About Standard Chartered We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
The Role Responsibilities
Business ICS Risk Manager will execute a robust and efficient plan to rollout ICS RTF by working with key stakeholders including COOs/CIOs direct teams, ICS RTF Implementation Programme teams, Office of the CISO and Security technology teams. The plan will incorporate digital footprint discovery, risk assessment, definition and implementation of controls as guided by the ICS RTF and tailored to the relevant areas.
Supporting the Head ICS RB in the implementation of the ICS Risk framework including working with stakeholders to identify, assess and rate the information assets, build out the risk profile per the framework, initiate risk assessments and put together treatment plans
Use qualitative and quantitative data sources to validate Key Control Domains (KCD) and associated controls, accelerate risk assessment process, validate business risk profile and develop action plans to remediate to bring ICS risk back into appetite.
Follow up on identified thematic cyber issues, develop processes to address issues from re-occurrence and ensure cyber hygiene across the whole portfolio
Provide regular status updates including progress, top risks and issues to the respective business forums for the relevant domains. Track RAG status, key milestones, risks, dependencies and issues
Interface into Technology forums to ensure security technologies are operating with input from business and be actively involved in the roadmap of these technologies by providing business input
Development of risk treatment plans for the assigned areas in conjunction with the business and technology teams. Interface with other areas to ensure dependencies are known and prioritised. Negotiate timelines to ensure proper remediation by maintaining support and organizational alignment
Adapt to emerging and horizon risks and address issues to maximize outcomes. Urgent and timely action for risks and issues which adversely impact cyber risk profiles
Re-planning and prioritising as required to maximise risk reduction
Coordinate and plan for cyber crisis management exercises, build response and recovery capabilities, workarounds, ensure up to data playbooks etc.
Assist with other cyber activities underway
Ensure effective prioritisation and application of industry best practice into the ICS RTF and ICS business risk
Identify changes to plan required in terms of additional components, reprioritisation to anticipate and respond to changes
Learn from the recent regional and global cyber events and build into strategy to address current and emerging risks
Maintain strong stakeholder engagement with other COO ICS teams, Chief Information Security Office teams, ICS RTF Implementation Programme teams and Security Technology teams
Establish and maintain working groups across domains to progress the framework roll out.
Escalate appropriately to ensure Head ICS PBWM is briefed and necessary decisions are made in a timely manner
Support the Head ICS RB on running periodic working groups and ensuring proper rollout of the ICS RTF
Assist with pulling together Risk papers going to various Risk committees within the business lines
Manage actions coming out of various risk and compliance forums
Manage the rollout of the ICS RTF professionally and efficiently, closely tracking timeline commitments for provision of information and action plans, and for validation of actions taken
Ensure adoption of security tooling and capability to address ICS risk tactically and strategically
Address and adopt response and recover capabilities and assist with cyber crisis management exercises, playbooks etc.
Regulatory and Business Conduct
Display exemplary conduct and live by the Group's Values, Valued Behaviours, and Code of Conduct
Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the Bank.
Effectively and collaboratively identify, escalate, mitigate, and resolve risk, conduct and compliance matters.
Risk, Governance and Control Heads for RB
ICS RTF Implementation Programme - Accountable Executive and teams
Chief Information Security Office and teams
Chief information Security Risk Office and teams
Security Technology Services and Cyber Security Services teams
Keep abreast of any new developments in the ICS risk frameworks globally, participate in industry and external discussions
Our Ideal Candidate
Experience working across multiple security frameworks (e.g. NIST, ISO 27001, PCI-DSS) and understanding and exposure to various regulatory requirements across global regulators (e.g. PRA, FCA, MAS, HKMA, RBI, NESA etc.)
Experience in deployment and successful roll-out of risk frameworks across businesses with global footprint
Experience in one or more key technology domains - Data Protection, Vulnerability and Compliance Management, Network security, Security Incident Management etc.
Experience in Cyber Crisis management, Response and Recovery activities
Excellent organisation and leadership skills with ability to manage multiple deadlines and effectively prioritise
Ability to work independently to effect change across the business lines and manage multiple deliverables simultaneously
Ability to execute on strategy with plan to influence senior stakeholders and decision makers to adopt cyber capabilities across their business lines
Proven ability to deliver complex, global, pan-bank initiatives by driving collaboration and participation across diverse set of stakeholders
Extensive experience within security or risk function, ideally gained in the financial industry
Knowledge of the Retail Banking businesses, markets and operations is desirable
Ability to foster positive relationships with internal and external stakeholders at appropriate level ensuring open cooperative environment
Stakeholder management, Negotiation skills, Conflict management, Decision-making and Team work
Possess one or more security certifications such as CISSP, CISA, CISM, CRISC, PCI-QSA, CSX etc.
Apply now to join the Bank for those with big career ambitions.
To view information on our benefits including our flexible working please visit our career pages . We welcome conversations on flexible working.