About Standard Chartered We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
The Role Responsibilities The Group Chief Information Security Risk Officer (CISRO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank's data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the CISRO function serves as the second line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Framework and for instilling a culture of cyber security within the Bank. The Group CISRO is responsible for ICS governance, strategy, policy, awareness, training, risk assessments, red teaming, third party security risk, industry partnerships, and regulatory engagement. This specific role is a senior role who will report directly to the Global Head, Information Security Risk Officer. This is a transformational ISRO leadership role with the accountability to support the continuous enhancement of the services (people, process, technology & governance) to deliver advanced 2LOD capabilities to identify, protect, detect and respond against sophisticated cyber threats. Strategy
The Head Information Security Risk Officer (ISRO) for Corporate, Commercial and Institutional Banking (CCIB), Europe and America's is a permanent role that requires strong business acumen and deep knowledge and experience in the ICS field. The successful candidate will have a strong understanding of operating in a second line capacity within an ICS or risk management organisation, and can respond flexibly and collaboratively to evolving business, regulatory and threat requirements. The role reports directly to the Global Head of the Information Security Risk Officers (ISRO) and is a key member of the ISRO Leadership Team. The role will work closely with the wider CISRO team and others to address ICS as a principal risk type for the Bank and support its integration into the Bank's overall Enterprise Risk Management strategy. The role will provide oversight of ICS risk management and control effectiveness as a risk partner to both CCIB business lines and the European and America's regions as defined in the Bank's ICS Risk Type Framework and under delegation from the Group CISRO.
The primary purpose of this position to ensure that the management of ICS risk is operating effectively and efficiently and to provide assurance that ICS risk is appropriately managed, specifically within the remit of CCIB businesses and Europe and the America's regions .
Lead and manage the effective delivery of high quality, cost effective, pragmatic and threat driven services.
Provide strategic ICS throught leadership to support the successful execution of the CCIB businesses and Europe and the America's regions strategies .
Demonstrate strategic though leadership for ICS risk and articulate a vision for a world class 2LOD ICS function.
Provides leadership and oversight, by setting the teams direction and implementing the strategy, deliverables and operating model of the function.
Drive continuous improvement and embrace new ways of working.
Provide oversight over security transformation projects to ensure they are meeting the risk reduction targets, business benefits, and maturity targets set out in the programmes.
Processes The major functional activities that the Head ISRO CCIB, Europe and America's will lead and manage are:
Delegation of Authority for ICS from the CISRO for CCIB, Europe and America's;
Providing oversight and challenge if required of 1st line ICS risk proposals and risk-taking activities to ensure they stay aligned with risk appetitie;
Monitoring of ICS risks and associated remediation plans across CCIB, Europe and America's using the CISRO Governance Risk Type Framework;
Ensuring the 1st line implement controls to comply with applicable laws and regulations as defined by the CISRO Policy team and escalate significant regulatory non-compliance matters and developments to the CISRO;
Promoting a healthy ISC risk culture and good conduct within CCIB, Europe and America's.
People and Talent
Lead through example and build the appropriate culture and values
Set appropriate tone and expectations from team and work in collaboration with risk and control partners.
Ensure the provision of ongoing training and development of people, and ensure that holders of all critical functions are suitably skilled and qualified for their roles ensuring that they have effective supervision in place to mitigate any risks
Employ, engage and retain high quality people, with succession planning for critical roles.
Responsibility to review team structure/capacity plans
Define an organization structure aligned and scaled to the risk control needs of the business.
Set and monitor job descriptions and objectives for direct reports and provide feedback and rewards in line with their performance against those responsibilities and objectives.
Uphold and reinforce the independence of the Risk function from those whose primary responsibility is to maximise short-term revenues and profits
Strong sense of personal ownership and responsibility in accomplishing the organisation's goal. Is confident and will roll-up his/her sleeves to drive success.
Able to get things done in a quick-paced environment. Be transparent and open around what works and what doesn't.
Experience in leading a geographically dispersed organization.
Deliver the defined parts of the Head ISRO for CCIB and Europe role, in order to support the Group's ICS security strategy and objectives
Ensure that the Head ISRO for CCIB, Europe and America's role is managed in accordance with the defined CISRO Governance Risk Type Framework and associated Policy and Standards; and that issues are identified, escalated, and addressed as appropriate
Manage the CCIB, Europe and America's ISRO team professionally and efficiently, ensuring all deliverables and commitments and delivered on time, to sufficient quality and risk expectations.
