Associate Director, CSS Risk %26 Control

Associate Director, CSS Risk %26 Control

Standard Chartered
Malaysia
10-13 years
Not Specified

Job Description



About Standard Chartered 

We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.  
To us, good performance is about much more than turning a profit.  It%27s about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good. 
We%27re committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.

The Role Responsibilities
Risk and Control
  • To perform assigned risk and control work in information and cyber security space across the Group. This will entail working closely with team members on the assignment to assess key risk, key controls, identification of control gaps with remediation to address the risk, regulatory requirements and internal policies/standards (e.g. Operational Risk Framework, Information %26amp; Cyber Security Risk Framework)
  • To take responsibility for delivering high-quality assignment in an efficient and effective manner, within the given budget and timelines and in line with defined standards
  • To provide guidance and support to team members through technical/ product knowledge and expertise for their assignment relating to the individual’s area of responsibility
  • To provide good technical input and challenge on assignment in producing high quality output which address the risk
  • To oversee, track and validate all remediation completion to address the risk
  • To lead continuous monitoring of assigned focus areas, and to build and maintain engagement with domain management and internal stakeholders
  • To promote early identification and escalation of risks, issues, trends and developments to relevant domains
  • To support the consolidation of insightful risk posture of assigned focus area(s) through thematic and accurate risk profile and risk reporting including corelating relevant controls and associated risks/controls gaps (regulatory, internal and external audit issues, and self-identified gaps).
Audit Management (Regulatory, Internal and External Audits)

Together with the Heads and Risk Specialists in Domain:
  • To support audit engagement to better manage relationship with GIA Stakeholders
  • To facilitate all scheduled Audits end-to-end for Domain including status tracking, reporting and escalation
  • To effectively review and challenge RFIs requests and submissions
  • To identify potential gaps as part of the effective review and challenge of the submissions.
  • To support and facilitate the audit remediation lifecycle ensuring action plans resolve the root cause, quality ICPs and support GIA in issue validation activities (where applicable).
  • To provide ongoing reporting to Heads, Risk Owner, etc. on progress to date of Audit Issues and Remediation

Strategy
  • Support the Head where required, in the development and implementation of the risk assessment framework and/or standards
  • Support the Head to perform all assignments address the key risks identified in each domain and meet relevant regulatory and internal requirements and expectations
  • Support the Head to assess the risk and control environment to confirm that it remains relevant throughout the year as the risk profile of the business changes.  Propose changes as appropriate
  • Collaborate and work closely with team members to operate in line with the defined framework, standards, practice and remain close collaboration with stakeholders
  • Support the Head to identify and implement opportunities for cost savings and optimal productivity of risk and control environment assessment.

Stakeholder Management
  • Establish and maintain effective working relationships with the management of domains and internal stakeholders under the focus area(s) and responsibility. They include Security Domain Heads, Security Domain Risk Teams, Chief Information Security Office SMEs, T%26amp;I Risk and Control team, TS Risk %26amp; Control and Group Internal Audit.

People and Talent
  • Demonstrate proactivity and positive engagement during team sessions
  • Influence change within the department by highlighting potential enhancements
  • Identify and successfully complete key internal training for self-development
  • Support the Head to proactively spot talent for the function

Regulatory %26amp; Business Conduct
  • Display exemplary conduct and live by the Group’s Values and Code of Conduct.
  • Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
  • Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Other Responsibilities
  • Perform other responsibilities as assigned by the Head and/or Leads.

Our Ideal Candidate
  • In-depth understanding of cyber security risk management, processes and associated control requirements
  • Strong and impactful communicator, both within written and verbally, with ability to clearly articulate controls to be tested and risks identified to both internal and business stakeholders
  • Confident and courageous to raise and escalate ideas or concerns in a professional and timely manner
  • Knowledge of relevant industry technology and security standards (e.g. NIST, COBIT, etc.)
  • Proactive, self-directed and able to work with minimum supervision;
  • Knowledge of regulatory requirements and expectation (e.g. country technology risk guidelines/notice - MAS, HKMA PRA, FAC, SWIFT CSCF)
  • Exercise professional judgment, objectivity and discretion
  • Ability to build relationships, working within a global team.

The successful candidate should have at least 10 years of experience in Technology Risk Management, Information Security or other related roles. The preferred candidate will have an in-depth understanding of controls required to manage Information and Cyber Security risk and preferable experience with tools that have been used in the industry. Further, experience in Financial Services or other heavily regulated industries (e.g. Pharmaceuticals, Healthcare, etc.) is preferable. Clear, Concise and Articulate communication of complex and conceptual topics is required for success.
In addition, the following qualifications are preferred:
  • Relevant professional recognised industry certifications (e.g. CISSP, CISA, CISM, CRISC etc.)
  • SWIFT Certification (eg. SWIFTNet Security Officer)
  • Experience with audit, governance, risk or technology Implementation/operations
  • Process Design and Analysis
  • Data Analytics 

Apply now to join the Bank for those with big career ambitions. 
To view information on our benefits including our flexible working please visit our .

Similar Jobs

Career Advice to Find Better