Information Security Manager, Third Party Security Risk

Information Security Manager, Third Party Security Risk

Standard Chartered
Malaysia
7-10 years
Not Specified

Job Description


About Standard Chartered 
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.  
To us, good performance is about much more than turning a profit.  It%27s about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good. 
We%27re committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.

The Role Responsibilities
The Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank’s data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function within the Group Chief Operating Officer (COO), Trust, Data %26amp; Resilience, the Group CISO serves as the first line of defence for operating ICS controls effectively and in accordance with the ICS Risk Framework and for practicing and promoting a culture of cyber security within the Bank. As such, the Group CISO is central to ensuring the Bank’s ability to meet its ICS commitments to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board.
The Senior Risk Manager - Assurance Management role sits within the Third Party Security Risk team. The main responsibility of the Senior Risk Manager - Assurance Management will be to support the Global Head of Third Party Security Risk in the execution and delivery of quality assurance reviews on the third party security risk program.
Key Responsibilities
  • Responsible for execution and delivery of QA reviews based on an approved annual QA plan
  • Ensure compliance with standard operating policies and procedures, quality management systems and regulatory requirements
  • Effectively communicate QA findings to internal and external assesors on a regular basis
  • Monitor and report on QA findings and third party security risk compliance to stakeholders
  • Update and manage QA working documents to record and track the control gaps and remediation activities to ensure that any deficiencies in the processes are mitigated
  • Act as an advisor on areas of improvements in the TPSA processes and operational efficiencies
  • Assist in the development of new/amended processes, innovative ways of working and reviewing risk and control assessments
  • Provide support on audit and regulatory requests / queries
  • Support any training and awareness initiatives relating to third party security risk 

Regulatory and Business Conduct
  • Display exemplary conduct and live by the Group%27s Values and Code of Conduct
  • Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct
  • Demonstrate leadership ability to ensure that the team achieves the outcomes set out in the Bank%27s Conduct Principles
  • Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters                                                                  

People and Talent (if applicable)
  • Provide mentoring and support as required across the team and CISO organisation

Our Ideal Candidate
Experience, Skills and Qualification
  • Bachelor’s degree from an accredited college/university in an appropriate field
  • Minimum 7 years’ experience in IT auditing and/or risk management, preferably with Big 4 and/or Banking %26amp; Financial services experience
  • Experience in third party audits is a plus, but understanding of auditing standards, compliance, risk assessment and internal control frameworks is a requirement
  • Strong senior stakeholder engagement skills
  • Industry certifications will be a plus e.g. CISA, CISSP, CRISC and CISM
  • Good knowledge of security frameworks (COBIT, ISF, COSO), standards (ISO, NIST, CIS), information security principles, security architecture and regulatory requirements
  • Excellent written, oral communication, reporting and presentation skills
  • Strong organisation skills, sound judgement and good critical thinking and analytical skills
  • Result-orientated, able to meet tight deadlines and work under pressure
  • Competency with Microsoft Office Suite (Word, PowerPoint, Excel, Visio, SharePoint)     

Apply now to join the Bank for those with big career ambitions. 
To view information on our benefits including our flexible working please visit our . We welcome conversations on flexible working.

Similar Jobs

Career Advice to Find Better