About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base. The Role Responsibilities
The Group Chief Information Security Risk Officer (CISRO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank's data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the CISRO function serves as the second line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Framework and for instilling a culture of cyber security within the Bank. The Group CISRO is responsible for ICS governance, strategy, policy, risk assessments, industry partnerships, and regulatory engagement. In addition, the team of Information Security Risk Officers (ISRO) report to Global Head, Information Security Risk Officer and perform a pivotal role as an extension of the CISRO in supporting the ICS risk management strategy, governance, advisory and assurance roles that face off to the Client Services, Regions, and Functions. The Role
This specific role is a senior Band 5 role who will report directly to Global Head ISRO, Technology & Innovation and SC Ventures. The role provides independent ICS risk advice, oversight and thought leadership to support the successful execution of the T&I business operating plans and strategies. This includes oversight of the STS function within T&I which execute a significant number of Bank's cyber controls.
The role delivers services that continually monitor the ICS threat landscape, undertake constructive and robust oversight of the effectiveness of ICS controls and risk remediation strategies, and ensure accurate, insightful and transparent ICS risk reporting is provided to senior management to provide them appropriate assurance and confidence on the T&I ICS risk profile.
We are seeking an information and cyber security risk specialist to deliver a range of activities associated with the discharging of CISRO second line responsibilities. This role will have considerable engagement with all business units, risk committees, and other stakeholders across the bank, but especially those in T&I. The successful candidate will be expected to lead and deliver a range of complex activities in the following fields: Risk Management
- Support the assessment of ICS risk and reporting by T&I 1st line teams.
- Support the ISRO team in the use of the ICS RTF and other techniques from a 2nd line perspective.
- Raise visibility of ICS weaknesses to drive ICS improvements and uplift.
- Highlight gaps or control weaknesses against security standards and regulations in the key ICS domains (Identity Access Management (IAM), Application Security, Vulnerability Management, Malware Protection, Network Security, API security, Cloud and Container Security, Secure Configuration, Information Protection and others as applicable)
- Review the creation and tracking of risk mitigation plans calling out where these are ineffective or insufficiently followed.
- Perform thematic reviews as required by the ISRO team
- Assist with risk reviews within SC Ventures as requested.
- Work with teams within T&I and participate in work groups and other meetings to understand, advise and challenge on ICS matters
- Collaborate with and challenge Head of ICS in the preparation of Group ICS update for TNFRC using the material from ICS RTF profile and centrally produced by the CISRO Governance team.
- Report any ICS risks/issues during TNFRC which require attention and support
- Ensure consistency of reporting and production of high-quality documentation and materials.
- Provide recommendations and feedback to CISRO teams based on experience with T&I
- Strong technical knowledge in ICS controls domain - Identity Access Management (IAM), Application Security, Vulnerability Management, Security Monitoring, Malware Protection, Network Security, Cloud and Container environment, API security
VALUED BEHAVIOURSDo the right thing:
- Personal authority based on established trusted relationships and ability to provide advice and direction which is respected amongst peers
- Good knowledge of the businesses, markets and operations of Standard Chartered Bank and the policies, procedures and processes through which information and cyber security risks are addressed throughout the Group
- Proven ability to respond to complex challenges and deliver practical solutions and direction which reflect a balanced view of the operation of the bank
- Ability to both assess priorities and to focus on work in a structured fashion which delivers results
- Sound judgement and anticipation
- Strong integrity, independence and resilience
Be brave, be the change Think client Live with integrity Never Settle:
Continuously improve and innovate Simplify Learn from your successes and failures Better together:
See more in others How can I help Build for the long term Regulatory & Business Conduct
- Display exemplary conduct and live by the Group's Values and Code of Conduct.
- Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
- Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
- Group CISRO Leadership Team
- Group ISRO Leadership Team
- Group T&I Risk Management and Cloud Governance Heads and teams
- Global Head, Security Technology Services
- Group CISO
- Group T&I MT Leadership Team
- Head of ICS for T&I
- ISROs for SC Ventures, Functions, Businesses and Regions
- Other CISRO teams
- Group Internal Audit
Identified business stakeholders Our Ideal Candidate
- A degree in Information and Cyber Security or Technology or equivalent
- Professional Certifications such as CRISP, CISSP, CISA, CISM or equivalent is desirable
- Minimum 10 years experience in information security or risk management, preferably in Banking and Financial sector, with 5 years hands-on experience in information security risk assessments
- Strong knowledge of cybersecurity frameworks, standards and principles
- Strong technical knowledge on Security Monitoring, Security Analytics, Identity Access Management, Network Security, Data Privacy, Third Party risk, Application Security, Vulnerability management, Cloud and Container Security
- Must be a self-starter who is able to initiate and successfully drive initiatives to completion with little or no management supervision.
- Excellent written and oral communication and reporting skills
Apply now to join the Bank for those with big career ambitions.
To view information on our benefits including our flexible working please visit our . We welcome conversations on flexible working.