About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It%26#39;s about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We%26#39;re committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.Overview
- The Risk Manager role is responsible for and has oversight responsibility over operational and IT risk management, compliance assurance, audit management and remediation across the domains that have been assigned to this role. This role is responsible for continuing improvements in the domain%26rsquo;s approach to risk identification, risk assessment, risk response and mitigation, risk monitoring and reporting, audit engagement support and remediation within the relevant risk, compliance, security and assurance framework, policy, standards or processes of the Bank, as well as regulatory requirements and mandates
- This risk and assurance role ensure a constant state of compliance, readiness and continuous improvement across process and systems, risk management and risk reduction, compliance, documentation and reporting.
- The Risk Manager role is responsible for and has oversight over Operational Risk management, control management and audit management across the function that has been assigned to the role.
The Role ResponsibilitiesRisk Management
- Advise the Technology Service Head in driving and directing effective risk management and compliance with the prescribed operational risk management framework and info security risk sub-type framework, policies, standards and processes of the Bank
- Ensure proactive and adequate management of risk and timely risk mitigation. Support the implementation of controls to mitigate the risk
- Report risk, compliance, audit and remediation performance and metrics to senior management to facilitate informed investment decisions and risk treatment decisions
- Promote risk awareness and compliance culture within the domain for all staff to proactively identify risk, assess risk and mitigate risk
- Manage stakeholders%26rsquo; expectations and influence stakeholders in understanding risk and impacts, threat and vulnerabilities of the Bank and priorities in remediation
- Drive the resolution of any contention including risk ownership, remediation issue or action ownership, scope creep that may arise
- Plan and drive thematic risk and control review aligning to the domain%26rsquo;s objectives, audit themes and key risk areas (include suppliers where appropriate)
- Plan and drive risk and control reviews on new and in-flight projects
- Provide advice to Domain Owners and Service Leads on risk remediation
- Track all material risks arising from the reviews and remediation action to reduce the risk
- Provide support and guidance on control design to Domain Owners, Process Owner and Service Leads.
- Review and agree changes and / or new KRI with T%26amp;I R%26amp;C and UORM
- Represent the Domain as the Single Point of Contact (SPoC) on internal and external audits
- Ensure that the affected Domain (and units within) are sufficiently prepared for upcoming audits
- Review adequacy of management response to audit findings
- Review progress and timely closure of audit findings
- Share thematic risk %26amp; audit findings across Domains and Units
- Stay current of regulatory requirements, threats and leading industry practice and advise Technology Service Head in risk management and control design
- Identify potential failure in process, advise and support risk treatment / mitigation.
- Provide support and guidance on control design to Process Owner, Domain Heads. Review and approve proposed addition of or change in controls
Review and agree changes and /or new KRI with T%26amp;I R%26amp;C and UORM
Advise on the design of key controls, key control indicator (KCI) and key risk indicators (KRI). Monitor and report on KCI and KRI as per metric defined
- Conduct control sample testing (CST) on key control to attest the control operating effectiveness (COE). Review trend analysis of exceptions and identify systemic failures. Identify material exceptions and escalate
- Review the adequacy and effectiveness of policies, standards, guidelines, process. Identify any material gaps, advice on control improvement
- Ensure Domain Risk Forum (DoRF) are conducted per Terms of Reference (ToR) including delivering the risk objectives, attendance of core members, agenda, frequency. Drive domain risk forum meetings. Provide challenge to ensure robust risk management
- Work with Awareness and Communication service unit to promote staff awareness on risk, compliance, audit support and remediation
- Plan, drive and/or perform control adequacy review to identify risk, non-compliance, control gap, vulnerabilities and advise remediation, preventive, corrective controls to Service Head
- Ensure that Management Team (MT) (and any other stakeholder as required) is kept aware of the key risk, control %26amp; audit issue of the Domain through periodical risk forum and reporting
- Prepare and provide management report on risk, compliance audit or remediation to MT, Risk Forum
- Ensure that all management information is produced in line with the defined schedule and quality and should support management decision and action
- Ensure integrity of source and the processing of data to deliver accurate representation in management information
- Serve as single point of contact to handle information request from, and provide responses to regulators, external or internal auditors. Attend audit meetings, clarification, review.
