Why work at Standard Chartered
Standard Chartered believe that every one of their colleagues plays a tangible role in delivering their purpose – Driving commerce and prosperity through our unique diversity. They all feel strongly about living their valued behaviours – Never settle, Doing the right thing, and Better together and their culture makes this organisation special. Standard Chartered Bank have always sought continuously to improve, to challenge themselves and to drive change within the industry, the world we live in, and with themselves to live up to their brand promise - to be Here for good.
The success of the Bank and the achievement of their business strategy hinges on the way they invest in, manage and organise their people, the employee experience they create and the culture they build. Standard Chartered are building a future ready workforce enabled by digital skills, organisational adaptability and leadership at every level. They are committed to creating an inclusive and flexible environment where their diverse talent feels able and inspired to make a meaningful contribution to the prosperity of our clients.
The Operation Risk Manager role is responsible for and has oversight responsibility over technology risk management, compliance assurance, audit management and remediation across the functions that have been assigned to the role. This role is key and responsible for continuing improvements in the function’s approach to risk identification, risk assessment, risk response and mitigation, risk monitoring and reporting, regulatory and audit engagement support and remediation within the relevant risk, compliance, security and assurance framework, policy, standards or processes of the Bank, as well as regulatory requirements and mandates.
- Advise the Technology Service Head in driving and supporting effective risk management and compliance with the prescribed operational risk management framework and info security risk sub-type framework, policies, standards and processes of the Bank
- Ensure proactive and adequate management of risk and timely risk mitigation. Support the implementation of controls to mitigate the risk
- Scope and plan domain or thematic risk and control reviews aligning with the function’s key performance objectives, audit themes and key risk areas (may include suppliers where appropriate)
- Review and agree changes and / or new KCI and KRI with ITO R&C / UORM
- Plan, drive and/or perform risk identification workshop and control adequacy review to identify risk, non-compliance, control gap, vulnerabilities and advise remediation, preventive, corrective controls to Service Head
- Ensure that the affected Domain (and units within) are sufficiently prepared for upcoming audits
- Serve as single point of contact to handle information request from, and provide responses to regulators, external or internal auditors. Attend audit meetings, calls and reviews.
Experience, Skills & Qualification:
- 3 years and above of experience in Operation or IT risk management preferably in either Banking and Financial services sector, global IT shared service organization, or IT audit organization
- Good understanding of controls in Technology Risk and experience with tools in the industry
- Good understanding of regulatory compliance, IT risk and controls, cyber security. Knowledge of approaches, tools, techniques for recognising, anticipating, and resolving operational or process problems
- Experience in engaging / managing technology audit engagement. Experience in management response to audit reports is an added advantage
- Minimum 2 years of working experience in audit and remediation
- Strong communication, people management capabilities. Confident and self-motivated leader with experience in effectively negotiating with and influencing others in a matrix environment
- Ability and confidence to operate across a wide range of seniority levels, functional divides, locations and businesses
- Ability to gather and analyse facts and data in complex, global environment, provide value-added management analyse, visualisation and recommendation to management, make quality judgement and support critical decision such as investment or risk response / treatment
- Possess a pro-active posture and committed to continuous improvement
- CRISC or CISA or CISM or CISSP certified is definite advantage
- Knowledge and experience with core infrastructure and security technologies such as vulnerability management, network management are an added advantage
- Bachelor Degree in Computer Science/Information Technology, Engineering, Finance or equivalent