensuring the Bank\xe2\x80\x99s ability to meet its ICS commitment to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board, and that is supported by the ICS Risk & Control Function.
• The Head of TSRA Design & Support will lead and manage a pan-bank Threat Scenario-led Risk Assessment (TSRA), This includes creating and operationalising the supporting processes; Designing and implementing and maintaining TSRA methodology based on ICS RTF framework. Product owner the controls, metrics and Threat Libraries and relevant assessment toolkits; driving digitisation, automation, and innovation; collaborating with different stakeholders, ICS MT, Control Owners, Risk Managers, Cyber Functions and Board engagement, where needed.

The responsibilities include

• Design and implement an ICS Threat Led Risk Assessment process that aligns with industry best practices and regulatory requirements.
• Provide thought leadership for best-in-class design process, control standards and risk management to enable businesses to effectively assess their business assets and investment priorities.
• Provide clear communication of principles and concepts that are required to ensure successful adoption of the framework within the businesses and their processes.
• Provide solution mind-set to the strategic design and review of project deliverables as they relate to the control and risk framework to ensure the target operating model and infrastructure is best in class. Ensure that the approach taken recognises the context and objectives.
• Support the timely identification, assessment and prioritisation of potential cyber threats and vulnerabilities to the organisation.
• Provide training and guidance to colleagues on the risk assessment process.
• Collaborate with other teams within the organisation to ensure that risk assessments are integrated into overall security strategy.
• Stay informed of current cyber threats and trends and provide recommendations to management on how to mitigate them.
• This role reports directly to the Head of ICS Frameworks and Governance.

Strategy

• The Head of TSRA Design & Support is a global role that requires strong business acumen, good organisation, and leadership skills with ability to manage multi-disciplinary group, knowledge of Cyber Security, Risk Management, and process controls. The role requires a strategic mindset and strong execution driven skill to establish the pan-bank roadmap for the Threat Scenario-led Risk Assessment with alignment to the ICS Risk Strategy. Provide SME risk and control advice and guidance, as well providing a feedback loop to Framework, Policies and Standard owner.

Business

• The role will work closely with Group CISO, businesses and functions CISOs and ISROs within the bank to achieve the Group ICS strategy and objectives. The role will develop and support a pan-bank Cyber risk assessment based on TSRA and operate an TSRA operations function as part of Risk Management, by leveraging and driving digital solutions, including automation and data analytics, while eliminating manual attestations.

Processes

• TSRA Design & Delivery will
• Lead and own the TSRA Process and support pan-bank ICS Risk Assessment.
• Improve and optimise the TSRA methodology by leveraging and driving digital solutions, including automation and data analytics, while eliminating manual processes.
• Define, implement, and operate the TSRA Design & Delivery function.
• Establish, maintain, and refine the TSRA methodology through lesson-learned and incorporating industry practices and standards, where relevant.
• Build trusted working relationships with other security functional heads, CISOs, ISROs, CISRO, risk counterparts, business unit stakeholders, and Group Internal Audit and where needed.

People and Talent

• Build Collaboration: Lead through example and build the appropriate culture and values. Set appropriate tone and expectations for the team, and work in collaboration internally and externally.
• Develop Talent: Provide strong leadership, management and coaching, strengthen and uplift the skill set of the team, as required, through internal development and training. Facilitate on-the-job learning from current & previous experience by identifying and communicating transferable lessons, helping to embed these lessons and encouraging best practices.
• Employ, engage and retain high quality people and establish an appropriate team structure and capacity plans.
• Provide leadership guidance to the teams in the department.
• Set and monitor job descriptions and objectives for direct reports and provide feedback and rewards in line with their performance against those responsibilities and objectives.

Risk Management

• Work with other Risk and Controls teams to drive efficiency, effectiveness and reduce duplication.
• Work closely with senior stakeholders to drive an effective security risk management culture and compliance mindset.
• Liaise with Group Internal Audit, where needed.

Governance

• Provide timely and accurate reporting to appropriate committees (risk governance committees, QPR/MPR and associated Refinement Forums, where applicable).
• Support appropriate oversight and facilitate resolution of high impact risk and issues.

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group\xe2\x80\x99s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Lead the TSRA Design & Delivery to achieve the outcomes set out in the Bank\xe2\x80\x99s Conduct Principles. Fair Outcomes for Clients, Effective Financial Markets, Financial Crime Compliance, The Right Environment.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key Stakeholders

• Group Chief Information Security Officer (CISO)
• Group Chief Information Security Risk Officer (CISRO)
• Global Head of ICS Risk and Controls
• ICS Management Team Members
• Chief Information Security Officers (CISOs) across all businesses and functions
• Information Security Risk Officers across all businesses and functions
• COOs/CIOs of different businesses/functions
• ICS Risk and Control Leadership Team Members
• Group Internal Audit \xe2\x80\x93 Heads of Audit for TTO

Our Ideal Candidate

• 15 and more years of experience in Cyber Security, technology and ICS risk management, A proven track record of leading successful teams is priority.
• Strong analytical and program management skills. Ability to assess strategic priorities and to focus on detailed aspects of a program to drive effective delivery.
• Strong leadership, negotiation and collaboration skills, and ability to work effectively in a complex multicultural and multi-time zone organization.
• Knowledge of the businesses, markets and operations of Standard Chartered Bank and relevant policies, procedures, and processes have an added advantage.
• Excellent interpersonal skills to foster positive relationships with internal and external stakeholders.
• Thorough understanding of ICS business processes, risks, threats, internal controls, and experience with regulators and multi-stakeholder organisations.
• Ability to collect and analyse data and make recommendations in written and oral form.
• Strong ability to liaise with all parts of the Bank, including senior security, risk and business stakeholders.
• Highly effective oral and written communication skills, with an ability to influence and to gain the respect of senior stakeholders and peers. Fluency in business communication.
• Bachelor\xe2\x80\x99s Degree in Information Technology, Cybersecurity, Business Management, or other related discipline. Professional certifications have an advantage (e.g., CISA, CISSP, CISM, ITIL, PMP, CSM, CPO).
• Ability to commit up to 10% business travel.

Role Specific Technical Competencies

• Business Process Design
• Process Management
• ICS Risk Management
• Regulatory Environment \xe2\x80\x93 Financial Services
• Program Management

About Standard Chartered We\'re an international bank, nimble enough to act, big enough for impact. For more than 160 years, we\'ve worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you\'re looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can\'t wait to see the talents you can bring us.
Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you\'ll see how we value difference and advocate inclusion. Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations
• Time-off including annual, parental/maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum
• Flexible working options based around home and office locations, with flexible working patterns
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.

Recruitment assessments - some of our roles use assessments to help us understand how suitable you are for the role you\'ve applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process. Visit our careers website www.sc.com/careers

• Health insurance