The Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank's data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the Office of the CISO serves as the second line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Framework and for instilling a culture of cyber security within the Bank. The Group CISO is responsible for ICS governance, strategy, policy, awareness, training, risk assessments, red teaming, third party security risk, industry partnerships, and regulatory engagement. In addition, a team of Information Security Officers (ISO) reports to the CISO and performs a pivotal role as an extension of the CISO in supporting the ICS risk management strategy, governance, advisory and assurance roles that face off to the Client Services, Regions, and Functions. The Office of the CISO is central to ensuring the Bank's ability to meet its ICS commitments to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board.
Strategy The Information Security Officer (ISO) for Transaction Banking, Corporate, Commercial & Institutional Banking (CCIB) is a permanent role that requires strong business acumen and deep knowledge and experience in the ICS field. The successful candidate will have a strong understanding of operating in a second line capacity within an ICS or risk management organisation, and can respond flexibly and collaboratively to evolving business, regulatory and threat requirements.
The role reports directly to the Head, Information Security Officer for CCIB and will work closely with the office of the CISO to address ICS as a principal risk type for the Bank and support its integration into the Bank's overall Enterprise Risk Management strategy.
The role will provide oversight and challenge of ICS risk management and control effectiveness as a risk partner to Transaction Banking Business as defined in the Bank's ICS Risk Type Framework.
Business The primary purpose of this position is to ensure that the management of ICS risk is operating effectively and efficiently and to provide assurance that ICS risk is appropriately managed within the Transaction Banking business lines. The successful candidate will work closely with the Office of the CISO, the Security Technology Services, and the Transaction Banking business CROs, COOs, CIOs and Operational Risk Officers, as well as other key stakeholders to drive requirements and help set priorities for ICS strategy and investment based on acceptable risk tolerance and taking into account the evolving threat and regulatory landscape, policies and standards, and technology infrastructure.
Key Role and Responsibilities
Promote a healthy ICS risk culture and good conduct within the Transaction Banking business.
Establish strong relationships with identified stakeholders across the Transaction Banking business and understand their strategic goals, in order to ensure ICS alignment.
Articulate the value of ICS controls and their bottom line impact to client-facing business lines security and resiliency.
Monitor, assess and advise Transaction Banking business on acceptable risk tolerances based on policy and control environment and the evolving regulatory and threat landscape.
Utilise appropriate risk management tool(s) to manage, track and monitor ICS risks across the Transaction Banking business.
Validate the accuracy of KRI's and KCI's and other risk ratings, as well as process designs, to meet policy requirements.
Oversee and challenge 1st line ICS risk proposal and risk-taking activities for Transaction Banking business.
Maintain relationships with key service and product owners within Security Technology Services to keep abreast of changes that may affect Transaction Banking's risk landscape.
Oversee and challenge to ensure Transaction Banking projects with an ICS element are correctly managed via a formal secure development lifecycle.
Set appropriate tone and expectations from the ISO CCIB team and work in collaboration with risk and control partners.
Be the lead ISO to use the Risk Type Framework (RTF) (including supporting tools, processes and procedures) to ensure ICS-related risks in Transaction Banking are flagged and treatment plans are in place.
Identify root causes for common risks and work with Security Technology Services to ensure sustainable improvements are proposed and actioned.
Ensure risks are accurately reported to various stakeholders using available MI.
Support the Third-Party Security Assessment team during Transaction Banking's 3rd party reviews.
Qualifications & Skills:
Proven experience in an information security office, senior governance and policy, risk management, or audit role, preferably in the IT security field.
Strong knowledge of security frameworks (COBIT, ISF, COSO), standards (ISO, NIST, CIS), information security principles and security architecture.
Keen understanding of IT security business process risks, threats and internal controls in the Banking and Financial services sector.
Strong leadership, negotiation and collaboration skills, and ability to work effectively in a complex multicultural and multi-time zone organization.
Ability to liaise with all parts of the Bank, including senior security, risk and business stakeholders.
Excellent written, oral communication and reporting skills.
Ability to collect and analyse data, establish facts, and make recommendations in written and oral form.
Good knowledge of hardening guidelines for Operating Systems, Databases, Web Services and Network devices.
Bachelor's Degree in Engineering, Computer Science, Information Technology, Cybersecurity, Business Management, or other related discipline.
About Standard Chartered We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
Internal Number: 6496569
About Standard Chartered Bank
eFinancialCareers is a career site specializing in financial services.