Information Security Manager ,Third Party Security Risk - Risk & Compliance

  • 85000
  • Kuala Lumpur, Malaysia
  • Permanent, Full time
  • Standard Chartered Global Business Services Sdn Bhd
  • 19 Jun 17

The Information Security Manager role sits within the Third Party Security Risk team. The main responsibilities will be to support the Head of Third Party Security Risk in delivering the third party security risk program through third party security reviews of service providers.

Key Roles & Responsibilities:

  • Interact with all levels of management within the Bank while performing third party security reviews of service providers across all of the Bank’s markets.
  • Effectively communicate and manage relationships with stakeholders globally.
  • Assist in ensuring compliance with relevant regulations covering third party security risk.
  • Maintain a register of third party security risks and ensure that deficiencies are mitigated.
  • Assist in ensuring compliance with relevant regulations covering third party security risk.
  • Diligently provide weekly and ad hoc reporting on status of reviews.
  • Support any training and awareness initiatives relating to third party security risk.

 

Qualifications & Skills:

  • Bachelor’s degree from an accredited college/university in an appropriate field.
  • Minimum 5 years or 8 years experience in auditing, preferably with Big 4 and/or Banking & Financial services experience.
  • Experience in third party audits is a plus, but understanding of auditing standards, compliance, risk assessment and internal control frameworks is a requirement.
  • Familiarity with working in a MNC or cross-cultural setting.
  • Excellent written and interpersonal skills.
  • Strong time management skills.
  • Ability to draft reports that clearly communicate observations and risks would be required.
  • Strong stakeholder engagement skills, and ability to interact at all levels across an organisation.
  • Strong audit project organisation and management skills.
  • Ability to multitask and ensure that all key priorities are delivered as per agreed timelines.
  • Knowledge of security frameworks (e.g. COBIT, ISF, COSO), standards (e.g. ISO, NIST, CIS), information security principles, security architecture and regulatory requirements will be a plus.
  • Competency with Microsoft Office Suite (Word, PowerPoint, Excel, Visio, SharePoint).