Reports to senior technology risk manager covering overall country information security management in country.
Co-ordinate, drive and direct effective compliance with group information security policies and regulatory guidelines.
Support to plan, develop, and execute security policies and procedures to provide proper authentication, authorizations, access and auditing of data and information assets.
Implement effective controls to minimize / mitigate the risks associated with information security.
Conduct information security awareness and education in country.
Understand regulatory requirements, identity the gaps and provide supports to fulfil regulatory requirements in technology risks management and information security.
Support internal audits, external audits and regulatory inspections for Technology and Information Security. Significantly contributes to the assessment of security and technology risks and internal controls.
Contributes to the development of security policies, frameworks, standards, controls, procedures and guidelines.
Participates in security operations activities; investigates incidents; reports non-compliance to policies and regulatory requirements.
Support technology UORM to support country technology management.
Leads specific projects, initiatives and tasks as guided or assigned from the technology senior management.
Play a key role in managing stakeholder relationships (including service delivery teams, technology domain teams and external vendors)
Key Roles and Responsibilities
To ensure delivery of information security management in line with bank technology strategy and business expectations.
Manage information security team resource to ensure delivery of information security management in line with bank strategy and business expectations.
Support ITO Governance & Control and Country Technology Management on interpretation and effective implementation on GIS policy & procedures.
Work with group and country technology teams, legal & compliance and audit teams on interpretation of regulatory requirements/guidelines and support country information security regulatory compliance.
Support ITO on interpretation and promotion of group information security and end user computing policies to country business and users for their awareness and self-compliance.
Drive and support in-country InfoSec programs including supporting applications/infrastructure development projects.
Work with group and local teams to support group & country information security related projects & initiatives.
Drive effective communications with users, peers and managements to promote information security related policies, processes and procedures.
Lead and drive information security and technology risks controls.
Complete accountability for the design, quality delivery and service establishment of all security assessments activities in China.
Engage with regulators to respond to formal inspections or ad-hoc reviews of information security practices.
Manage both internal and potentially external resources (onshore and offshore) in all business to ensure successful delivery of all day-to-day services and ongoing information security management program in line with strategy and business expectations.
Drive effective communications with users, peers and managements to promote technology and information security related policies, processes and procedures
14. Demonstrate leadership to manage technology risk team resources and develop skills & competencies
Qualifications and Skills
Bachelor's degree or higher in Computer Science, Information Systems or related field. Equivalent combination of education and experience is acceptable; solid Technology background, Information Security and project management background.
5 - 10 years of Technology management, Information Security, Technology Risk management and Audit experience, minimum 3+ years experience in management role to support business. Experience in banking industry is highly preferred but not mandatory.
Solid experience in system architecture, IT support & services operation management is required
Prior experience in and demonstrated level of expertise in evaluating, developing and operating specific security technologies.
Prior exposure to and demonstrated knowledge of operating procedures, service level agreements and customer support.
Prior experience in the use of and demonstrated knowledge of risk methodologies, governance and control frameworks, best practices.
A consulting mindset with experience in specific areas that highlight domain expertise.
Solid experience in engaging with regulator is highly preferred.
Experience in project planning and control techniques; competent in analytical skills; ability to work as a team member under broad guidance and minimal supervision; negotiate with peers in cross-functional teams with a focus on execution and timely delivery.
Experience developing and delivering presentations to various levels within an organization, including executive management.
Excellent communication and influencing skills in English and Chinese.
Strong interpersonal, oral and written communication skills. Ability to develop industry-standard procedures and effective presentations.
Strong knowledge of key issues regarding IT Security and Information Risk Management.
Ability to work independently and manage multiple competing priorities.
Team player and can work under pressure.
Diversity and Inclusion
Standard Chartered is committed to diversity and inclusion. We believe that a work environment which embraces diversity will enable us to get the best out of the broadest spectrum of people to sustain strong business performance and competitive advantage. By building an inclusive culture, each employee can develop a sense of belonging, and have the opportunity to maximise their personal potential.