About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.The Role ResponsibilitiesStrategyThe Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank&rsquos data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function within the Group Chief Operating Officer (COO), Trust, Data & Resilience, the Group CISO serves as the first line of defence for operating ICS controls effectively and in accordance with the ICS Risk Framework and for practicing and promoting a culture of cyber security within the Bank. As such, the Group CISO is central to ensuring the Bank&rsquos ability to meet its ICS commitments to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the BoardThe main purpose will be to support the Head of COE Design under Centre of Excellence (COE) &ndash Third Party Security Risk (TPSR) function in ensuring Contract Owners and Contract Managers:
- Better understand the status of controls and risk for the Third Party
- Report Third Party status to HICS and NFRCs
- Enforce contractual obligations by the Third Party
- Increase the frequency of Third Party&rsquos engagement when the threat environment or status of the Third Party changes
- Utilize insight generated from continuous Monitoring capabilities
- Act as an advocate of good practice and &lsquogo to&rsquo for the stakeholders to ensure they understand their roles and responsibilities across the lifecycle of Third Party Security Assessment, Business Resilience and Data Privacy.
- Improved coverage and quality of assurance from Contract Manager for third party oversight (i.e. Service Review Meeting and Exit & Termination).
- Effectively communicate the security risks to internal and external stakeholders.
- Effectively communicate and manage relationships with stakeholders globally
- Diligently provide weekly and ad hoc reporting on the status of assessments and on-going requirements.
- Assist in the forward planning and prioritisation of vendor assessments or requests from business stakeholders, and resource allocations.
- Support and assist in third party program improvement initiatives.
- Support any training and awareness initiatives relating to third party security risk.
- Maintain a consolidated view of third party security risks and ensure that deficiencies are mitigated by stakeholders.
- Assist in ensuring compliance with relevant regulations covering third party security risk.
- Monitor and report on third party security risk compliance to stakeholders.
- Work with team members to effectively perform third party security risk assurance and ensure quality and timely execution.
- Remain current on industry trends and regulatory requirements related to third party information security.
Regulatory & Business Conduct
- Ensure robust governance over all activities, including maintaining audit trail, escalations and reporting.
- Display exemplary conduct and live by the Group&rsquos Values and Code of Conduct.
- Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
- Follow the Leadership of Global Head of TPSR to achieve the outcomes set out in the Bank&rsquos Conduct Principles: Fair Outcomes for Clients Effective Operation of Financial Markets, Financial Crime Prevention Creating the Right Environment.
- Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
- Global Head TPSR
- Group Supply Chain Management / Global Sourcing
- Business Unit stakeholders
- Group Compliance
- Group Legal
- Head of ICS Policy
- Information and Cyber Security Risk Officers
Our Ideal Candidate
- Embed &ldquoHere for Good&rdquo and Group&rsquos brand and values in the TPSR Team.
- Perform other responsibilities assigned under Group, Country, Business or Functional policies and procedures.
- Bachelor&rsquos degree from an accredited college/university in an appropriate field
- 8 &ndash 10 years experience in IT Service Management / Service Desk, preferably with Big 4 and/or Banking & financial services experience
- Experience in third party audits or risk management is a plus, but understanding of auditing standards, compliance, risk assessment and internal control frameworks is a requirement
- Familiarity with working in a multi-national company or cross-cultural setting
- Excellent written and interpersonal skills
- Strong time management skills
- Ability to draft reports that clearly communicate observations and risks would be required
- Strong stakeholder engagement skills, and ability to interact at all levels across an organisation
- Strong audit project organisation and management skills
- Ability to multitask and ensure that all key priorities are delivered as per agreed timelines
- Knowledge of security frameworks (e.g. COBIT, ISF, COSO), standards (e.g. ISO, NIST, CIS), information security principles, security architecture and regulatory requirements will be a plus
- Competency with Microsoft Office Suite (Word, PowerPoint, Excel, Visio, SharePoint)
Apply now to join the Bank for those with big career ambitions.
To view information on our benefits including our flexible working please visit our . We welcome conversations on flexible working.