Lead through example and build the appropriate conduct, culture and values. Set appropriate tone and expectations from their team and work in collaboration with our partners across all lines of defence.
Establish strong ties into the relevant CCIB, Europe and America's governance, risk and control committees to ensure adequate tracking and governance of ICS risk.
Drive integration of ICS Risk Type Framework into CCIB, Europe and America's.
Provide accurate, insightful and transparent ICS risk reporting into CCIB, Europe and America's Non-Financial Risk Committees.`
Regulatory & Business Conduct
Display exemplary conduct and live by the Group's Values and Code of Conduct.
Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
Lead the CCIB, Europe and America's ISRO team to achieve the outcomes set out in the Bank's Conduct Principles
Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
Group CISRO Leadership Team
Group ISRO Leadership Team
Group CCIB, Europe and America's Leadership Teams
TDR MT & MT -1 Leadership Teams (CSS/HICS etc)
Global Head Security Technology Services
Group Internal Audit
Provide business experience and input into the ICS Policy team to drive compliance with ICS policies, standards and guidelines across CCIB, Europe and America's.
Establish strong relationships with identified stakeholders across CCIB, Europe and America's teams and understand their strategic goals in order to ensure ICS alignment
Be able to articulate the value of ICS controls and their bottom-line impact to CCIB, Europe and America's.
Prepare, present and challenge in a 2nd line capacity at relevant risk committees (Non-Financial Risk Committees, etc), steering groups and cross-business opportunities
Perform Delegation of Authority (DoA) responsibilities for CISRO as defined for CCIB, Europe and America's.
Measure efficient and effective management of ICS risk for CCIB, Europe and America's.
Validate the accuracy of KRI's and KCI's and other risk ratings, as well as process designs, to meet policy requirements
Ensure that Process Owners are escalating risk, control and process deficiencies appropriately in accordance with the relevant risk frameworks
Build trusted working relationships with other security functional heads, risk and compliance counterparts, and business unit stakeholders
Utilise appropriate risk management tool(s) to manage, track and monitor information and cyber security risks across CCIB, Europe and America's.
Maintain sufficient and appropriate evidence of work performed for review by Group Internal Audit and others
Monitor, assess and advise CCIB, Europe and America's on acceptable risk tolerances based on policy and control environment and the evolving regulatory and threat landscape.
Our Ideal Candidate
Proven experience of 10 years in an information security officer, senior governance and policy, ICS or Operational Risk or Audit role
Bachelor's Degree in Engineering, Computer Science, Information Technology, Cybersecurity, Business Management, or other related discipline.
Professional certifications are desirable (e.g., CRISC, CISA, CISSP, CISM, GIAC etc).
Thorough understanding of IT security business processes, risks, threats and internal controls.
Strong leadership, negotiation and collaboration skills, and ability to work effectively in a complex multicultural and multi-time zone organization.
Thorough understanding of IT security business process risks, threats and internal controls relevant for managing and mitigating these
Ability to collect and analyse data, establish facts and make recommendations based on sound risk mgmt principles.
Technical knowledge across a broad range of ICS capabilities including Cyber Defence, Security Monitoring, Analytics, DLP, Access mgmt, Cloud etc. etc.
A passion for keeping technical knowledge and skills upto date and horizon scanning new and emerging thematic risks from new technology or technology.
Strong knowledge of cyber security frameworks, information security principles, architecture.
Ability to articulate gross and residual risk with specific ability to clearly, concisely and accurately communicate complex technology and process risk to non-technical stakeholders in a lucid way.
Strong interpersonal and stakeholder management skills with experience across various levels in the organization including senior MD leadership teams, in influencing key decisions taken in the business and in support teams.
Proven experience of demonstrating resilience and having a strength of character.
Must be a self-starter who is able to initiate and successfully drive initiatives to completion with little or no management supervision.
Strong analytical skills and an ability to prioritise, make decisions, and work to tight timeframes.
Proven ability to lead highly complex, global activities through influence and credibility rather than command and control.
Apply now to join the Bank for those with big career ambitions.
To view information on our benefits including our flexible working please visit our career pages . We welcome conversations on flexible working.