Information & Cyber Security Risk Specialist, Technology & Innovation
The Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank's data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the Office of the CISO serves as the second line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Framework and for instilling a culture of cyber security within the Bank. The Group CISO is responsible for ICS governance, strategy, policy, awareness, training, risk assessments, red teaming, third party security risk, industry partnerships, and regulatory engagement. In addition, the team of Information Security Officers (ISO) reports to the CISO and performs a pivotal role as an extension of the CISO in supporting the ICS risk management strategy, governance, advisory and assurance roles that face off to the Client Services, Regions, and Functions. The Office of the CISO is central to ensuring the Bank's ability to meet its ICS commitments to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board
We are seeking an experienced Information Security Officer or information and cyber security risk specialist to deliver activities to Technology & Innovation (T&I) related to Chief Information Security Officer's (CISO) second line responsibilities. This role within Group CISO plays an active part in the oversight of effective information and cyber security governance and risk management across the bank. The role engages with respective business unit's senior management (COOs, CIOs and Business Heads), T&I functional heads and staff, Security Technology Services (STS) staff, risk committees, and other stakeholders across the Bank. The role is expected to be an expert in key technology areas and have a general knowledge across technology in order to apply security effectively to SCB's technology use. The role will also specialise in key areas of security services to ensure they are effective within SCB. Successful candidates are expected to lead and deliver the following key activities:
Risk Management • Act as 2nd line of defence to key senior business stakeholders for information and cyber security matters • Perform information security risk assessments on function's assets, processes & projects, based on SCB's information and cyber security risk framework • Assess SCB's technology and associated practices to ensure they are being managed and operated in a secure manner consistent with SCB's policies and standards and international best practice • Assess STS technology and services offered to the Group to ensure they enable effective security and compliance to SCB policies and standards • Analyse KRIs and KCIS with a view to monitor trends while keeping risk appetite in sight. Support T&I and Functions in the implementation and use of ICS Risk Type Framework. • Make recommendations to improve the information security status within the function by understanding the function's business, products, organisation, processes and applications. • Work with the Governance team to establish an efficient and effective risk management function • Remain vigilant to Information and Cyber Security threats that may impact the function • Maintain oversight of Information and Cyber Security projects and initiatives for the function • Input intelligence and analysis into reports for the CISO group • Provide training to EXCO members within Functions and plan for staff targeted security awareness training. • Partner with Operational Risk teams during joint process review exercises.
Communicate and Collaborate • Build relationships and maintain coverage and regular communications within the function and Technology teams • Represent Group CISO at T&I and related Non-Financial Risk Committees and at other meetings required to carry out the role. Report risks and escalate significant risks to the Head of ISO /CISO for information or action. • Establish effective relationships with identified stakeholders across the Bank to gather changing business requirements and align it to information security strategic initiatives. • Provide business perspective and input into the Policy team to drive compliance with ICS policies, standards and guidelines across the Bank
Regulatory & Business Conduct • Display exemplary conduct and live by the Group's Values and Code of Conduct. • Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct. • Lead T&I and the Functions to achieve the outcomes set out in the Bank's Conduct Principles • Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
Key Stakeholders • Head of Information and Cyber Security for Technology & Innovation • Senior Managers within the Security Technology Services and wider T&I teams • CIO organisations across the bank and Functions COOs • Head, Information Security Officers • Head, ICS Governance • Head, ICS Policy • Key Business Stakeholders: Technology & Innovation • Senior Managers, Technology Services teams, including cloud • Senior Managers, Foundation Services (FSTS) • Senior Managers, T&I Risk and Governance
QUALIFICATIONS: Training, licenses, memberships and certifications • Minimum 10 years' experience in Information security or risk management, preferably in Banking and Financial services sector. • At least 5 years or more hands-on experience on information security risk assessments • Excellent senior stakeholder engagement and people management skills. • Bachelor Degree in Engineering, Computer Science/Information Technology or its equivalent. • Industry certifications will be a plus e.g. CISA, CISSP, CRISC and CISM. • Strong knowledge of security frameworks (COBIT, ISF, COSO), standards (ISO, NIST, CIS), information security principles and security architecture. • Excellent written, oral communication and reporting skills. • Proven ability to respond to complex challenges and provide direction which reflect a balanced view of the operation of the bank • Ability to both assess priorities and to focus on work in a structured fashion which delivers results • Sound judgement and anticipation • Strong integrity, independence and resilience
Technical Competencies Information and Cyber Security: Expert Risk Management: Expert Technology areas of expertise: Advanced Cloud security: Core
VALUED BEHAVIOURS Do the right thing: Be brave, be the change; Think client; Live with integrity Never Settle: Continuously improve and innovate; Simplify; Learn from your successes and failures Better together: See more in others; How can I help? Build for the long term
About Standard Chartered We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
Apply on company website