Providing Expert Technical Advisory, Assessment and Assurance
Execute assessments or assurance against controls that underpin an organisation's Cyber/Information Security Management System including, but not limited to, the following domains: o Data protection; o Information loss prevention; o Information classification and handling; o Endpoint and network security; o Cryptography, PKI and centralized key management; o Application security; o Security Information and Event Management (SIEM); o Vulnerability management; and o Identity and access management;
Lead and execute deep-dive assurance testing over the organisation's third party cyber security assessments capability to ensure continuous effectiveness of design and operation.
Support sound security architecture and design.
Support and influence organisational alignment to security principles and best practise (i.e. ISO27001 and ISF Standards of Good Practice for Information Security.
Partnerships with other functions to provide professional advice and assurance;
Grow trust with clients and regulators by delivering best practice cybersecurity solutions and protecting data and privacy; and
Provide cutting-edge technology for AI, Robotics and Automation for improving Scalability, Efficiency and Time to Market.
Drive the continuous improvement of the risk and control methodology, aligning to and avoiding duplication with key controls and control tests performed across other functions.
Support liaison with Group Internal Audit, External Audit and any third party or regulatory inspections. This will include obtaining clarity of scope, defining engagement models, supporting business / function stakeholders throughout the processes and driving for clarity of issues and actions.
Adopt an anticipatory approach to risk assessment through stakeholder engagement and monitoring of the external environment.
Work with other control assurance teams to drive efficiency, effectiveness and reduce duplication.
Provide timely and accurate reporting to appropriate committees.
Ensure appropriate oversight and facilitate resolution of high impact risk and issues
Display exemplary conduct and live by the Group's Values and Code of Conduct.
Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
Bachelor / Honours Degree in Information Technology, Computer Science, Cyber Security or other technology related qualifications or 8-15 years of experience in cyber/IT security, technology audit or assurance, which must include some element of experience in a 'first line' security or assurance team.
Background in the information and cyber security domain within international financial services organisations.
Demonstrated ability to support a 'first line' function in responding to external/regulatory audits.
Up to date with key regulation / developments in Information and Cyber Security Management Framework (including Technology Risk Management), Data, Privacy and Automation.
Experience in SWIFT, MAS TRM and PCI DSS attestations preferred.
Qualifications (i.e. CISSP, CCNA and CCNP).
A certification in security domain (i.e. CISA, CRISC).
Risk & control, assurance or audit experience.
Ability to challenge the status quo.
Ability to commit up to 10% business travel.
Excellent organisation skills with ability to manage multiple deadlines and effectively prioritise workload.
Strong interpersonal skills to foster positive relationships with internal and external stakeholders.
Highly effective oral and written communication skills, with an ability to influence and to gain the respect of senior stakeholders and peers.
Ability to exercise good judgment and objectivity.
Demonstrates ability to work with limited direction and multi-task without loss of quality.
Confident and courageous to raise/escalate issues in a pro-active, professional and timely manner.
Demonstrate understanding of and commitment to the Group's core values. Interested candidates please email to email@example.com. Kalyn Kong (EA Reg no: R1110919) Company Reg No.: 201131609D, Licence No.: 11C4684