- Facilitate the review and verification on audit findings for accuracy, risk rating and remediation management action plans (MAP) with service owners
- Facilitate or mange the audit remediation to provide timely update on process and timely completion. Review remediation to ensure risks are significantly mitigated
- Manage stakeholder expectations and influence stakeholders in understanding risk and impacts, importance and priorities on threat and vulnerabilities of the Bank to be remediated, regulatory compliance gap to be addressed
- Attend to any issue contention and resolve them including remediation ownership contention, remediation scope screep or challenge arising that may delay the remediation closure
- SPoC for the Domain on any Risk, Control or Audit change initiatives from Group or Technology Governance
- Drive implementation and adoption of agreed initiatives across the Domain including communication, awareness and training
- Management Team, Network Services
- Service Heads and Process Owners within and outside the Domain
- Service Heads and Operation Risk Managers (ORMs) in other Domains (Cyber Security Services, Security Technology Services, Technology Operations, Platform and Cloud Services)
- Second Line (Group Operation Risk, Office of CISRO) for advice and guidance and steering with regards to group initiatives, risk identification, assessment, risk response, risk monitoring and reporting
- Technology, Countries and GBS Risk and Control teams
- Business and Country CIO and Risk and Control teams including Retail Banking, Corporate and Institutional Banking, Private and Wealth Management and Countries for relevant risk and controls
- Legal %26amp; Compliance for interpretation of and consultations on regulatory requirements, industry incidents, etc
- Process Governance team for process onboarding or refresh
- Group Internal Audit and external auditors on audit engagements
Our Ideal Candidate
- No weak risk management grading, and zero failed control design and operation effectiveness grading on internal audits.
- No unsatisfactory audit results by regulators and external auditors
- Effective and fit for purpose risk identification, assessment
- Effective control design and monitoring of operational risks at Functional level. No major audit issue raised due to control design ineffectiveness
- Timely reporting and escalation of high and very high operational risk and control failures
- Timely communication of changes to policies, standard, guideline, regulatory requirements from Country, Legal %26amp; Compliance and GOR
- Monitoring and adherence to timelines (target completion dates) on Risk %26amp; Control or Group initiatives
- Cross domain collaboration and leadership skills %26ndash; proactive engagement with stakeholders
- Succession planning
- Excellent written and oral communication skills.
- Experience in Operation or IT risk management in either Banking and Financial services sector, global IT shared service organization, or IT audit organization
- In-depth understanding of controls in Technology Risk and experience with tools in the industry on core infrastructure services
- Good understanding of regulatory compliance, IT risk and controls, cyber security. Knowledge of methods, tools, techniques for recognising, anticipating, and resolving operational or process problems
- Experience in engaging auditor and managing technology audit engagement. Experience in writing management response to audit issue
- hands-on experience in audit engagement and remediation
- Strong people management capabilities. Confident and self-motivated leader with experience in effectively negotiating with and influencing others in a matrix environment
- Ability and confidence to engage and drive risk objectives across a wide range of seniority levels, functional divides, locations and businesses
- Ability to gather and analyse facts and data in complex, global environment, provide value-added management analyse, visualisation and recommendation to management, make quality judgement and support critical decision such as investment or risk response / treatment
- Possess a pro-active posture and committed to continuous improvement
- CRISC or CISA or CISM or CISSP certified is definite advantage
- Knowledge and experience with core infrastructure, info and cyber security such as vulnerability management, identify and access management, commissioning and decommissioning, security monitoring are key advantage
- Bachelor Degree in Computer Science/Information Technology, Engineering, Finance or equivalent
- An in-depth understanding of controls required to manage Technology Risk and preferable experience with tools that have been used in the industry to do so
- An understanding of technology Project Lifecycle and the associated controls required through project delivery to manage and mitigate risk
- Knowledge of approaches, tools, techniques for recognising, anticipating, and resolving operational or process problems
- Confident and self-motivated leader with experience in effectively negotiating with and influencing others in a matrix environment
- Ability and confidence to operate across a wide range of seniority levels, functional divides, locations and businesses
- Good presentation skills
- Demonstrable analytical thinking
- Data analysis and reporting skills
- A team player who enjoys working with people on all levels as well as being able to work independently and under pressure to meet tight deadlines.
Apply now to join the Bank for those with big career ambitions.
To view information on our benefits including our flexible working please visit our . We welcome conversations on flexible working.