Senior ICS Assurance Manager

Senior ICS Assurance Manager

Standard Chartered
Malaysia
Not Specified
Not Specified

Job Description


About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
Make an impact every day with Trust, Data and Resilience (TDR)
Our TDR team sits within the Group Operations function and is responsible for mission-critical areas including cyber, information, data, privacy and resilience. These are challenges that impact our clients globally. Our TDR team develops the platforms, drives the processes and builds partnerships to benefit millions of people every day. They thrive in providing solutions to complex issues, devote time and energy to designing new and innovative solutions, and all in an environment that demands being risk-aware, not risk-averse. TDR chooses progress over perfection and aims to always participate with a constructive purpose. The team makes an impact wherever they are based, be it in our offices around the world, our Global Business Solution centres in China, India, Malaysia and Poland, or even from our home.
Now you have an opportunity to make a meaningful impact with a diverse and passionate team of creators, innovators and achievers. With us, you'll learn, be inspired, and make an impact every day. The success of our work hinges on how we use the unique diversity of our people to realise the effects we seek to achieve: Always on. Always safe. Always Simple.
The Group Chief Information Security Officer (CISRO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank's data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the Group CISRO team serves as the second line of defence for assuring ICS controls are implemented effectively, in accordance with the ICS Risk Framework, and for instilling a culture of cyber security within the Bank. The Group CISRO is responsible for ICS governance, strategy, policy, awareness, training, risk assessments, cyber stress testing, third party security risk, industry partnerships, and regulatory engagement. The Group CISRO is central to ensuring the Bank's ability to meet its ICS commitments to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board.
Group CISRO Vision
'A Best in Class ICS risk function, continuously increasing ICS resilience and promoting client trust and stakeholder confidence'
Strategy
  • ICS Oversight, Challenge and Governance
  • Driving ICS Thought Leadership
  • Building Internal and External Partnerships
  • Innovation and Growth

Business
  • Provide ongoing reporting of deliverables (outcomes and recommendations) and schedule to key stakeholders in a timely manner. Timely escalation and reporting of issues to ensure that expectation management across the organisation is proactively carried out.
  • Develop knowledge base of ICS technical controls

Processes
  • Support the Head of Assurance and Attestation to design and implement the ICS testing methodology and ensure that the ICS testing deliverables meets the quality standards set out in the methodology.
  • Contribute in development of knowledge base of technical and operational controls for ICS assurance and attestation purpose

People & Talent
  • Establish constructive relationships with key stakeholders.
  • Actively participate in team's lessons learned or experience sharing sessions

Risk Management
  • Contribute to the team to ensure that all activities are in line with and support of the ICS principal risk type under the Bank's ERMF
  • Contribute to ICS indicator analysis to proactively identify technical problem areas
  • Contribute to the establishment of technical expertise/ knowledge base for operating control assessment

Governance
  • Ensure compliance with relevant operational risk controls.
  • Support the Global Head of Assurance and Testing to set up the annual plan and manage the execution of the plan to achieve the target on quality, timeline and budget.

Regulatory and Business Conduct
  • Display exemplary conduct and live by the Group's Values and Code of Conduct.
  • Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
  • Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key Stakeholders
  • Group CISRO team.
  • Group STS team.
  • Global Head Technology Services Core Management.
  • Head, Information Security Officers.
  • Head, ICS Governance, Risk and Policy.
  • Key Business Stakeholders including: All CIOs; Business and Function COOs.
  • Head, Audit - Information Security & Cyber.
  • Head Operational Risk - Information Security & Cyber.
  • Group Risk and Compliance

The Information & Cyber Security (ICS) Senior Assurance Manager is a permanent role with the following responsibilities:
  • Primarily responsible to effectively lead/perform ICS assurance activities
  • Identify gaps and recommend improvements to Bank's ICS controls
  • Plan and perform risk-based assessments on ICS domains
  • Contribute in the overall assurance plan as well as continuous review and improvements
  • Supports the end to end issue management process

Requirements:
  • Proven experience in cyber security testing/assessment, penetration testing, cyber security operations, cyber security audit or information security governance.
  • Thorough understanding of IT security business processes, risks, threats and internal controls.
  • Experience working in or with the financial services industry with keen understanding of business and operational environments. In-depth knowledge of payment security e.g. PCI DSS, SWIFT.
  • Strong knowledge of the cyber security threat landscape, businesses, markets and risk framework.
  • Good understanding of global legal, regulatory and industry regulations, frameworks and standards and the ability to adapt to the changes accordingly.
  • Able to communicate complex ICS risks/issues precisely and effectively.
  • Able to construct recommendations in a factual and persuasive manner. Excellent communication skills in both written and oral form.
  • Ability to empathise and collaborate with stakeholders across functions and at all levels of experience
  • Ability to look beyond individual issues to identify broader themes with wider-reach impact
  • Ability to both assess strategic priorities and to focus on detailed aspects of a function to drive effective delivery.
  • A big-picture thinker who is detail-oriented
  • Able to lead, guide, motivate team to meet goals and objectives
  • Comfortable with 'blank sheet of paper assignments'.

Apply now to join the Bank for those with big career ambitions.
To view information on our benefits including our flexible working please visit our . We welcome conversations on flexible working.

Job Details

Employment Types:

Function:

IT

Similar Jobs

People Also Considered

Career Advice to Find Better

Simple body text this will replace with orginal content