About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.The Role Responsibilities
The Group Chief Information Risk Security Officer (CISRO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank's data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the Office of the CISRO serves as the second line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk. The Group CISRO's responsibilities include ICS governance, policy, red teaming and industry partnerships. In addition, the team of Information Security Risk Officers (ISROs) reports to the CISRO and performs a pivotal role as an extension of the CISRO in supporting the ICS risk management to face off to the Client Services, Regions, and Functions. The Office of the CISRO is central to ensuring the Bank's ability to meet its ICS commitments to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board.Evolution in Third Party Security Risk Management
Specialist - Third Party Security Risk Oversight is a permanent role that requires knowledge in the ICS and supply chain management fields to deliver innovative assurance programmes that protect our people, assets and reputation and support colleagues to continuously improve the firm's Third Party Security Risk posture. The successful candidate will have a hard-working, can-do and collaborative attitude to provide thorough assurance and recording of assurance of Information and Cyber Security Third Party risk management. They will work collaboratively with their team members in the Third Party Security Risk Management Oversight team, particularly supporting the Head, Third Party Security Risk Management Oversight's priorities.
The role reports directly to the Head, Third Party Security Risk Oversight. The principal requirement of the role is to deliver risk assurance reviews on the Third Party Security Risk programme, record assurance activity ensuring it is compliant with relevant Bank processes.
It is essential that the role holder:
- has experience of working in third party security risk, preferably within Financial Services
- has information and cyber security experience
- has attention to detail and is a 'starter-finisher'.
It is desirable that the role holder:
- enjoys providing solutions to problems
- has worked in an assurance or audit function
- has experience managing multiple deadlines and projects simultaneously
- takes the initiative, prioritising and driving things forward personally
- is results-orientated, able to meet tight deadlines and work under pressure.
- is fully competent with Microsoft Office Suite.
The primary purpose of this position is to deliver of risk assurance reviews on the Third Party Security Risk programme and ensure they are compliant with standard operating policies, procedures and regulatory requirements.
The successful candidate will work closely with colleagues outside the team, including Supply Chain Management, Group CISRO, Group CISO, Heads of Information and Cyber Security, Information Security Risk Officers and Technology and Innovation as well as other key stakeholders to implement and monitor the Bank's positions on Third Party Security Risk.Processes and Risk Management
The major functional activities that the Specialist will lead are:
People and Talent
- Execute and deliver Third Party Risk Assurance reviews based on approved annual plan
- Ensure that Risk Assurance approach, plans and execution are compliant with standard operating policies and procedures, risk assurance standards and regulatory requirements
- Work closely with relevant CISO and CISRO colleagues to review any requests for dispensation to the Security Standards Schedule included in external contracts
- Monitor, track and report on Risk Assurance results to stakeholders, including Group Operational Risk (ORF), Third Party Security Risk Management and other relevant Risk & Governance teams
- Update and manage Risk Assurance working documents to record the control gaps and remediation activities and evidences to support outcomes of the Risk Assurance reviews
- Provide 2nd line support on Third Party Security Risk audit and regulatory requests / queries
- Provide support to the Head, Third Party Security Risk on the team's priorities.
- Demonstrate the appropriate Bank and CISRO culture and values in a new team
- Work in collaboration with internal and external partners to drive rapid, tangible outcomes
- Uphold and reinforce the independence of the second line ICS Risk function.
Regulatory & Business Conduct
- Contribute to and support colleagues in the formulation and assist in drafting as necessary Third Party Security Risk related security policies, standards, guidelines and procedures and answer ad-hoc security governance queries
- Regularly research evolving ICS-related Third Party Security Risk requirements and changes in the ICS landscape to relevant colleagues and business, regional, and/or functional units within the Bank to ensure integration into business processes and requirements.
- Display exemplary conduct and live by the Group's Values and Code of Conduct.
- Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
- Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
- Research and interpret global technical regulation and requirements.
- Group CISRO, Third Party Security Risk Oversight team
- Group CISO, Third Party Security Risk team
- Supply Chain Management
- ISROs and ISROs Functions
- Heads of Information and Cyber Security
- Group Operational Risk
Our Ideal Candidate
- Ensure that evolving regulations, policies and standards are monitored and incorporated into Bank policies and relevant risk frameworks.
- Perform other duties as assigned, including developing briefings and other materials for senior executives.
- Maintain sufficient and appropriate evidence of work performed for review by Group Internal Audit and others.
- Experience in Third Party Supply Chain Management
- Bachelor's Degree in Information Technology, Cybersecurity, Business Management, or other related discipline
- Professional certifications have an advantage (e.g., CISA, CISSP, CISM, ITIL, PMP)
- Experience in third party audits is a plus, but understanding of auditing standards, compliance, risk assessment and internal control frameworks is a requirement
- Competency with Microsoft Office Suite (Word, PowerPoint, Excel, Visio, SharePoint)
- Knowledge of security frameworks (COBIT, ISF, COSO), standards (ISO, NIST, CIS), information security principles, security architecture and regulatory requirements.
Apply now to join the Bank for those with big career ambitions.
To view information on our benefits including our flexible working please visit our . We welcome conversations on flexible working.