About Standard Chartered We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
Significant transformation is underway within the Operations function to rapidly improve the Group's Cyber, Data, Privacy and Automation control environment, along with digitization and innovation. With this, the first line of defence is being strengthened to:
Grow trust with clients and regulators by delivering best practice cybersecurity solutions and protecting data and privacy;
Provide cutting-edge technology for Artificial Intelligence, Robotics and Automation to improving Scalability, Efficiency and Time to Market;
Contribute to Client Journeys, by providing insights and analytics to steer the Bank and supply real time information for actionable measures; and
To support the Operations transformation agenda in growing trust with clients and regulators and maximizing risk reduction, resilience, policy and regulatory compliance, an Associate Director role has been created to champion risk and control within a number of technical control domains. The role holder will provide timely, expert advice, validation and assurance over the remediation of regulatory, audit and other third-party review findings and issues across Cyber, Data, Privacy and Automation. In addition, the role holder will support management when internal, external, third-party and regulatory audits are conducted.
Key responsibilities include:
Providing Expert Technical Advisory, Assessment and Assurance
Execute assessments or assurance against controls that underpin an organisation's Cyber/Information Security Management System including, but not limited to, the following domains: o Data protection; o Information loss prevention; o Information classification and handling; o Endpoint and network security; o Cryptography, PKI and centralized key management; o Application security; o Security Information and Event Management (SIEM); o Vulnerability management; and o Identity and access management;
Lead and execute deep-dive assurance testing over the organisation's third party cyber security assessments capability to ensure continuous effectiveness of design and operation.
Support sound security architecture and design.
Support and influence organisational alignment to security principles and best practise (i.e. ISO27001 and ISF Standards of Good Practice for Information Security.
Build effective relationships with leaders to facilitate: o The provision of timely, expert advice and assurance; o Partnerships with other functions to provide professional advice and assurance; o Grow trust with clients and regulators by delivering best practice cybersecurity solutions and protecting data and privacy; and o Provide cutting-edge technology for AI, Robotics and Automation for improving Scalability, Efficiency and Time to Market.
Drive the continuous improvement of the risk and control methodology, aligning to and avoiding duplication with key controls and control tests performed across other functions.
People and Talent
Provide proactive self-orienting and self-motivating leadership, and work with limited direction
Lead through example and build the appropriate culture and values. Set appropriate tone and expectations, and work in collaboration with risk and control partners.
Support liaison with Group Internal Audit, External Audit and any third party or regulatory inspections. This will include obtaining clarity of scope, defining engagement models, supporting business / function stakeholders throughout the processes and driving for clarity of issues and actions.
Adopt an anticipatory approach to risk assessment through stakeholder engagement and monitoring of the external environment.
Work with other control assurance teams to drive efficiency, effectiveness and reduce duplication.
Provide timely and accurate reporting to appropriate committees.
Ensure appropriate oversight and facilitate resolution of high impact risk and issues
Regulatory & Business Conduct
Display exemplary conduct and live by the Group's Values and Code of Conduct.
Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
Lead the COO Trust, Data and Automation team to achieve the outcomes set out in the Bank's Conduct Principles: The Right Environment.
Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
Head of Controls - Regulatory Attestations and Testing
Heads of Information & Cyber Security (HICS)
Security Technology Services MT
Technology Services MT
Our Ideal Candidate Required:
Bachelor / Honours Degree in Information Technology, Computer Science, Cyber Security or other technology related qualifications or 8-15 years of experience in cyber/IT security, technology audit or assurance, which must include some element of experience in a 'first line' security or assurance team.
Fluency in English.
Preferred (but not essential):
Background in the information and cyber security domain within international financial services organisations.
Demonstrated ability to support a 'first line' function in responding to external/regulatory audits.
Up to date with key regulation / developments in Information and Cyber Security Management Framework (including Technology Risk Management), Data, Privacy and Automation.
Experience in SWIFT, MAS TRM and PCI DSS attestations preferred.
Qualifications (i.e. CISSP, CCNA and CCNP).
A certification in security domain (i.e. CISA, CRISC).
Risk & control, assurance or audit experience.
Ability to challenge the status quo.
Ability to commit up to 10% business travel.
Excellent organisation skills with ability to manage multiple deadlines and effectively prioritise workload.
Strong interpersonal skills to foster positive relationships with internal and external stakeholders.
Highly effective oral and written communication skills, with an ability to influence and to gain the respect of senior stakeholders and peers.
Ability to exercise good judgment and objectivity.
Demonstrates ability to work with limited direction and multi-task without loss of quality.
Confident and courageous to raise/escalate issues in a pro-active, professional and timely manner.
Demonstrate understanding of and commitment to the Group's core values.
Apply now to join the Bank for those with big career ambitions.
To view information on our benefits including our flexible working please visit our career pages .