Leading the way in International Banking. We support the people and companies driving investment, trade and wealth creation across Asia, Africa and the Middle East. And our heritage and values are expressed in our brand promise - here for good.
The Group Chief Information Security Officer (CISO ) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank's data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the Office of the CISO serves as the second line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Framework and for instilling a culture of cyber security within the Bank. The Group CISO is responsible for ICS governance, strategy, policy, awareness, training, risk assessments, red teaming, third party security risk, industry partnerships, and regulatory engagement. In addition, a team of Information Security Officers (ISO) reports to the CISO and performs a pivotal role as an extension of the CISO in supporting the ICS risk management strategy, governance, advisory and assurance roles that face off to the Client Services, Regions, and Functions. The Office of the CISO is central to ensuring the Bank's ability to meet its ICS commitments to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board.
Senior Information Security Manager role sits within the Third Party Security Risk team. The main responsibilities will be to support the Head of Third Party Security Risk in delivering the third party security risk program within the Bank through efficient resource planning and allocation, forward planning of reviews, providing guidance to the team, and developing relationships with stakeholders and third parties across multiple regions.
Key Roles & Responsibilities:
Interact with all levels of management within the Bank while performing third party security reviews of vendors and outsourced service providers across all of the Bank's markets.
Effectively communicate and manage relationships with stakeholders globally.
Effectively communicate the security risks to internal and external stakeholders.
Manage team members to effectively perform third party security reviews, and ensure quality and timely execution.
Make timely and sound judgments, and identify clear solutions from broad, complex or ambiguous situations.
Provide coaching, support and career development to team members.
Assist in ensuring compliance with relevant regulations covering third party security risk.
Assist in the development of new/amended processes, innovative ways of working and reviewing risk and control assessments.
Assist in the forward planning and prioritisation of vendor assessments or requests from business stakeholders, and resource allocations.
Manage a register of third party security risks and ensure that deficiencies are mitigated.
Monitor and report on third party security risk compliance to stakeholders.
Remain current on industry trends and regulatory requirements related to third party information security
Support any training and awareness initiatives relating to third party security risk.
Qualifications & Skills:
Bachelor's degree from an accredited college/university in an appropriate field.
Professional auditing certification, e.g. CISA.
10 to 15 years experience in IT auditing, preferably with Big 4 and/or Banking & Financial services experience.
Experience in managing audit staff and complex audits.
Experience in third party audits or risk management is a plus, but understanding of auditing standards, compliance, risk assessment and internal control frameworks is a requirement.
Understanding of controls, regulatory and risk issues in a global financial institution.
Knowledge of key outsourcing regulatory requirements, e.g. MAS, HKMA, RBI.
Familiarity with working in a MNC or cross-cultural setting.
Excellent written and interpersonal skills.
Ability to draft reports that clearly communicate observations, risks and constructive action items would be required.
Strong stakeholder engagement skills, and ability to interact at all levels across an organisation.
Strong audit project organisation and management skills.
Knowledge of security frameworks (e.g. COBIT, ISF, COSO), standards (e.g. ISO, NIST, CIS), information security principles and security architecture.
Competency with Microsoft Office Suite.
If you're a bright mind with big ambitions, we'll actively encourage you to fulfil your potential. Thanks to our rich and varied international footprint, we can offer exciting opportunities working across different countries and cultures. Apply Now and take the next step in fulfilling your potential.
Relocation expenses are negotiable.
Internal Number: 6113158
About Standard Chartered Bank Malaysia Berhad
eFinancialCareers is a career site specializing in financial services.